Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nted-1.10.18/page.cpp
Examining data/nted-1.10.18/slur.h
Examining data/nted-1.10.18/chordorrest.h
Examining data/nted-1.10.18/measure.h
Examining data/nted-1.10.18/midiimporter.cpp
Examining data/nted-1.10.18/octavation.cpp
Examining data/nted-1.10.18/volumesign.h
Examining data/nted-1.10.18/resource.h
Examining data/nted-1.10.18/linepoint.h
Examining data/nted-1.10.18/freereplaceable.cpp
Examining data/nted-1.10.18/idiotseditor/idcommandlist.cpp
Examining data/nted-1.10.18/idiotseditor/changeidnotecommand.h
Examining data/nted-1.10.18/idiotseditor/idcommandhistory.cpp
Examining data/nted-1.10.18/idiotseditor/idiotseditor.h
Examining data/nted-1.10.18/idiotseditor/idcommandlist.h
Examining data/nted-1.10.18/idiotseditor/idcommandhistory.h
Examining data/nted-1.10.18/idiotseditor/changeidnotecommand.cpp
Examining data/nted-1.10.18/idiotseditor/idiotseditor.cpp
Examining data/nted-1.10.18/line.h
Examining data/nted-1.10.18/freechordname.h
Examining data/nted-1.10.18/beam.h
Examining data/nted-1.10.18/system.cpp
Examining data/nted-1.10.18/beaming.h
Examining data/nted-1.10.18/freespacer.h
Examining data/nted-1.10.18/positionarray.h
Examining data/nted-1.10.18/pangocairotext.h
Examining data/nted-1.10.18/acceleration.h
Examining data/nted-1.10.18/temposign.cpp
Examining data/nted-1.10.18/system.h
Examining data/nted-1.10.18/volumesign.cpp
Examining data/nted-1.10.18/dialogs/chordnamedialog.h
Examining data/nted-1.10.18/dialogs/textdialog.h
Examining data/nted-1.10.18/dialogs/volumedialog.cpp
Examining data/nted-1.10.18/dialogs/chordnamedialog.cpp
Examining data/nted-1.10.18/dialogs/linesdialog.h
Examining data/nted-1.10.18/dialogs/spacementdialog.cpp
Examining data/nted-1.10.18/dialogs/druminfo.h
Examining data/nted-1.10.18/dialogs/selectordialog.h
Examining data/nted-1.10.18/dialogs/drumconfigdialog.h
Examining data/nted-1.10.18/dialogs/measureconfigdialog.h
Examining data/nted-1.10.18/dialogs/signsdialog.h
Examining data/nted-1.10.18/dialogs/spacementdialog.h
Examining data/nted-1.10.18/dialogs/paperconfigdialog.h
Examining data/nted-1.10.18/dialogs/staffselectdialog.cpp
Examining data/nted-1.10.18/dialogs/scaledialog.h
Examining data/nted-1.10.18/dialogs/staffselectdialog.h
Examining data/nted-1.10.18/dialogs/staffcontextdialog.h
Examining data/nted-1.10.18/dialogs/selectordialog.cpp
Examining data/nted-1.10.18/dialogs/scoreinfodialog.cpp
Examining data/nted-1.10.18/dialogs/tempodialog.cpp
Examining data/nted-1.10.18/dialogs/midirecordconfigdialog.h
Examining data/nted-1.10.18/dialogs/portchoosedialog.h
Examining data/nted-1.10.18/dialogs/tupletdialog.h
Examining data/nted-1.10.18/dialogs/midiimportdialog.h
Examining data/nted-1.10.18/dialogs/lilypondexportdialog.cpp
Examining data/nted-1.10.18/dialogs/clefconfigdialog.h
Examining data/nted-1.10.18/dialogs/signsdialog.cpp
Examining data/nted-1.10.18/dialogs/mutedialog.h
Examining data/nted-1.10.18/dialogs/keysigdialog.h
Examining data/nted-1.10.18/dialogs/mutedialog.cpp
Examining data/nted-1.10.18/dialogs/tools.h
Examining data/nted-1.10.18/dialogs/insertblockdialog.h
Examining data/nted-1.10.18/dialogs/keysigdialog.cpp
Examining data/nted-1.10.18/dialogs/lyricseditor.h
Examining data/nted-1.10.18/dialogs/measureconfigdialog.cpp
Examining data/nted-1.10.18/dialogs/scaledialog.cpp
Examining data/nted-1.10.18/dialogs/scoreinfodialog.h
Examining data/nted-1.10.18/dialogs/volumedialog.h
Examining data/nted-1.10.18/dialogs/textdialog.cpp
Examining data/nted-1.10.18/dialogs/tempodialog.h
Examining data/nted-1.10.18/dialogs/tupletdialog.cpp
Examining data/nted-1.10.18/dialogs/paperconfigdialog.cpp
