Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mimetex-1.76/gfuntype.c
Examining data/mimetex-1.76/mimetex.c
Examining data/mimetex-1.76/texfonts.h
Examining data/mimetex-1.76/mimetex.h
Examining data/mimetex-1.76/gifsave.c
FINAL RESULTS:
data/mimetex-1.76/gfuntype.c:154:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'n': strcpy(fontname,argv[argnum]); break;
data/mimetex-1.76/gfuntype.c:422:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token,delim+strlen(keyword)); /* char num follows keyword */
data/mimetex-1.76/mimetex.c:2191:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy((char *)(rp->pixmap)+width1-1+space,(char *)((sp2->image)->pixmap));
data/mimetex-1.76/mimetex.c:3679:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msgfp!=NULL && msglevel>=999 ) { fprintf(msgfp, /* diagnostics */
data/mimetex-1.76/mimetex.c:3720:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel >= 999 ) { fprintf(fp, /* debugging diagnostics */
data/mimetex-1.76/mimetex.c:3988:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname,suffix[ptype]); /* so add extension */
data/mimetex-1.76/mimetex.c:3990:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdot,suffix[ptype]); /* so replace original extension */
data/mimetex-1.76/mimetex.c:4006:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,magic[ptype]); /* begin file with "magic number" */
data/mimetex-1.76/mimetex.c:4007:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,cr); /* followed by cr to end line */
data/mimetex-1.76/mimetex.c:4009:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,outfield); /* add width and height to header */
data/mimetex-1.76/mimetex.c:4010:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,cr); /* followed by cr to end line */
data/mimetex-1.76/mimetex.c:4013:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,outfield); /* add max value to header */
data/mimetex-1.76/mimetex.c:4014:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,cr); } /* followed by cr to end line */
data/mimetex-1.76/mimetex.c:4017:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file,outline); /* add header to caller's buffer */
data/mimetex-1.76/mimetex.c:4038:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,cr); /* add cr to end current line */
data/mimetex-1.76/mimetex.c:4040:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file,outline); /* add header to caller's buffer */
data/mimetex-1.76/mimetex.c:4049:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outline,outfield); /* concatanate value to line */
data/mimetex-1.76/mimetex.c:4257:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(field,"{ %2d, %3d,%2d,%2d, %s\n", /* format width,height,pixsz */
data/mimetex-1.76/mimetex.c:5014:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lcsymbol,defsym); /* local copy of symdefs[] symbol */
data/mimetex-1.76/mimetex.c:5493:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(ptoken,nextchar); /* append nextchar */
data/mimetex-1.76/mimetex.c:5608:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if ( isdelim ) strcat(subexpr,rightdelim); /* caller wants delims */
data/mimetex-1.76/mimetex.c:6008:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subexpr,pretext); /*so return extra params to caller*/
data/mimetex-1.76/mimetex.c:6406:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wstrwhite,args+embedlen+1); } } /*and set its whitespace arg*/
data/mimetex-1.76/mimetex.c:6428:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(abuff,latexsym); /* so get local copy */
data/mimetex-1.76/mimetex.c:6474:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(abuff,latexsym); /* so get local copy */
data/mimetex-1.76/mimetex.c:6491:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(argval,optarg); /* init with default value */
data/mimetex-1.76/mimetex.c:6511:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(password,argval); } /* save it for http_referer checks */
data/mimetex-1.76/mimetex.c:6586:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (open!=NULL) strcat(command,open); /* add open delim if needed */
data/mimetex-1.76/mimetex.c:6587:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,atopsym); /* add command with \atop */
data/mimetex-1.76/mimetex.c:6591:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,arg); /* concatanate {left-arg to \atop */
data/mimetex-1.76/mimetex.c:6598:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,arg); /* concatanate right-arg} */
data/mimetex-1.76/mimetex.c:6599:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (close!=NULL) strcat(command,close); /* add close delim if needed*/
data/mimetex-1.76/mimetex.c:6781:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whitespace,WHITEMATH); /*default if no user input for white*/
data/mimetex-1.76/mimetex.c:6784:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whitespace,white); /* so use caller's white spaces */
data/mimetex-1.76/mimetex.c:6790:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whitespace,WHITEMATH); } /* so revert back to default */
data/mimetex-1.76/mimetex.c:7532:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)args,argfld); /* so copy arg field there */
data/mimetex-1.76/mimetex.c:7536:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argptr,argfld); /* so copy arg field there */
data/mimetex-1.76/mimetex.c:8034:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(literal,strdetex(chartoken,0)); /* detex the token */
data/mimetex-1.76/mimetex.c:8060:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)((sp->image)->pixmap),symbol); /* copy symbol */
data/mimetex-1.76/mimetex.c:8191:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(noparens,expression); /* get local copy of expression */
data/mimetex-1.76/mimetex.c:8703:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(ldelim,ldelims[ildelim]); /* so just get a local copy */
data/mimetex-1.76/mimetex.c:8775:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(lrdelim,xto[ix]); /* replace with corresponding xto[]*/
data/mimetex-1.76/mimetex.c:10050:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(func,funcnames[mathfunc]); /* concat function name */
data/mimetex-1.76/mimetex.c:10058:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(func,funcarg); /* and \pmodargument */
data/mimetex-1.76/mimetex.c:10417:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(subexpr,name); /* followed by font name */
data/mimetex-1.76/mimetex.c:10419:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(subexpr,fontchars); /* followed by all the chars */
data/mimetex-1.76/mimetex.c:10453:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(subexpr,name); /* by prefixing it with font name */
data/mimetex-1.76/mimetex.c:10569:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(subexpr,delims); /* then add opening delim */
data/mimetex-1.76/mimetex.c:10652:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(subexpr,delims+1); } /* add appropriate closing delim */
data/mimetex-1.76/mimetex.c:12486:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ovalbuff,ovalexpr); /* save current ovalexpr */
data/mimetex-1.76/mimetex.c:12489:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ovalexpr,thisoval); } /* just copy \circle(,) directive */
data/mimetex-1.76/mimetex.c:12491:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ovalexpr,"\\compose{%s}{%s}",ovalbuff,thisoval); }
data/mimetex-1.76/mimetex.c:12500:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(composexpr,"\\compose{%s}{%.8000s}", ovalexpr,subexpr);
data/mimetex-1.76/mimetex.c:12613:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subexpr,reformat); } /*replace subexpr with reformatted*/
data/mimetex-1.76/mimetex.c:12699:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile,text); } /* so just copy it */
data/mimetex-1.76/mimetex.c:12708:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile,filename); /* so just copy it */
data/mimetex-1.76/mimetex.c:12710:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(text,filename); /* copy value to text line */
data/mimetex-1.76/mimetex.c:12731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tag,delim+1); } /* and stuff after : is tag */
data/mimetex-1.76/mimetex.c:12778:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(comment,commptr+1); /* comment follows : */
data/mimetex-1.76/mimetex.c:12780:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile,rasteditfilename(logfile)); /* edit log file name */
data/mimetex-1.76/mimetex.c:12813:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text,dbltoa(((double)counter),0)); /* comma-separated counter value */
data/mimetex-1.76/mimetex.c:12816:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text,ordinal[ordindex]); /* then st,nd,rd, or th */
data/mimetex-1.76/mimetex.c:12935:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( execwget, /* --- mathTeX webservice --- */
data/mimetex-1.76/mimetex.c:12941:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(execwget,mathtexpwd); /* then actual mathtex password */
data/mimetex-1.76/mimetex.c:12948:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command,execwget); /* shell command plus mimetex url */
data/mimetex-1.76/mimetex.c:12949:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,subexpr); /* followed by \mathtex{subexpr} */
data/mimetex-1.76/mimetex.c:12954:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command,plocalhost+strlen(localhost)); /*path follows localhost://*/
data/mimetex-1.76/mimetex.c:12956:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,subexpr); /* followed by \mathtex{subexpr} */
data/mimetex-1.76/mimetex.c:12960:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( (wget = popen(command,"r")) /* issue command and capture stdout*/
data/mimetex-1.76/mimetex.c:13027:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(today,timestamp(tzdelta,ifmt)); /* get timestamp */