Examining data/nted-1.10.18/dialogs/midirecordconfigdialog.cpp
Examining data/nted-1.10.18/dialogs/midiimportdialog.cpp
Examining data/nted-1.10.18/dialogs/printconfigdialog.h
Examining data/nted-1.10.18/dialogs/insertblockdialog.cpp
Examining data/nted-1.10.18/dialogs/linesdialog.cpp
Examining data/nted-1.10.18/dialogs/portchoosedialog.cpp
Examining data/nted-1.10.18/dialogs/lyricseditor.cpp
Examining data/nted-1.10.18/dialogs/lilypondexportdialog.h
Examining data/nted-1.10.18/dialogs/printconfigdialog.cpp
Examining data/nted-1.10.18/dialogs/staffcontextdialog.cpp
Examining data/nted-1.10.18/dialogs/clefconfigdialog.cpp
Examining data/nted-1.10.18/dialogs/druminfo.cpp
Examining data/nted-1.10.18/dialogs/tools.cpp
Examining data/nted-1.10.18/dialogs/drumconfigdialog.cpp
Examining data/nted-1.10.18/midiexport.h
Examining data/nted-1.10.18/importer.cpp
Examining data/nted-1.10.18/freechord.cpp
Examining data/nted-1.10.18/slurpoint.h
Examining data/nted-1.10.18/localization.h
Examining data/nted-1.10.18/freesign.h
Examining data/nted-1.10.18/midirecorder.cpp
Examining data/nted-1.10.18/freechordname.cpp
Examining data/nted-1.10.18/freetext.h
Examining data/nted-1.10.18/freespacer.cpp
Examining data/nted-1.10.18/temposign.h
Examining data/nted-1.10.18/linepoint.cpp
Examining data/nted-1.10.18/page.h
Examining data/nted-1.10.18/icons/grace_eighth_icon.h
Examining data/nted-1.10.18/icons/midikeyboard_icon.h
Examining data/nted-1.10.18/icons/brace_icon.h
Examining data/nted-1.10.18/icons/drum3_icon.h
Examining data/nted-1.10.18/icons/bracket_icon.h
Examining data/nted-1.10.18/icons/drum3_icon_small.h
Examining data/nted-1.10.18/icons/rest_icon.h
Examining data/nted-1.10.18/icons/color_icon.h
Examining data/nted-1.10.18/icons/tremolo_icon4.h
Examining data/nted-1.10.18/icons/tied_icon.h
Examining data/nted-1.10.18/icons/arrow_left_icon.h
Examining data/nted-1.10.18/icons/drum8_icon.h
Examining data/nted-1.10.18/icons/tremolo_icon3.h
Examining data/nted-1.10.18/icons/drum7_icon.h
Examining data/nted-1.10.18/icons/drum12_icon_small.h
Examining data/nted-1.10.18/icons/tremolo_icon2.h
Examining data/nted-1.10.18/icons/cut_icon.h
Examining data/nted-1.10.18/icons/drum9_icon_small.h
Examining data/nted-1.10.18/icons/flat_icon.h
Examining data/nted-1.10.18/icons/backgroundh2.h
Examining data/nted-1.10.18/icons/cross_icon.h
Examining data/nted-1.10.18/icons/n64thnote_icon.h
Examining data/nted-1.10.18/icons/key_icon.h
Examining data/nted-1.10.18/icons/signs.h
Examining data/nted-1.10.18/icons/drum1_icon.h
Examining data/nted-1.10.18/icons/ped_off_icon.h
Examining data/nted-1.10.18/icons/n32ndnote_icon.h
Examining data/nted-1.10.18/icons/lines.h
Examining data/nted-1.10.18/icons/grace_sixth_icon.h
Examining data/nted-1.10.18/icons/stroken_grace_icon.h
Examining data/nted-1.10.18/icons/tenuto_icon.h
Examining data/nted-1.10.18/icons/prall_icon.h
Examining data/nted-1.10.18/icons/trill_icon.h
Examining data/nted-1.10.18/icons/drum5_icon_small.h
Examining data/nted-1.10.18/icons/quarternote_icon.h
Examining data/nted-1.10.18/icons/drum10_icon_small.h
Examining data/nted-1.10.18/icons/stacc_icon.h
Examining data/nted-1.10.18/icons/lyrics_icon.h
Examining data/nted-1.10.18/icons/sixteenthnote_dot_icon.h
Examining data/nted-1.10.18/icons/tool_icon.h
Examining data/nted-1.10.18/icons/treble_clef_icon.h
Examining data/nted-1.10.18/icons/quarternote_dot_icon.h
Examining data/nted-1.10.18/icons/sforzando_icon.h
Examining data/nted-1.10.18/icons/select_mode_icon.h
Examining data/nted-1.10.18/icons/shift_mode_icon.h
Examining data/nted-1.10.18/icons/drum7_icon_small.h
Examining data/nted-1.10.18/icons/background2.h
Examining data/nted-1.10.18/icons/drum6_icon_small.h
Examining data/nted-1.10.18/icons/drum11_icon_small.h
Examining data/nted-1.10.18/icons/drum10_icon.h
Examining data/nted-1.10.18/icons/drum11_icon.h
Examining data/nted-1.10.18/icons/drum2_icon_small.h
Examining data/nted-1.10.18/icons/arrow_down_icon.h
Examining data/nted-1.10.18/icons/record_icon.h
Examining data/nted-1.10.18/icons/revturn_icon.h
Examining data/nted-1.10.18/icons/nted.h
Examining data/nted-1.10.18/icons/bow_up_icon.h
Examining data/nted-1.10.18/icons/guitar_note_icon.h
Examining data/nted-1.10.18/icons/insert_mode_icon.h
Examining data/nted-1.10.18/icons/background1.h
Examining data/nted-1.10.18/icons/sixteenthnote_icon.h
Examining data/nted-1.10.18/icons/drum4_icon_small.h
Examining data/nted-1.10.18/icons/mordent_icon.h
Examining data/nted-1.10.18/icons/staccatissimo_icon.h
Examining data/nted-1.10.18/icons/groupbeams_icon.h
Examining data/nted-1.10.18/icons/alto_clef_icon.h
Examining data/nted-1.10.18/icons/dcross_icon.h
Examining data/nted-1.10.18/icons/open_icon.h
Examining data/nted-1.10.18/icons/isolate_icon.h
Examining data/nted-1.10.18/icons/dflat_icon.h
Examining data/nted-1.10.18/icons/delete_system_icon.h
Examining data/nted-1.10.18/icons/backgroundv2.h
Examining data/nted-1.10.18/icons/comm_icon.h
Examining data/nted-1.10.18/icons/drum6_icon.h
Examining data/nted-1.10.18/icons/tremolo_icon1.h
Examining data/nted-1.10.18/icons/flipstem_icon.h
Examining data/nted-1.10.18/icons/ddot_icon.h
Examining data/nted-1.10.18/icons/guitar_note_no_stem_icon.h
Examining data/nted-1.10.18/icons/bass_clef_icon.h
Examining data/nted-1.10.18/icons/drum12_icon.h
Examining data/nted-1.10.18/icons/fullnote_icon.h
Examining data/nted-1.10.18/icons/bow_down_icon.h
Examining data/nted-1.10.18/icons/normal_note_icon.h
Examining data/nted-1.10.18/icons/delete_staff_icon.h
Examining data/nted-1.10.18/icons/backgroundv1.h
Examining data/nted-1.10.18/icons/arrow_up_icon.h
Examining data/nted-1.10.18/icons/fermata_icon.h
Examining data/nted-1.10.18/icons/sforzato_icon.h
Examining data/nted-1.10.18/icons/drum1_icon_small.h
Examining data/nted-1.10.18/icons/drum5_icon.h
Examining data/nted-1.10.18/icons/halfnote_dot_icon.h
Examining data/nted-1.10.18/icons/normal_note_icon_small.h
Examining data/nted-1.10.18/icons/eightnote_dot_icon.h
Examining data/nted-1.10.18/icons/drum4_icon.h
Examining data/nted-1.10.18/icons/halfnote_icon.h
Examining data/nted-1.10.18/icons/dot_icon.h
Examining data/nted-1.10.18/icons/str_pizz_icon.h
Examining data/nted-1.10.18/icons/drum9_icon.h
Examining data/nted-1.10.18/icons/backgroundh1.h
Examining data/nted-1.10.18/icons/turn_icon.h
Examining data/nted-1.10.18/icons/drum2_icon.h
Examining data/nted-1.10.18/icons/natural_icon.h
Examining data/nted-1.10.18/icons/arpeggio_icon.h
Examining data/nted-1.10.18/icons/ped_on_icon.h
Examining data/nted-1.10.18/icons/arrow_right_icon.h
Examining data/nted-1.10.18/icons/eightnote_icon.h
Examining data/nted-1.10.18/icons/drum8_icon_small.h
Examining data/nted-1.10.18/chords/chorddialog.h
Examining data/nted-1.10.18/chords/chordstruct.h
Examining data/nted-1.10.18/chords/chords.cpp
Examining data/nted-1.10.18/chords/chorddialog.cpp
Examining data/nted-1.10.18/chords/chordpainter.cpp
Examining data/nted-1.10.18/chords/chordpainter.h
Examining data/nted-1.10.18/crescendo.cpp
Examining data/nted-1.10.18/line.cpp
Examining data/nted-1.10.18/line3.cpp
Examining data/nted-1.10.18/freesign.cpp
Examining data/nted-1.10.18/freetext.cpp
Examining data/nted-1.10.18/beam.cpp
Examining data/nted-1.10.18/clipboard.h
Examining data/nted-1.10.18/commands/insertchordorrestcommand.h
Examining data/nted-1.10.18/commands/tienotescommand.h