data/mimetex-1.76/mimetex.c:13185:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(environstr+strlen(environstr), /* display environment string */
data/mimetex-1.76/mimetex.c:13352:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(filename,texfile); /* signal possible filename error */
data/mimetex-1.76/mimetex.c:13356:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,texfile); } /* replace caller's filename */
data/mimetex-1.76/mimetex.c:13400:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(editname,filename); /* init edited name as input name */
data/mimetex-1.76/mimetex.c:13469:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(value,"{\\normalsize\\rm[file %s?]}",texfile);
data/mimetex-1.76/mimetex.c:13479:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tag1,tag); strcat(tag2,tag); /* followed by caller's tag */
data/mimetex-1.76/mimetex.c:13479:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tag1,tag); strcat(tag2,tag); /* followed by caller's tag */
data/mimetex-1.76/mimetex.c:13504:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(value,text); /* concat line to end of value */
data/mimetex-1.76/mimetex.c:13575:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tag1,tag); strcat(tag2,tag); /* followed by caller's tag */
data/mimetex-1.76/mimetex.c:13575:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tag1,tag); strcat(tag2,tag); /* followed by caller's tag */
data/mimetex-1.76/mimetex.c:13607:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filebuff,tag1); /* add opening <tag> */
data/mimetex-1.76/mimetex.c:13608:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filebuff,value); /* then value */
data/mimetex-1.76/mimetex.c:13609:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filebuff,tag2); /* finally closing </tag> */
data/mimetex-1.76/mimetex.c:13616:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filebuff,value); /* then concatanate value */
data/mimetex-1.76/mimetex.c:13617:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filebuff,tag2); } /* and finally closing </tag> */
data/mimetex-1.76/mimetex.c:13626:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fbuff,tag1); /* set opening <tag> */
data/mimetex-1.76/mimetex.c:13627:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fbuff,value); /* then value */
data/mimetex-1.76/mimetex.c:13628:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fbuff,tag2); /* finally closing </tag> */
data/mimetex-1.76/mimetex.c:13648:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fbuff,tag); /* tag modified */
data/mimetex-1.76/mimetex.c:13650:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fbuff,timestamp(TZDELTA,0)); /* start with timestamp */
data/mimetex-1.76/mimetex.c:13713:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(calbuff,monthnames[month]); /* insert month name */
data/mimetex-1.76/mimetex.c:13716:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(calbuff,aval); /* add year */
data/mimetex-1.76/mimetex.c:13718:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(calbuff, /* now begin calendar arrayr */
data/mimetex-1.76/mimetex.c:13736:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(calbuff,aval); } /* add skip string to buffer */
data/mimetex-1.76/mimetex.c:13742:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(calbuff,aval); /* put in idd */
data/mimetex-1.76/mimetex.c:13745:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(calbuff,aval); /* so just put in idd */
data/mimetex-1.76/mimetex.c:13836:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%04d-%02d-%02d:%02d:%02d:%02d%s", year,month,day,
data/mimetex-1.76/mimetex.c:13840:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%s, %s %d, %d",
data/mimetex-1.76/mimetex.c:13844:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%s, %s %d, %d, %d:%02d:%02d%s",
data/mimetex-1.76/mimetex.c:13849:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%d:%02d:%02d%s",
data/mimetex-1.76/mimetex.c:14713:42: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel>=99 && msgfp!=NULL ) { fprintf(msgfp, /*diagnostic output*/
data/mimetex-1.76/mimetex.c:14890:42: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel>=99 && msgfp!=NULL ) { fprintf(msgfp, /*diagnostic output*/
data/mimetex-1.76/mimetex.c:15094:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel>=99 && msgfp!=NULL ) fprintf(msgfp, /* diagnostic output */
data/mimetex-1.76/mimetex.c:15165:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel>=99 && msgfp!=NULL ) fprintf(msgfp, /* diagnostic output */
data/mimetex-1.76/mimetex.c:15244:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel>=99 && msgfp!=NULL ) fprintf(msgfp, /* diagnostic output */
data/mimetex-1.76/mimetex.c:15324:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if ( msglevel>=99 && msgfp!=NULL ) fprintf(msgfp, /* diagnostic output */
data/mimetex-1.76/mimetex.c:16939:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(SYSTEM);
data/mimetex-1.76/mimetex.c:16957:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cachepath,CACHEPATH); /* relative path to cached files */
data/mimetex-1.76/mimetex.c:16984:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression, /* and give user an error message */
data/mimetex-1.76/mimetex.c:17090:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expression,instring); /* concat line to end of expression*/
data/mimetex-1.76/mimetex.c:17149:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if ( !isempty(cachepath) ) strcat(logfile,cachepath);
data/mimetex-1.76/mimetex.c:17150:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logfile,DUMPGIF); strcat(logfile,".txt");
data/mimetex-1.76/mimetex.c:17165:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile,argstring); } /* copy \logfile{filename} */
data/mimetex-1.76/mimetex.c:17181:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile,expression+8); /* interpret xxx in logfile=xxx$ */
data/mimetex-1.76/mimetex.c:17224:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,environ[i]); /* set up name for getenv() arg */
data/mimetex-1.76/mimetex.c:17286:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exprbuffer,invalid_referer_match); /* init error message */
data/mimetex-1.76/mimetex.c:17353:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exprbuffer,invalid_referer_match); /* init error message */
data/mimetex-1.76/mimetex.c:17403:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cachefile,cachepath); /* start with (relative) path */
data/mimetex-1.76/mimetex.c:17404:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cachefile,md5hash); /* add md5 hash of expression */
data/mimetex-1.76/mimetex.c:17422:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,cachepath); /* start with (relative) path */
data/mimetex-1.76/mimetex.c:17423:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename,cachelog); /* add cache log filename */
data/mimetex-1.76/mimetex.c:17477:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errormsg, /* init error message */
data/mimetex-1.76/mimetex.c:17481:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errormsg,strdetex(expression,0));/*add detexed expression to msg*/
data/mimetex-1.76/mimetex.c:18045:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dumpfile,cachefile);
data/mimetex-1.76/mimetex.c:18046:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dumpfile,"_"); strcat(dumpfile,DUMPGIF);
data/mimetex-1.76/mimetex.c:18155:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(adbuffer,message); /* copy message template to buffer */
data/mimetex-1.76/mimetex.c:18162:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression,adbuffer); /* expression now wrapped in ad */
data/mimetex-1.76/mimetex.c:12801:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
{ char *logval = getenv(logvars[ilog]); /*getenv(variable) to be logged*/
data/mimetex-1.76/mimetex.c:13236:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *http_host = getenv("HTTP_HOST"), /* http host for mimeTeX */
data/mimetex-1.76/mimetex.c:13237:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*server_name = getenv("SERVER_NAME"), /* server hosting mimeTeX */
data/mimetex-1.76/mimetex.c:16852:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *query = getenv("QUERY_STRING"); /* getenv("QUERY_STRING") result */
data/mimetex-1.76/mimetex.c:16884:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *http_referer = getenv("HTTP_REFERER"), /* referer using mimeTeX */
data/mimetex-1.76/mimetex.c:16885:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*remote_addr = getenv("REMOTE_ADDR"), /* ip address of referer */
data/mimetex-1.76/mimetex.c:16886:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*http_host = getenv("HTTP_HOST"), /* http host for mimeTeX */
data/mimetex-1.76/mimetex.c:16887:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*server_name = getenv("SERVER_NAME"), /* server hosting mimeTeX */
data/mimetex-1.76/mimetex.c:16979:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *host = getenv("HTTP_HOST"), /* additional getenv("") results */
data/mimetex-1.76/mimetex.c:16980:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*name = getenv("SERVER_NAME"), *addr = getenv("SERVER_ADDR");
data/mimetex-1.76/mimetex.c:16980:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*name = getenv("SERVER_NAME"), *addr = getenv("SERVER_ADDR");
data/mimetex-1.76/mimetex.c:17227:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv(name); } /* and look up name using getenv() */
data/mimetex-1.76/mimetex.c:17375:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(atoi(timestamp(TZDELTA,4))); /* init rand() with mmddhhmmss */
data/mimetex-1.76/mimetex.c:17956:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (value=getenv(logvars[ilog].name)) /* getenv(name) to be logged */