Examining data/nted-1.10.18/commands/insertchordorrestgroupcommand.cpp
Examining data/nted-1.10.18/commands/shiftstaffcommand.cpp
Examining data/nted-1.10.18/commands/shiftstaffcommand.h
Examining data/nted-1.10.18/commands/changexpositioncommand.h
Examining data/nted-1.10.18/commands/command.h
Examining data/nted-1.10.18/commands/fixmovedfreeplaceablecommand.h
Examining data/nted-1.10.18/commands/changenotestatus.h
Examining data/nted-1.10.18/commands/movesystemcommand.cpp
Examining data/nted-1.10.18/commands/fixintermediatecommand.h
Examining data/nted-1.10.18/commands/newlyricscommand.cpp
Examining data/nted-1.10.18/commands/changemeasurespread.cpp
Examining data/nted-1.10.18/commands/insertstaffelemcommand.h
Examining data/nted-1.10.18/commands/changemeasuretypecommand.cpp
Examining data/nted-1.10.18/commands/restmovecommand.cpp
Examining data/nted-1.10.18/commands/insertnewpagecommand.h
Examining data/nted-1.10.18/commands/changestaffclefcmd.h
Examining data/nted-1.10.18/commands/changetie.cpp
Examining data/nted-1.10.18/commands/removeconstraintscommand.cpp
Examining data/nted-1.10.18/commands/changeupbeatcommand.cpp
Examining data/nted-1.10.18/commands/removeconstraintscommand.h
Examining data/nted-1.10.18/commands/addnoteatcommand.h
Examining data/nted-1.10.18/commands/appendnewpagecommand.h
Examining data/nted-1.10.18/commands/changeupbeatcommand.h
Examining data/nted-1.10.18/commands/addnoteatcommand.cpp
Examining data/nted-1.10.18/commands/changelyricscommand.cpp
Examining data/nted-1.10.18/commands/transposecommand.h
Examining data/nted-1.10.18/commands/paperconfigcommand.cpp
Examining data/nted-1.10.18/commands/movechordsandrestsreversecommand.h
Examining data/nted-1.10.18/commands/flipvaluescommand.cpp
Examining data/nted-1.10.18/commands/changetimsigcommand.h
Examining data/nted-1.10.18/commands/commandlist.cpp
Examining data/nted-1.10.18/commands/fixintermediatecommand.cpp
Examining data/nted-1.10.18/commands/changeaccidentalcmd.h
Examining data/nted-1.10.18/commands/changexpositioncommand.cpp
Examining data/nted-1.10.18/commands/changelyricscommand.h
Examining data/nted-1.10.18/commands/notemoverelativecommand.h
Examining data/nted-1.10.18/commands/movechordsandrestscommand.cpp
Examining data/nted-1.10.18/commands/movespecmeasurecommand.cpp
Examining data/nted-1.10.18/commands/inserttiedelementcommand.h
Examining data/nted-1.10.18/commands/changemeasuretypecommand.h
Examining data/nted-1.10.18/commands/removefreeplaceablecommand.h
Examining data/nted-1.10.18/commands/changetie.h
Examining data/nted-1.10.18/commands/notemoverelativecommand.cpp
Examining data/nted-1.10.18/commands/insertstaffelemcommand.cpp
Examining data/nted-1.10.18/commands/getsystemfromnextpagecmmand.h
Examining data/nted-1.10.18/commands/changemeasuretimsigcommand.cpp
Examining data/nted-1.10.18/commands/movespecmeasurecommand.h
Examining data/nted-1.10.18/commands/ereasenotecommand.h
Examining data/nted-1.10.18/commands/changestaffkeysigcmd.h
Examining data/nted-1.10.18/commands/changespacement.cpp
Examining data/nted-1.10.18/commands/deletesystemcommand.cpp
Examining data/nted-1.10.18/commands/removepagecommand.h
Examining data/nted-1.10.18/commands/appendstaffcommand.h
Examining data/nted-1.10.18/commands/appendsystemcommand.h
Examining data/nted-1.10.18/commands/changenotestatus.cpp
Examining data/nted-1.10.18/commands/flipvaluescommand.h
Examining data/nted-1.10.18/commands/appendstaffcommand.cpp
Examining data/nted-1.10.18/commands/notemovecommand.cpp
Examining data/nted-1.10.18/commands/movechordsandrestsreversecommand.cpp
Examining data/nted-1.10.18/commands/deletestaffcommand.h