data/mimetex-1.76/gfuntype.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontname[99] = "noname", /* font name */
data/mimetex-1.76/gfuntype.c:149:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'g': gformat = atoi(argv[argnum]);
data/mimetex-1.76/gfuntype.c:152:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'u': isnoname = atoi(argv[argnum]); break;
data/mimetex-1.76/gfuntype.c:153:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': msglevel = atoi(argv[argnum]); break;
data/mimetex-1.76/gfuntype.c:180:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (infp = fopen(argv[inarg],"r")) == NULL ) /*try to open input file*/
data/mimetex-1.76/gfuntype.c:210:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (outfp = fopen(argv[outarg],"w")) == NULL ) /*try to open output file*/
data/mimetex-1.76/gfuntype.c:348:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flower[99] = "noname"; /* lowercase caller's fontname */
data/mimetex-1.76/gfuntype.c:407:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keyword[99]="beginning of char "; /*signals start of next char*/
data/mimetex-1.76/gfuntype.c:410:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[99]; /* token extracted from line */
data/mimetex-1.76/gfuntype.c:423:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
charnum = atoi(token); /* interpret token as integer charnum */
data/mimetex-1.76/gfuntype.c:428:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*location = atoi(line); } /* interpret location as integer */
data/mimetex-1.76/gfuntype.c:463:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bitvec[1024][128]; /* scan lines parsed up to 1024x1024 bits */
data/mimetex-1.76/gfuntype.c:472:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gfpixcount[2][65536]; /* .gf black/white flips (max=64K) */
data/mimetex-1.76/gfuntype.c:604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->pixmap,gfpixcount[iformat-2],minbytes); /*copy local counts*/
data/mimetex-1.76/gfuntype.c:659:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[99], *delim; /*(col,row) field and ptr to various delims*/
data/mimetex-1.76/gfuntype.c:681:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*col = atoi(field); /* so return it to him */
data/mimetex-1.76/gfuntype.c:683:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*row = atoi(delim+1); /* so return it to him */
data/mimetex-1.76/gfuntype.c:711:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048]; /* static buffer returned to caller */
data/mimetex-1.76/gifsave.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char contenttype[2048]; /* " content-type:, etc. buffer */
data/mimetex-1.76/gifsave.c:199:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ if ((OutFile = fopen(filename, "wb")) == NULL)
data/mimetex-1.76/gifsave.c:232:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(OutBuffer+gifSize,buf,len); } /* " */
data/mimetex-1.76/mimetex.c:836:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char password[128] = "\000"; /* user's \password{password} */
data/mimetex-1.76/mimetex.c:1013:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contenttype[2048] = "\000"; /* content-type:, etc buffer */
data/mimetex-1.76/mimetex.c:1047:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char optionalargs[10][128] = /* buffer for optional args */
data/mimetex-1.76/mimetex.c:1411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newrp->pixmap,rp->pixmap,nbytes); /* fill copied raster pixmap */
data/mimetex-1.76/mimetex.c:1444:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)newsp,(void *)sp,sizeof(subraster)); /* copy envelope */
data/mimetex-1.76/mimetex.c:2176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->pixmap,(sp1->image)->pixmap,width1-1); /*init left string*/
data/mimetex-1.76/mimetex.c:2504:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nosmashchars[64] = "-.,="; /* don't smash these leading chars */
data/mimetex-1.76/mimetex.c:2505:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *nosmashstrs[64] = { "\\frac", NULL }; /* or leading strings */
data/mimetex-1.76/mimetex.c:2506:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *grayspace[64] = { "\\tiny", "\\small", "\\normalsize",
data/mimetex-1.76/mimetex.c:2604:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char brace[16]; /*"{" for over, "}" for under, etc*/
data/mimetex-1.76/mimetex.c:3708:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char display_chars[16] = /* display chars for bytemap */
data/mimetex-1.76/mimetex.c:3710:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanline[133]; /* ascii image for one scan line */
data/mimetex-1.76/mimetex.c:3811:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanline[133]; /* ascii image for one scan line */
data/mimetex-1.76/mimetex.c:3852:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanbyte[32]; /* sprintf() buffer for byte */
data/mimetex-1.76/mimetex.c:3864:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scanbyte,"%*x ",max2(1,byte_width-1),byteval); /*hex-format*/
data/mimetex-1.76/mimetex.c:3865:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scanline+ibyte*byte_width,scanbyte,byte_width); } /*in line*/
data/mimetex-1.76/mimetex.c:3957:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outline[1024], outfield[256], /* output line, field */
data/mimetex-1.76/mimetex.c:3984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512], *pdot=NULL; /* file.ext, ptr to last . in fname*/
data/mimetex-1.76/mimetex.c:3991:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen(fname,mode[ptype])) /* open output file */
data/mimetex-1.76/mimetex.c:4008:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfield,"%d %d",rp->width,rp->height); /* format width and height */
data/mimetex-1.76/mimetex.c:4012:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(outfield,"%d",pixmax); /* format maximum pixel value */
data/mimetex-1.76/mimetex.c:4034:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfield,"%d ",pixval); } /* format pixel value */
data/mimetex-1.76/mimetex.c:4090:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fline[8192], /* fgets(fline,8190,fp) buffer */
data/mimetex-1.76/mimetex.c:4205:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[64]; /* field within output line */
data/mimetex-1.76/mimetex.c:4212:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field,"{ %3d,%5d,\n", cp->charnum,cp->location); /*char#,location*/
data/mimetex-1.76/mimetex.c:4215:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(field," %3d,%2d, %3d,%2d,\n", /* format... */
data/mimetex-1.76/mimetex.c:4250:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[64]; /* field within output line */
data/mimetex-1.76/mimetex.c:4251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typecast[64] = "(pixbyte *)"; /* type cast for pixmap string */
data/mimetex-1.76/mimetex.c:4298:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stub[64]=" ";/* col1 leading blanks */
data/mimetex-1.76/mimetex.c:4362:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256]; /* construct line with caller's fields */
data/mimetex-1.76/mimetex.c:4377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line+col1,string,fieldlen); /* embid string starting at col1 */
data/mimetex-1.76/mimetex.c:4385:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line+linelen-fieldlen,"/%c %.*s %c/", /* so embed it in line */
data/mimetex-1.76/mimetex.c:4959:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcsymbol[256], *symptr, /* lowercase symbol for comparison */
data/mimetex-1.76/mimetex.c:5489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nextchar[256]; int nextlen=0; /* texchar after prefix */
data/mimetex-1.76/mimetex.c:5577:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *leftptr, leftdelim[256] = "(\000", /* left( found in expression */
data/mimetex-1.76/mimetex.c:5729:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char left[16]="\\left", right[16]="\\right"; /* tex delimiters */
data/mimetex-1.76/mimetex.c:5785:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subexpr,expression,sublen); /* stuff between \left...\right */
data/mimetex-1.76/mimetex.c:5959:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretext[512], *prep=expression, /*pream from expression, ptr into it*/
data/mimetex-1.76/mimetex.c:5981:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pretext,expression,prelen); /* local copy of preamble */
data/mimetex-1.76/mimetex.c:5997:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sizevalue = atoi(prep); /* convert size string to integer */
data/mimetex-1.76/mimetex.c:6379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char embedkeywd[99] = "embed", /* keyword to signal embedded token*/
data/mimetex-1.76/mimetex.c:6386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuff[8192]; int iarg,nargs=0; /* macro expansion params */
data/mimetex-1.76/mimetex.c:6387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wstrwhite[99]; /* whitespace chars for strwstr() */
data/mimetex-1.76/mimetex.c:6397:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nargs = atoi(abuff); } /* interpret #args to numeric */
data/mimetex-1.76/mimetex.c:6451:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char anum[32]; /* chars comprising number after &# */
data/mimetex-1.76/mimetex.c:6464:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
htmlnum = atoi(anum); /* convert anum[] to an integer */
data/mimetex-1.76/mimetex.c:6484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argsignal[32] = "#1", /* #1...#9 signals arg replacement */
data/mimetex-1.76/mimetex.c:6513:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(argsignal,"#%d",iarg); /* #1...#9 signals argument */
data/mimetex-1.76/mimetex.c:6584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[8192], command[8192]; /* left/right args, new \atop{}{} */
data/mimetex-1.76/mimetex.c:6586:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open!=NULL) strcat(command,open); /* add open delim if needed */
data/mimetex-1.76/mimetex.c:6586:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open!=NULL) strcat(command,open); /* add open delim if needed */
data/mimetex-1.76/mimetex.c:6589:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg+1,leftbrace+1,leftlen); /* extract left-hand arg */
data/mimetex-1.76/mimetex.c:6592:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command,"}{"); /* close left-arg, open right-arg */
data/mimetex-1.76/mimetex.c:6593:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg,tokptr+atoplen,rightlen); /* right-hand arg */
data/mimetex-1.76/mimetex.c:6655:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from,to,tolen); /* chars moved into place */
data/mimetex-1.76/mimetex.c:6882:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[4096]; /* copy of s with no math chars */
data/mimetex-1.76/mimetex.c:7079:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(segment+seglen,ps,1); /* so copy non-reject char */
data/mimetex-1.76/mimetex.c:7120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snip[256], *snipptr = snippets, /* munge through each snippet */
data/mimetex-1.76/mimetex.c:7122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringcp[4096], *cp = stringcp; /*maybe lowercased copy of string*/
data/mimetex-1.76/mimetex.c:7146:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snip,snipptr,sniplen); /* local copy of snippet chars */
data/mimetex-1.76/mimetex.c:7223:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[2048] = "\000", /* copy term */
data/mimetex-1.76/mimetex.c:7307:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
termval = atoi(token); /* convert ascii-to-int */
data/mimetex-1.76/mimetex.c:7344:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seek[512], hide[512]; /* identifier arg, identifier in store */
data/mimetex-1.76/mimetex.c:7414:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argfld[512]; /* {arg} characters */
data/mimetex-1.76/mimetex.c:7425:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optionalargs[10][32];
data/mimetex-1.76/mimetex.c:7492:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argfld,plbrace+1,fldlen); /*copy field chars to local buffer*/
data/mimetex-1.76/mimetex.c:7515:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argfld,plbrace,fldlen); /*copy field chars to local buffer*/
data/mimetex-1.76/mimetex.c:7534:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argptr = ((char **)args)[karg]; /* arg ptr in array of ptrs */
data/mimetex-1.76/mimetex.c:7600:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qreject[256]="\000", *pq=qreject, *pr=reject; /*find "or' in reject*/
data/mimetex-1.76/mimetex.c:7641:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(segment+seglen,ps,copylen); } /* so copy non-reject chars */
data/mimetex-1.76/mimetex.c:7834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plusses[99] = "++++++++++++++++++++"; /* longest +++ string */
data/mimetex-1.76/mimetex.c:7895:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chartoken[MAXSUBXSZ+1], /**texsubexpr(),*/ /*get subexpr from expr*/
data/mimetex-1.76/mimetex.c:8012:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mathexpr,expression,exprlen); /*local copy of math expression*/
data/mimetex-1.76/mimetex.c:8023:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char literal[512] = "[?]"; /*display for unrecognized literal*/
data/mimetex-1.76/mimetex.c:8033:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(literal,"{\\rm~["); /* init error message token */
data/mimetex-1.76/mimetex.c:8035:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(literal,"?]}"); } /* add closing ? and brace */
data/mimetex-1.76/mimetex.c:8174:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[32], right[32]; /* parens enclosing expresion */
data/mimetex-1.76/mimetex.c:8175:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char noparens[MAXSUBXSZ+1]; /* get subexpr without parens */
data/mimetex-1.76/mimetex.c:8652:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char left[16]="\\left", right[16]="\\right"; /* tex delimiters */
data/mimetex-1.76/mimetex.c:8747:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subexpr,*expression,sublen); /* copy all remaining chars */
data/mimetex-1.76/mimetex.c:8751:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subexpr,*expression,sublen); /* copy chars preceding \right */
data/mimetex-1.76/mimetex.c:8964:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subexpr,exprptr,min2(sublen,MAXSUBXSZ)); /* get subexpression */
data/mimetex-1.76/mimetex.c:9105:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default: argvalue = atoi(valuearg); break; /* convert to int */
data/mimetex-1.76/mimetex.c:9146:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(valuearg,"%d",fontsize); /* convert size */
data/mimetex-1.76/mimetex.c:9150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*expression,valuearg,valuelen); } } /*and put in size*/
data/mimetex-1.76/mimetex.c:9826:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optarg[512]; /* buffer for optional \frac[arg] */
data/mimetex-1.76/mimetex.c:9835:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isfrac = atoi(semi+1); /* kludge for \frac[;0] = \atop */
data/mimetex-1.76/mimetex.c:9843:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vspace = atoi(optarg); /* convert optarg to vspace int */
data/mimetex-1.76/mimetex.c:10049:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(func,"{\\rm~"); /* init string with {\rm~ */
data/mimetex-1.76/mimetex.c:10056:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(func,"{\\({\\rm~mod}"); /* init with {\left({\rm~mod} */
data/mimetex-1.76/mimetex.c:10057:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(func,"\\hspace2"); /* concat space */
data/mimetex-1.76/mimetex.c:10059:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(func,"\\)}"); /* and add terminating \right)} */
data/mimetex-1.76/mimetex.c:10433:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(subexpr,"{\\rm~"); /* start off with opening {\rm */
data/mimetex-1.76/mimetex.c:10439:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"\\;"); } /* so respect whitespace */
data/mimetex-1.76/mimetex.c:10575:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(subexpr,"\\array{rcl$"); /* set default rcl for eqnarray */
data/mimetex-1.76/mimetex.c:10578:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(subexpr,"\\array{"); /*start with mimeTeX \array{ command*/
data/mimetex-1.76/mimetex.c:10587:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"\\array{"); /*start with mimeTeX \array{ command*/
data/mimetex-1.76/mimetex.c:10590:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"\\array{c$"); /* center equations */
data/mimetex-1.76/mimetex.c:10593:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"\\array{rclrclrclrclrclrcl$"); /* a&=b & c&=d & etc */
data/mimetex-1.76/mimetex.c:10596:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"{\\rm "); /* {\rm ...} */
data/mimetex-1.76/mimetex.c:10600:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"\\picture"); /* picture environment */
data/mimetex-1.76/mimetex.c:10608:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(subexpr,"\\array{ll$"); /* a&b \\ c&d etc */
data/mimetex-1.76/mimetex.c:10645:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subexpr+sublen,exprptr,envlen); /*concatanate environ after subexpr*/
data/mimetex-1.76/mimetex.c:10997:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tokptr,exprptr,subtoklen); /* copy {...} to accumulated token */
data/mimetex-1.76/mimetex.c:11030:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenexpr[128]; int len; /* chars between [...] as int */
data/mimetex-1.76/mimetex.c:11396:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = (preptr==NULL? 999 : atoi(preptr+1)); /*explicit num val or 999*/
data/mimetex-1.76/mimetex.c:12152:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
magstep = atoi(magexpr); /* convert {magstep} to int */
data/mimetex-1.76/mimetex.c:12231:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
axis = atoi(axisexpr); /* convert [axis] to int */
data/mimetex-1.76/mimetex.c:12315:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fsides = atoi(comma+1); /* interpret fsides after comma */
data/mimetex-1.76/mimetex.c:12352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char composexpr[8192]; /* compose subexpr with empty box */
data/mimetex-1.76/mimetex.c:12353:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(composexpr,"\\compose{\\hspace{%d}\\vspace{%d}}{%.8000s}",
data/mimetex-1.76/mimetex.c:12438:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( (novals=atoi(semi+1)) /* convert #ovals argument after ; */
data/mimetex-1.76/mimetex.c:12443:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdelta = wdelta = atoi(comma+1); /* init both wdelta,hdelta */
data/mimetex-1.76/mimetex.c:12445:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hdelta = atoi(comma2+1); /* so set hdelta separately */
data/mimetex-1.76/mimetex.c:12481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisoval[2048], /* oval to be nested with ovalexpr */
data/mimetex-1.76/mimetex.c:12487:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(thisoval,"\\circle(%d,%d)",thiswidth,thisheight); /*draw this oval*/
data/mimetex-1.76/mimetex.c:12555:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subexpr[MAXFILESZ+1] = "\000", /*concatanated lines from input file*/
data/mimetex-1.76/mimetex.c:12563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char argfld[MAXTOKNSZ+1]; /* optional argument field */