Examining data/nted-1.10.18/commands/restmovecommand.h
Examining data/nted-1.10.18/commands/deletesystemcommand.h
Examining data/nted-1.10.18/commands/untieforwardcommand.h
Examining data/nted-1.10.18/commands/insertfreeplaceablecommand.cpp
Examining data/nted-1.10.18/commands/tienotescommand.cpp
Examining data/nted-1.10.18/commands/ereasenotecommand.cpp
Examining data/nted-1.10.18/commands/transposecommand.cpp
Examining data/nted-1.10.18/commands/notemovecommand.h
Examining data/nted-1.10.18/commands/removepagecommand.cpp
Examining data/nted-1.10.18/commands/insertchordorrestcommand.cpp
Examining data/nted-1.10.18/commands/commandhistory.h
Examining data/nted-1.10.18/commands/setstaffcontext.h
Examining data/nted-1.10.18/commands/movesystemcommand.h
Examining data/nted-1.10.18/commands/changestaffkeysigcmd.cpp
Examining data/nted-1.10.18/commands/changenotehead.h
Examining data/nted-1.10.18/commands/movechordsandrestscommand.h
Examining data/nted-1.10.18/commands/changenotehead.cpp
Examining data/nted-1.10.18/commands/fixmovedfreeplaceablecommand.cpp
Examining data/nted-1.10.18/commands/changechordorreststatus.cpp
Examining data/nted-1.10.18/commands/commandlist.h
Examining data/nted-1.10.18/commands/removelastpagecommand.h
Examining data/nted-1.10.18/commands/newlyricscommand.h
Examining data/nted-1.10.18/commands/changeaccidentalcmd.cpp
Examining data/nted-1.10.18/commands/removefreeplaceablecommand.cpp
Examining data/nted-1.10.18/commands/insertfreeplaceablecommand.h
Examining data/nted-1.10.18/commands/changemeasurespread.h
Examining data/nted-1.10.18/commands/commandhistory.cpp
Examining data/nted-1.10.18/commands/changestaffclefcmd.cpp
Examining data/nted-1.10.18/commands/settotupletcommand.h
Examining data/nted-1.10.18/commands/insertnewpagecommand.cpp
Examining data/nted-1.10.18/commands/paperconfigcommand.h
Examining data/nted-1.10.18/commands/untieforwardcommand.cpp
Examining data/nted-1.10.18/commands/ereasechordorrestcommand.h
Examining data/nted-1.10.18/commands/deletechordorrestgroupcommand.cpp
Examining data/nted-1.10.18/commands/changechordorreststatus.h
Examining data/nted-1.10.18/commands/deletechordcommand.cpp
Examining data/nted-1.10.18/commands/deletechordcommand.h
Examining data/nted-1.10.18/commands/getsystemfromnextpagecmmand.cpp
Examining data/nted-1.10.18/commands/appendnewpagecommand.cpp
Examining data/nted-1.10.18/commands/insertchordorrestgroupcommand.h
Examining data/nted-1.10.18/commands/setstaffcontext.cpp
Examining data/nted-1.10.18/commands/ereasechordorrestcommand.cpp
Examining data/nted-1.10.18/commands/changespacement.h
Examining data/nted-1.10.18/commands/deletechordorrestgroupcommand.h
Examining data/nted-1.10.18/commands/settotupletcommand.cpp
Examining data/nted-1.10.18/commands/removestaffelemcommand.cpp
Examining data/nted-1.10.18/commands/inserttiedelementcommand.cpp
Examining data/nted-1.10.18/commands/removelastpagecommand.cpp
Examining data/nted-1.10.18/commands/removestaffelemcommand.h
Examining data/nted-1.10.18/commands/deletelyricscommand.cpp
Examining data/nted-1.10.18/commands/appendsystemcommand.cpp
Examining data/nted-1.10.18/commands/changechordorrestlength.h
Examining data/nted-1.10.18/commands/changechordorrestlength.cpp
Examining data/nted-1.10.18/commands/deletestaffcommand.cpp
Examining data/nted-1.10.18/commands/deletelyricscommand.h
Examining data/nted-1.10.18/commands/changemeasuretimsigcommand.h
Examining data/nted-1.10.18/commands/changetimsigcommand.cpp
Examining data/nted-1.10.18/freereplaceable.h
Examining data/nted-1.10.18/tuplet.h
Examining data/nted-1.10.18/acceleration.cpp
Examining data/nted-1.10.18/musicxmlimport.cpp
Examining data/nted-1.10.18/musicxmlimport.h
Examining data/nted-1.10.18/slurpoint.cpp
Examining data/nted-1.10.18/crescendo.h
Examining data/nted-1.10.18/importer.h
Examining data/nted-1.10.18/midirecorder.h
Examining data/nted-1.10.18/octavation.h
Examining data/nted-1.10.18/freechord.h
Examining data/nted-1.10.18/voice.h
Examining data/nted-1.10.18/mainwindow.h
Examining data/nted-1.10.18/midiimporter.h
Examining data/nted-1.10.18/measure.cpp
Examining data/nted-1.10.18/slur.cpp
Examining data/nted-1.10.18/line3.h
Examining data/nted-1.10.18/pangocairotext.cpp
Examining data/nted-1.10.18/voice.cpp
Examining data/nted-1.10.18/tuplet.cpp
Examining data/nted-1.10.18/clipboard.cpp
Examining data/nted-1.10.18/midiexport.cpp
Examining data/nted-1.10.18/positionarray.cpp
Examining data/nted-1.10.18/dynarray.h
Examining data/nted-1.10.18/mainwindow.cpp
Examining data/nted-1.10.18/chordorrest.cpp
Examining data/nted-1.10.18/note.cpp
Examining data/nted-1.10.18/note.h
Examining data/nted-1.10.18/staff.cpp
Examining data/nted-1.10.18/staff.h
Examining data/nted-1.10.18/resource.cpp
FINAL RESULTS:
data/nted-1.10.18/chordorrest.cpp:3418:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str, m_lyrics[i]->getText());
data/nted-1.10.18/chordorrest.cpp:3784:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Str, Str2);
data/nted-1.10.18/chordorrest.cpp:4143:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Str, Str2);
data/nted-1.10.18/chordorrest.cpp:4200:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Str, Str2);
data/nted-1.10.18/chordorrest.cpp:4341:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(note_descr, buffer);
data/nted-1.10.18/chords/chorddialog.cpp:474:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_dialog->m_user_selection, the_dialog->current_root_name);
data/nted-1.10.18/chords/chorddialog.cpp:475:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(the_dialog->m_user_selection, the_dialog->current_mody_name);
data/nted-1.10.18/chords/chorddialog.cpp:505:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_dialog->m_user_selection, the_dialog->current_root_name);
data/nted-1.10.18/chords/chorddialog.cpp:506:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(the_dialog->m_user_selection, the_dialog->current_mody_name);
data/nted-1.10.18/chords/chordpainter.cpp:342:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rname, root_name);
data/nted-1.10.18/commands/appendstaffcommand.cpp:25:57: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedAppendStaffCommand::NedAppendStaffCommand(NedSystem *system, NedStaff *staff) :
data/nted-1.10.18/commands/appendstaffcommand.cpp:26:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_system(system), m_staff(staff) { }
data/nted-1.10.18/commands/appendstaffcommand.h:33:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedAppendStaffCommand(NedSystem *system, NedStaff *staff);
data/nted-1.10.18/commands/deletesystemcommand.cpp:28:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedDeleteSystemCommand::NedDeleteSystemCommand(NedSystem *system) :
data/nted-1.10.18/commands/deletesystemcommand.cpp:29:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_system(system) {
data/nted-1.10.18/commands/deletesystemcommand.cpp:31:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((m_systems_pointer = g_list_find(m_page->m_systems, system)) == NULL) {
data/nted-1.10.18/commands/deletesystemcommand.cpp:34:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((m_position = g_list_index(m_page->m_systems, system)) < 0) {
data/nted-1.10.18/commands/deletesystemcommand.h:34:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedDeleteSystemCommand(NedSystem *system);