data/mimetex-1.76/mimetex.c:12619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(subexpr,
data/mimetex-1.76/mimetex.c:12672:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAXFILESZ] = "1_", /* only line in counter file without tags */
data/mimetex-1.76/mimetex.c:12736:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,
data/mimetex-1.76/mimetex.c:12764:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(text,"%d",counter); /*build image of incremented counter*/
data/mimetex-1.76/mimetex.c:12774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024] = "\000", /* embedded comment, logfile:comment*/
data/mimetex-1.76/mimetex.c:12783:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (logfp=fopen(logfile,"r")) == (FILE *)NULL ) /*doesn't already exist*/
data/mimetex-1.76/mimetex.c:12787:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (logfp = fopen(logfile,"a")) /* open logfile */
data/mimetex-1.76/mimetex.c:12815:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(text,"^{\\underline{\\rm~"); /* start with ^ and {\underline{\rm */
data/mimetex-1.76/mimetex.c:12817:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(text,"}}"); } /* finish with }} */
data/mimetex-1.76/mimetex.c:12870:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(subexpr,"%d",value); /* ascii version of value */
data/mimetex-1.76/mimetex.c:12920:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[2048], /* complete popen(command,"r") */
data/mimetex-1.76/mimetex.c:12940:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(execwget,"\\password{"); /* start with \password{ */
data/mimetex-1.76/mimetex.c:12955:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," \"\\pbm\\stdout "); /* start with "\pbm\stdout */
data/mimetex-1.76/mimetex.c:13019:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tzdelta = atoi(arg); /* so interpret arg as tzdelta */
data/mimetex-1.76/mimetex.c:13020:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else ifmt = atoi(arg); } /* else interpret args as ifmt */
data/mimetex-1.76/mimetex.c:13026:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(today,"\\text{"); /* rasterize timestamp as text */
data/mimetex-1.76/mimetex.c:13082:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
argval = atoi(arg); /* interpret arg as integer */
data/mimetex-1.76/mimetex.c:13134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char environstr[8192] = "\000", /* string for all environment vars */
data/mimetex-1.76/mimetex.c:13155:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wraplen = atoi(optarg); /* interpret \environment[wraplen] */
data/mimetex-1.76/mimetex.c:13163:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(environstr,
data/mimetex-1.76/mimetex.c:13171:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(environstr,"\\nocaching\\fbox{\\normalsize\\text{"); /*init string*/
data/mimetex-1.76/mimetex.c:13177:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(environvar,"..."); /* so add an ellipsis */
data/mimetex-1.76/mimetex.c:13192:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(environstr,"}}"); /* end {\text{...}} mode */
data/mimetex-1.76/mimetex.c:13230:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[4096];
data/mimetex-1.76/mimetex.c:13247:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imsg = atoi(amsg); /* interpret as an int */
data/mimetex-1.76/mimetex.c:13331:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texfile[2050] = "\000", /* local, edited copy of filename */
data/mimetex-1.76/mimetex.c:13350:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen(texfile,amode)) /* try opening given filename */
data/mimetex-1.76/mimetex.c:13353:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(texfile,".tex"); /* but first try adding .tex */
data/mimetex-1.76/mimetex.c:13354:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen(texfile,amode)) /* now try opening filename.tex */
data/mimetex-1.76/mimetex.c:13388:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char editname[2050]; /*edited filename returned to caller*/
data/mimetex-1.76/mimetex.c:13449:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texfile[1024] = "\000", /* local copy of input filename */
data/mimetex-1.76/mimetex.c:13451:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tagp, tag1[1024], tag2[1024]; /* left <tag> and right <tag/> */
data/mimetex-1.76/mimetex.c:13478:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(tag1,"<"); strcpy(tag2,"</"); /* begin with < and </ */
data/mimetex-1.76/mimetex.c:13545:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texfile[1024] = "\000", /* local copy of input filename */
data/mimetex-1.76/mimetex.c:13574:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tag1,"<"); strcpy(tag2,"</"); /* begin tags with < and </ */
data/mimetex-1.76/mimetex.c:13623:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char fbuff[4096]; /* field buff for <tag>value</tag> */
data/mimetex-1.76/mimetex.c:13647:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char fbuff[2048]; /* field buff <timestamp> value */
data/mimetex-1.76/mimetex.c:13649:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fbuff," modified at "); /* spacer */
data/mimetex-1.76/mimetex.c:13683:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char calbuff[4096]; /* calendar returned to caller */
data/mimetex-1.76/mimetex.c:13688:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aval[64]; /* ascii day or 4-digit year */
data/mimetex-1.76/mimetex.c:13711:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(calbuff,"{\\begin{gather}"); /* center `month year` above cal */
data/mimetex-1.76/mimetex.c:13712:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff,"\\small\\text{"); /* month set in roman */
data/mimetex-1.76/mimetex.c:13714:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff," }"); /* add a space */
data/mimetex-1.76/mimetex.c:13715:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aval,"%d",year); /* convert year to ascii */
data/mimetex-1.76/mimetex.c:13717:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff,"\\\\"); /* end top row */
data/mimetex-1.76/mimetex.c:13734:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(aval,"\\ &\\ &\\ &\\ &\\ &\\ &\\ &\\ &\\ &\\"); /*cells to skip*/
data/mimetex-1.76/mimetex.c:13738:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aval,"%d",idd); /* convert idd to ascii */
data/mimetex-1.76/mimetex.c:13741:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(calbuff,"{\\fs{-1}\\left\\langle "); /*emphasize, 1 size smaller*/
data/mimetex-1.76/mimetex.c:13743:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff,"\\right\\rangle}"); } /* finish emphasis */
data/mimetex-1.76/mimetex.c:13751:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff,"\\\\ \\hline"); } /* so start new week */
data/mimetex-1.76/mimetex.c:13753:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff,"\\\\ \\hline"); /* final underline at end-of-month */
data/mimetex-1.76/mimetex.c:13755:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calbuff,"\\end{array}\\end{gather}}"); /* terminate array */
data/mimetex-1.76/mimetex.c:13782:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timebuff[256]; /* date:time buffer back to caller */
data/mimetex-1.76/mimetex.c:13853:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timebuff,"%d%02d%02d%02d%02d",
data/mimetex-1.76/mimetex.c:14019:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[4096]; /* line-wrapped copy of s */
data/mimetex-1.76/mimetex.c:14021:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tab[32] = " "; /* tab string */
data/mimetex-1.76/mimetex.c:14085:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( finalnewline ) strcat(sbuff,"\\\\"); /* replace final newline */
data/mimetex-1.76/mimetex.c:14151:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pruned[2048]; /* pruned url returned to caller */
data/mimetex-1.76/mimetex.c:14273:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char finval[256]; /* buffer returned to caller */
data/mimetex-1.76/mimetex.c:14274:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char digittbl[32]="0123456789*"; /* table of ascii decimal digits */
data/mimetex-1.76/mimetex.c:14281:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[64]; int ndigits=0; /* all the digits [0]=least signif */
data/mimetex-1.76/mimetex.c:14326:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(finptr,"%0*d",npts,ifrac); /* convert to string */
data/mimetex-1.76/mimetex.c:14502:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adjmatrix[8]; /* adjacency "matrix" */
data/mimetex-1.76/mimetex.c:16588:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exprbuffer[4096]; /* local copy of expression */
data/mimetex-1.76/mimetex.c:16849:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exprbuffer[MAXEXPRSZ+1] = "f(x)=x^2"; /* input TeX expression */
data/mimetex-1.76/mimetex.c:16923:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[256] = LOGFILE, /*log queries if msglevel>=LOGLEVEL*/
data/mimetex-1.76/mimetex.c:17039:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( arglen > 1 ) pbmpgmtype = atoi(field+1); /* -g2==>type=2 */
data/mimetex-1.76/mimetex.c:17042:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': if ( argnum < argc ) msglevel = atoi(argv[argnum]); break;
data/mimetex-1.76/mimetex.c:17045:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': if ( argnum < argc ) size = atoi(argv[argnum]); break;
data/mimetex-1.76/mimetex.c:17082:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *infile = fopen(argv[infilearg],"r"); /* open input file for read */
data/mimetex-1.76/mimetex.c:17084:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char instring[MAXLINESZ+1]; /* line from file */
data/mimetex-1.76/mimetex.c:17147:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isdumpgif = atoi(argstring); /* interpret arg as isdumpgif value */