data/nted-1.10.18/commands/movesystemcommand.cpp:27:70: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedMoveSystemCommand::NedMoveSystemCommand(NedPage *page, NedSystem *system, NedPage *other_page ) :
data/nted-1.10.18/commands/movesystemcommand.cpp:28:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_page(page), m_other_page(other_page), m_system(system) {
data/nted-1.10.18/commands/movesystemcommand.h:34:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedMoveSystemCommand(NedPage *page, NedSystem *system, NedPage *other_page);
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:457:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, filename);
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:473:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:670:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "line: %d: %s", NedResource::m_input_line, NedResource::m_error_message);
data/nted-1.10.18/dialogs/lilypondexportdialog.cpp:99:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fnam, cptr2 + 1);
data/nted-1.10.18/dialogs/lilypondexportdialog.cpp:153:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lilyexport_dialog->m_filename, s);
data/nted-1.10.18/dialogs/lyricseditor.cpp:203:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, text);
data/nted-1.10.18/dialogs/lyricseditor.cpp:206:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, text);
data/nted-1.10.18/dialogs/lyricseditor.cpp:314:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, filename);
data/nted-1.10.18/dialogs/lyricseditor.cpp:330:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/dialogs/portchoosedialog.cpp:54:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "%d:%d %s", ((MidiPortStruct *) lptr->data)->client, ((MidiPortStruct *) lptr->data)->port,
data/nted-1.10.18/freechord.cpp:43:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_chord_name, NedChordPainter::roots[(m_status & ROOT_MASK)]);
data/nted-1.10.18/freechord.cpp:44:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_chord_name, NedChordPainter::modies2[((m_status >> ROOT_BITS) & ((1 << MODI_BITS) - 1))]);
data/nted-1.10.18/freechord.cpp:50:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_chord_name, NedChordPainter::roots[(m_status & ROOT_MASK)]);
data/nted-1.10.18/freechord.cpp:51:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_chord_name, NedChordPainter::modies2[((m_status >> ROOT_BITS) & ((1 << MODI_BITS) - 1))]);
data/nted-1.10.18/freechord.cpp:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_chord_name, NedChordPainter::roots[(m_status & ROOT_MASK)]);
data/nted-1.10.18/freechord.cpp:53:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_chord_name, NedChordPainter::modies2[((m_status >> ROOT_BITS) & ((1 << MODI_BITS) - 1))]);
data/nted-1.10.18/freechord.cpp:58:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_chord_name, NedChordPainter::roots[(m_status & ROOT_MASK)]);
data/nted-1.10.18/freechord.cpp:59:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_chord_name, NedChordPainter::modies2[((m_status >> ROOT_BITS) & ((1 << MODI_BITS) - 1))]);
data/nted-1.10.18/freechord.cpp:64:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_chord_name, NedChordPainter::roots[(m_status & ROOT_MASK)]);
data/nted-1.10.18/freechord.cpp:65:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_chord_name, NedChordPainter::modies2[((m_status >> ROOT_BITS) & ((1 << MODI_BITS) - 1))]);
data/nted-1.10.18/freechord.cpp:149:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_chord_name, NedChordPainter::roots[(m_status & ROOT_MASK)]);