data/mimetex-1.76/mimetex.c:17150:32: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logfile,DUMPGIF); strcat(logfile,".txt");
data/mimetex-1.76/mimetex.c:17161:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msglevel = atoi(argstring); } /* interpret msglevel */
data/mimetex-1.76/mimetex.c:17173:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msglevel = atoi(expression+9); /* interpret ### in msglevel###$ */
data/mimetex-1.76/mimetex.c:17193:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (msgfp=fopen(logfile,"a")) /* open logfile for append */
data/mimetex-1.76/mimetex.c:17228:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(name,"NULL"); /* missing = delim in environ[i] */
data/mimetex-1.76/mimetex.c:17251:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expression,exprprefix,npref); /* copy prefix into expression */
data/mimetex-1.76/mimetex.c:17359:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(argstring,"isinvalidreferer=%d\n",isinvalidreferer);
data/mimetex-1.76/mimetex.c:17375:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srand(atoi(timestamp(TZDELTA,4))); /* init rand() with mmddhhmmss */
data/mimetex-1.76/mimetex.c:17405:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cachefile,".gif"); /* finish with .gif extension */
data/mimetex-1.76/mimetex.c:17420:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char filename[256]; /* construct cachepath/cachelog */
data/mimetex-1.76/mimetex.c:17424:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (filefp=fopen(filename,"a")) /* open cache logfile for append */
data/mimetex-1.76/mimetex.c:17476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errormsg[4096]; /* buffer for failed expression */
data/mimetex-1.76/mimetex.c:17480:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errormsg,"{\\rm\\hspace{10}{"); /*render expression as \rm*/
data/mimetex-1.76/mimetex.c:17482:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errormsg,"}\\hspace{10}}\\end{gather}}"); /* finish up */
data/mimetex-1.76/mimetex.c:17682:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( contenttype, "Cache-Control: max-age=%d\n", maxage );
data/mimetex-1.76/mimetex.c:17688:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( contenttype+strlen(contenttype),
data/mimetex-1.76/mimetex.c:17690:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( contenttype+strlen(contenttype),
data/mimetex-1.76/mimetex.c:17767:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE *dumpfp = fopen("mimetex.gif","wb"); /* dump to mimetex.gif */
data/mimetex-1.76/mimetex.c:17839:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5] = /* command line args to run with -e option */
data/mimetex-1.76/mimetex.c:17881:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcmonth[128]="\000"; int i=0; /* lowercase month */
data/mimetex-1.76/mimetex.c:17993:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MAXGIFSZ+1]; /* bytes from cachefile */
data/mimetex-1.76/mimetex.c:18044:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dumpfile[999]; FILE *dumpptr=NULL;
data/mimetex-1.76/mimetex.c:18047:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (dumpptr=fopen(dumpfile,"wb")) != NULL ) {
data/mimetex-1.76/mimetex.c:18076:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *cacheptr = fopen(cachefile,"rb"); /*open cachefile for binary read*/
data/mimetex-1.76/mimetex.c:18077:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cachebuff[64]; /* bytes from cachefile */
data/mimetex-1.76/mimetex.c:18100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+nbytes,cachebuff,nread); /* copy current block to buffer */
data/mimetex-1.76/mimetex.c:18145:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adbuffer[MAXEXPRSZ+2048]; /*construct wrapped expression here*/
data/mimetex-1.76/mimetex.c:18273:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char outstr[64];
data/mimetex-1.76/mimetex.c:18274:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/mimetex-1.76/mimetex.c:18281:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( outstr + j*2, "%02x", md5sum[j] );
data/mimetex-1.76/mimetex.c:18395:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy( (void *) (ctx->buffer + left),
data/mimetex-1.76/mimetex.c:18406:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/mimetex-1.76/gfuntype.c:359:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(flower) < 2 ) goto end_of_job; /* no lookup match possible */
data/mimetex-1.76/gfuntype.c:422:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(token,delim+strlen(keyword)); /* char num follows keyword */
data/mimetex-1.76/gfuntype.c:482:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int icol, ncols=strlen(line); /* line[] column index, #cols in line[] */
data/mimetex-1.76/gfuntype.c:484:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( memcmp(line,CORNER_STUB,strlen(CORNER_STUB)) == 0 ) /* corner line */
data/mimetex-1.76/gfuntype.c:669:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( memcmp(line,CORNER_STUB,strlen(CORNER_STUB)) != 0 ) /*not valid corner*/
data/mimetex-1.76/gfuntype.c:673:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(field,delim+1,10); /* extract next 10 chars */
data/mimetex-1.76/mimetex.c:1079:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define lastchar(s) (isempty(s)?'\000':*((s)+(strlen(s)-1)))
data/mimetex-1.76/mimetex.c:1084:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int thislen = strlen(thisstr); \
data/mimetex-1.76/mimetex.c:1096:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((target),thissource,(n)); \
data/mimetex-1.76/mimetex.c:1100:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int thislen3=strlen(s); \
data/mimetex-1.76/mimetex.c:1105:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sqlen=strlen((s))-strlen((t)); \
data/mimetex-1.76/mimetex.c:1105:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sqlen=strlen((s))-strlen((t)); \
data/mimetex-1.76/mimetex.c:2528:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp(term,token,strlen(token)) == 0 ) { /* found grayspace */
data/mimetex-1.76/mimetex.c:2529:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
term += strlen(token); /* skip past this grayspace token */
data/mimetex-1.76/mimetex.c:2548:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp(term,token,strlen(token)) == 0 ) { /* found a nosmashstr */
data/mimetex-1.76/mimetex.c:2689:33: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if ( accent == UNDERBRACE ) strcpy(brace,"}"); /* start with } brace */
data/mimetex-1.76/mimetex.c:2690:33: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if ( accent == OVERBRACE ) strcpy(brace,"{"); /* start with { brace */
data/mimetex-1.76/mimetex.c:2698:32: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if ( accent == HATACCENT ) strcpy(brace,"<"); /* start with < */
data/mimetex-1.76/mimetex.c:3728:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int width = strlen(string); /* #chars in ascii string */
data/mimetex-1.76/mimetex.c:3825:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ width = strlen((char *)bp); /* #chars in ascii string */
data/mimetex-1.76/mimetex.c:3985:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname,file,255); /* local copy of file name */
data/mimetex-1.76/mimetex.c:4021:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes += strlen(outline); /* bump output byte count */
data/mimetex-1.76/mimetex.c:4036:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outline)+strlen(outfield)+strlen(cr) >= maxlinelen /*won't fit*/
data/mimetex-1.76/mimetex.c:4036:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outline)+strlen(outfield)+strlen(cr) >= maxlinelen /*won't fit*/
data/mimetex-1.76/mimetex.c:4036:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outline)+strlen(outfield)+strlen(cr) >= maxlinelen /*won't fit*/
data/mimetex-1.76/mimetex.c:4044:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes += strlen(outline); /* bump output byte count */
data/mimetex-1.76/mimetex.c:4373:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ fieldlen = strlen(string); /* #cols required for string */
data/mimetex-1.76/mimetex.c:4381:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ fieldlen = 6 + strlen(comment); /* plus /star, star/, 2 spaces */
data/mimetex-1.76/mimetex.c:4509:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int symlen = strlen(symbol), /* length of input symbol */
data/mimetex-1.76/mimetex.c:4559:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symlen = strlen(symbol); /* reset symbol length */
data/mimetex-1.76/mimetex.c:4584:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (deflen=strlen(symdefs[idef].symbol)) < minlen ) /*new best match*/
data/mimetex-1.76/mimetex.c:4629:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int liglen = strlen(ligature); /* #chars remaining in expression */
data/mimetex-1.76/mimetex.c:4641:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int symlen = strlen(symbol); /* #chars in symbol */
data/mimetex-1.76/mimetex.c:4718:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(symptr) >= 4 ) /* but followed by at least 3 chars */
data/mimetex-1.76/mimetex.c:4961:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int symlen = (symbol==NULL?0:strlen(symbol)), /* #chars in caller's sym*/
data/mimetex-1.76/mimetex.c:4997:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symlen = strlen(unescsymbol); /* explicitly recalculate length */
data/mimetex-1.76/mimetex.c:5020:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
deflen = strlen(lcsymbol); /* #chars in symbol we're checking */
data/mimetex-1.76/mimetex.c:5492:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (nextlen = strlen(nextchar)) > 0 ) /* #chars in nextchar */
data/mimetex-1.76/mimetex.c:5494:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptoken += strlen(nextchar); /* point to null terminator*/
data/mimetex-1.76/mimetex.c:5495:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esclen += strlen(nextchar); } /* and bump escape length */
data/mimetex-1.76/mimetex.c:5757:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pleft += strlen(left); /* push ptr past \left token */
data/mimetex-1.76/mimetex.c:5760:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (pright=strtexchr(pright+strlen(right),right)) /* find next \right */
data/mimetex-1.76/mimetex.c:5767:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pright += strlen(right); } /* so push pright past \right */
data/mimetex-1.76/mimetex.c:5774:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(rdelim,"."); /* set default \right. */
data/mimetex-1.76/mimetex.c:5775:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(expression); /* use entire remaining expression */
data/mimetex-1.76/mimetex.c:5780:30: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if ( *rdelim == '\000' ) strcpy(rdelim,"."); } } /* or set \right. */
data/mimetex-1.76/mimetex.c:6018:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int explen = strlen(prep)-1; /* index of last char in expression*/
data/mimetex-1.76/mimetex.c:6348:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expptr = leftptr+strlen(leftcomment); /* start rightcomment search here */
data/mimetex-1.76/mimetex.c:6353:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ tokptr += strlen(rightsym); /* first char after rightcomment */
data/mimetex-1.76/mimetex.c:6372:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int htmllen = strlen(htmlsym); /* length of escape, _without_ ; */
data/mimetex-1.76/mimetex.c:6381:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int embedlen = strlen(embedkeywd); /* #chars in embedkeywd */
data/mimetex-1.76/mimetex.c:6389:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
htmllen = strlen(htmlsym); /* reset length of html token */
data/mimetex-1.76/mimetex.c:6399:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int arglen = strlen(args); /* length of "embed..." string */
data/mimetex-1.76/mimetex.c:6503:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strchange(0,argval+strlen(argval)-1,"\\right"); } }/*\right*/
data/mimetex-1.76/mimetex.c:6515:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{strsqueeze(argsigptr,strlen(argsignal));} /* can't be in argval */
data/mimetex-1.76/mimetex.c:6517:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strchange(strlen(argsignal),argsigptr,argval); /*replaced by argval*/
data/mimetex-1.76/mimetex.c:6522:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expptr = tokptr + strlen(abuff); /*resume search after macro / html*/
data/mimetex-1.76/mimetex.c:6547:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int symlen = strlen(lrsym); /* #chars in delim, e.g., 2 for \| */
data/mimetex-1.76/mimetex.c:6562:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int atoplen = strlen(atopsym); /* #chars in \atop */
data/mimetex-1.76/mimetex.c:6601:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expptr = leftbrace+strlen(command); /*resume search past \atop{}{}*/
data/mimetex-1.76/mimetex.c:6640:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tolen = (to==NULL?0:strlen(to)), /* #chars in replacement string */
data/mimetex-1.76/mimetex.c:6648:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ char *pfrom = from+strlen(from); /* ptr to null terminating from */
data/mimetex-1.76/mimetex.c:6685:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fromlen = (from==NULL?0:strlen(from)), /* #chars to be replaced */
data/mimetex-1.76/mimetex.c:6686:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tolen = (to==NULL?0:strlen(to)); /* #chars in replacement string */
data/mimetex-1.76/mimetex.c:6936:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int texchrlen = (texchr==NULL?0:strlen(texchr)); /* #chars in texchr */
data/mimetex-1.76/mimetex.c:7288:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int toklen = strlen(token); /* total #chars in token */
data/mimetex-1.76/mimetex.c:7444:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !isalpha((int)(directive[strlen(directive)-1])) )isdalpha=0;/*not alpha*/
data/mimetex-1.76/mimetex.c:7454:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plast = pfirst + strlen(directive); /*ptr to fist char past directive*/
data/mimetex-1.76/mimetex.c:7788:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int urllen = strlen(url); /* total length of url string */
data/mimetex-1.76/mimetex.c:7816:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psearch += strlen(searchfor[isearch]); } /*resume search after it*/
data/mimetex-1.76/mimetex.c:8008:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exprlen = strlen(expression); /* just assume entire expression */
data/mimetex-1.76/mimetex.c:8048:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expression = subexprptr + strlen(symdef->symbol); /*push past it*/
data/mimetex-1.76/mimetex.c:8053:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int symlen = (symbol!=NULL?strlen(symbol):0); /*#chars in symbol*/
data/mimetex-1.76/mimetex.c:8170:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int explen = strlen(expression); /* total #chars, including parens */
data/mimetex-1.76/mimetex.c:8301:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (toklen=strlen(limtoken)) >= 3 ) /* which may be \[no]limits */
data/mimetex-1.76/mimetex.c:8712:1: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rdelim,"."); /* init default \right. delim */
data/mimetex-1.76/mimetex.c:8725:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pleft += strlen(left); /* push ptr past \left token */
data/mimetex-1.76/mimetex.c:8728:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (pright=strtexchr(pright+strlen(right),right)) /* find next \right */
data/mimetex-1.76/mimetex.c:8745:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rdelim,"."); /* set default \right. */
data/mimetex-1.76/mimetex.c:8746:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(*expression); /* use entire remaining expression */
data/mimetex-1.76/mimetex.c:8752:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*expression = pright+strlen(right); /* push expression past \right */
data/mimetex-1.76/mimetex.c:8755:28: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if ( *rdelim == '\000' ) strcpy(rdelim,"."); } /* \right. if no rdelim */
data/mimetex-1.76/mimetex.c:8959:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(subexpr,exprptr,MAXSUBXSZ); /*get entire remaining expression*/
data/mimetex-1.76/mimetex.c:8961:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exprptr += strlen(exprptr); } /* push exprptr to terminating '\0'*/
data/mimetex-1.76/mimetex.c:8966:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exprptr += (sublen+strlen("\\middle")); } /* push exprptr past \middle*/
data/mimetex-1.76/mimetex.c:9003:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*expression += strlen(*expression); } /* and push to terminating null*/
data/mimetex-1.76/mimetex.c:9147:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(valuearg); /* ought to be 1 */
data/mimetex-1.76/mimetex.c:9235:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(valuearg); /* ought to be 1-4 */
data/mimetex-1.76/mimetex.c:9389:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*expression += strlen((*expression)); } /* push expression to its null */
data/mimetex-1.76/mimetex.c:9458:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*expression += strlen(*expression); } /* and push to terminating null*/
data/mimetex-1.76/mimetex.c:10051:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(func,"}"); /* and add terminating } */
data/mimetex-1.76/mimetex.c:10416:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(subexpr,"{"); /* start off with opening { */
data/mimetex-1.76/mimetex.c:10418:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"~"); /* followed by whitespace */
data/mimetex-1.76/mimetex.c:10420:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"}"); /* terminate with closing } */
data/mimetex-1.76/mimetex.c:10434:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(subexpr,"{"); /* nope, just start off with { */
data/mimetex-1.76/mimetex.c:10458:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"~"); /* need separator after \font */
data/mimetex-1.76/mimetex.c:10460:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exprlen = strlen(subexpr); /* #chars so far */
data/mimetex-1.76/mimetex.c:10464:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"}"); /* add closing } */
data/mimetex-1.76/mimetex.c:10562:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( memcmp(environs[ienviron],subexpr,strlen(subexpr)) == 0 ) /*match*/
data/mimetex-1.76/mimetex.c:10568:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(subexpr,"\\"); /* start with \ for (,[,{,|,= */
data/mimetex-1.76/mimetex.c:10583:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"$"); } /* add terminating $ to lcr */
data/mimetex-1.76/mimetex.c:10605:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"{"); /* opening { after (width,height) */
data/mimetex-1.76/mimetex.c:10611:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"{"); /* just enclose expression in {}'s */
data/mimetex-1.76/mimetex.c:10630:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begptr += strlen(begtoken); /* push ptr past token */
data/mimetex-1.76/mimetex.c:10634:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (endptr=strstr(endptr+strlen(endtoken),endtoken)) /* find next \end */
data/mimetex-1.76/mimetex.c:10643:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(subexpr); /* #chars in "preamble" */
data/mimetex-1.76/mimetex.c:10648:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(subexpr,"}"); /* ...followed by terminating } */
data/mimetex-1.76/mimetex.c:10651:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(subexpr,"\\"); /* start with \ for ),],},|,= */
data/mimetex-1.76/mimetex.c:10662:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begptr += strlen(begtoken); } /* continue past {\begin */
data/mimetex-1.76/mimetex.c:10996:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subtoklen = strlen(subtok); /* #chars in {...} */
data/mimetex-1.76/mimetex.c:11042:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hltoklen = strlen(hltoken); /* length of first char */
data/mimetex-1.76/mimetex.c:12098:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(subexpr) < 3 /* we rotated a short expression */
data/mimetex-1.76/mimetex.c:12485:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(ovalexpr) > 1024 ) break; /* sanity check */
data/mimetex-1.76/mimetex.c:12695:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(text) >= 1 ) { /* and it's not an empty string */
data/mimetex-1.76/mimetex.c:12705:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(filename) >= 1 ) { /* and it's not an empty string */
data/mimetex-1.76/mimetex.c:12744:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(filename) > 1 ) /* make sure we got {filename} arg */
data/mimetex-1.76/mimetex.c:12765:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ( ordindex >= 0 ) strcat(text,"_"); /* tack on _ */
data/mimetex-1.76/mimetex.c:12766:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ( *tag == '\000' ) strcat(text,"\n"); /* and newline */
data/mimetex-1.76/mimetex.c:12772:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(logfile) > 1 ) /* optional [logfile] given */
data/mimetex-1.76/mimetex.c:12942:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(execwget,"}"); } /* and closing } */
data/mimetex-1.76/mimetex.c:12943:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(execwget," "); /* blank space if message needs it */
data/mimetex-1.76/mimetex.c:12950:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command,"\""); /* and closing " */
data/mimetex-1.76/mimetex.c:12954:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(command,plocalhost+strlen(localhost)); /*path follows localhost://*/
data/mimetex-1.76/mimetex.c:12957:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command,"\""); /* and closing " */
data/mimetex-1.76/mimetex.c:13028:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(today,"}"); /* terminate \text{} braces */
data/mimetex-1.76/mimetex.c:13176:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(environ[ienv]) > maxvarlen ) /* we truncated the variable */
data/mimetex-1.76/mimetex.c:13184:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(environstr) + strlen(environvar) > maxenvlen ) break;
data/mimetex-1.76/mimetex.c:13184:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(environstr) + strlen(environvar) > maxenvlen ) break;
data/mimetex-1.76/mimetex.c:13185:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(environstr+strlen(environstr), /* display environment string */
data/mimetex-1.76/mimetex.c:13190:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(environstr) >= 7200 ) break; /* don't overflow buffer */
data/mimetex-1.76/mimetex.c:13339:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(texfile,rasteditfilename(filename),2047); /*edited copy of filename*/
data/mimetex-1.76/mimetex.c:13345:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(amode,mode,254); /* and replace "r" with caller's */
data/mimetex-1.76/mimetex.c:13349:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(texfile) > 1 ) /* make sure we got actual filename*/
data/mimetex-1.76/mimetex.c:13464:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(texfile,filename,1023); /* local copy of filename */
data/mimetex-1.76/mimetex.c:13478:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(tag1,"<"); strcpy(tag2,"</"); /* begin with < and </ */
data/mimetex-1.76/mimetex.c:13480:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag1,">"); strcat(tag2,">"); /* ending both tags with > */
data/mimetex-1.76/mimetex.c:13480:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag1,">"); strcat(tag2,">"); /* ending both tags with > */
data/mimetex-1.76/mimetex.c:13491:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tagp += strlen(tag1); /* first char past tag */
data/mimetex-1.76/mimetex.c:13502:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int textlen = strlen(text); /* #chars in current line */
data/mimetex-1.76/mimetex.c:13561:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(filename) < 2 /* quit if unreasonable filename */
data/mimetex-1.76/mimetex.c:13564:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(texfile,filename,1023); /* local copy of input filename */
data/mimetex-1.76/mimetex.c:13574:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tag1,"<"); strcpy(tag2,"</"); /* begin tags with < and </ */
data/mimetex-1.76/mimetex.c:13576:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag1,">"); strcat(tag2,">"); /* ending both tags with > */
data/mimetex-1.76/mimetex.c:13576:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tag1,">"); strcat(tag2,">"); /* ending both tags with > */
data/mimetex-1.76/mimetex.c:13593:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen1=strlen(tag1), tlen2=strlen(tag2), flen; /*tag,buff lengths*/
data/mimetex-1.76/mimetex.c:13593:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen1=strlen(tag1), tlen2=strlen(tag2), flen; /*tag,buff lengths*/
data/mimetex-1.76/mimetex.c:13602:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (flen = strlen(filebuff)) /* #chars currently in buffer */
data/mimetex-1.76/mimetex.c:13605:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(0)strcat(filebuff,"\n"); /* so add one before new tag */
data/mimetex-1.76/mimetex.c:13610:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(filebuff,"\n"); /* newline at end of file */
data/mimetex-1.76/mimetex.c:13749:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(calbuff,"&"); /* new cell in same week */
data/mimetex-1.76/mimetex.c:14040:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tablen = strlen(tab); /* reset to actual tab length */
data/mimetex-1.76/mimetex.c:14064:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rhslen = strlen(sol); /* remaining right hand side chars */
data/mimetex-1.76/mimetex.c:14184:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delim = pruned + strlen(pruned); /*ptr to '\000' terminating pruned*/
data/mimetex-1.76/mimetex.c:16971:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(query) >= 1 ) { /* caller gave us a query string */
data/mimetex-1.76/mimetex.c:16972:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(expression,query,MAXEXPRSZ); /* so use it as expression */
data/mimetex-1.76/mimetex.c:17023:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int arglen = strlen(field); /* #chars following - */
data/mimetex-1.76/mimetex.c:17074:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(expression,argv[exprarg],MAXEXPRSZ); /*expr from command-line*/
data/mimetex-1.76/mimetex.c:17089:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( exprsz + strlen(instring) < MAXEXPRSZ ) { /* have room for line */
data/mimetex-1.76/mimetex.c:17091:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exprsz += strlen(instring); } /* update expression buffer length */
data/mimetex-1.76/mimetex.c:17139:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expression," "); /* assume "\ " lost the final space*/
data/mimetex-1.76/mimetex.c:17156:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strsqueeze(dumpgif,strlen("\\dumpgif")); /* get rid of \dumpgif */
data/mimetex-1.76/mimetex.c:17249:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int npref = strlen(exprprefix); /* #chars in prefix */
data/mimetex-1.76/mimetex.c:17250:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(expression+npref+1,expression,strlen(expression)+1);/*make room*/
data/mimetex-1.76/mimetex.c:17253:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expression,"}"); } /* and terminating } to balance { */
data/mimetex-1.76/mimetex.c:17349:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(expression) > norefmaxlen ) { /* query_string too long */
data/mimetex-1.76/mimetex.c:17428:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestamp(TZDELTA,0),cachefile+strlen(cachepath)); /*skip path*/
data/mimetex-1.76/mimetex.c:17431:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int loglen = strlen(dashes); /* #chars on line in log file*/
data/mimetex-1.76/mimetex.c:17436:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(refp) <= loglen ) break; /* no more parts */
data/mimetex-1.76/mimetex.c:17688:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( contenttype+strlen(contenttype),
data/mimetex-1.76/mimetex.c:17690:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( contenttype+strlen(contenttype),
data/mimetex-1.76/mimetex.c:18046:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dumpfile,"_"); strcat(dumpfile,DUMPGIF);
data/mimetex-1.76/mimetex.c:18278:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update( &ctx, (uint8 *)instr, strlen(instr) );
data/mimetex-1.76/mimetex.h:239:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((*(thisstr))!='\000' && strspn(thisstr,accept)==strlen(thisstr))
ANALYSIS SUMMARY:
Hits = 557
Lines analyzed = 114742 in approximately 6.14 seconds (18693 lines/second)
Physical Source Lines of Code (SLOC) = 93079
Hits@level = [0] 196 [1] 173 [2] 243 [3] 14 [4] 127 [5] 0
Hits@level+ = [0+] 753 [1+] 557 [2+] 384 [3+] 141 [4+] 127 [5+] 0
Hits/KSLOC@level+ = [0+] 8.0899 [1+] 5.98416 [2+] 4.12553 [3+] 1.51484 [4+] 1.36443 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.