data/nted-1.10.18/freechord.cpp:150:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_chord_name, NedChordPainter::modies2[((m_status >> ROOT_BITS) & ((1 << MODI_BITS) - 1))]);
data/nted-1.10.18/freetext.cpp:85:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) nfamily, m_font_family);
data/nted-1.10.18/freetext.cpp:226:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, LILYSEGNO);
data/nted-1.10.18/freetext.cpp:232:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, LILYCODA);
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:498:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newinstruments[i]->m_inst_name, m_inst_name);
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:1541:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_inst_name, name);
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2887:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pending_inst_name, name);
data/nted-1.10.18/importer.cpp:71:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, other_part->id);
data/nted-1.10.18/importer.cpp:72:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, other_part->name);
data/nted-1.10.18/mainwindow.cpp:1254:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system, *next_system;
data/nted-1.10.18/mainwindow.cpp:1303:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while (system != NULL) {
data/nted-1.10.18/mainwindow.cpp:1395:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/mainwindow.cpp:1414:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while (system != NULL) {
data/nted-1.10.18/mainwindow.cpp:1416:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system = system->getPage()->getNextSystem(system);
data/nted-1.10.18/mainwindow.cpp:1421:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/mainwindow.cpp:1424:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while (system != NULL) {
data/nted-1.10.18/mainwindow.cpp:1426:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system = system->getPage()->getNextSystem(system);
data/nted-1.10.18/mainwindow.cpp:1802:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void NedMainWindow::do_staff_config(int staff_number, NedSystem *system) {
data/nted-1.10.18/mainwindow.cpp:1868:78: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedDeleteSystemCommand *delete_system_command = new NedDeleteSystemCommand(system);
data/nted-1.10.18/mainwindow.cpp:2132:49: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void NedMainWindow::setVisibleSystem(NedSystem *system) {
data/nted-1.10.18/mainwindow.cpp:2885:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fnamenew, "%s.new", main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:2957:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, filename);
data/nted-1.10.18/mainwindow.cpp:2974:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:2986:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fnamenew, "%s.new", the_filename);
data/nted-1.10.18/mainwindow.cpp:3018:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(main_window->m_current_filename, the_filename);
data/nted-1.10.18/mainwindow.cpp:3025:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(show_file_name, "Nted - %s", cptr);
data/nted-1.10.18/mainwindow.cpp:3186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "Cannot open %s for writing(1)", fname);
data/nted-1.10.18/mainwindow.cpp:3191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "Cannot open %s for writing(2)", fname);
data/nted-1.10.18/mainwindow.cpp:3197:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(print_cmd, NedResource::m_print_cmd, fname);
data/nted-1.10.18/mainwindow.cpp:3198:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(print_cmd);
data/nted-1.10.18/mainwindow.cpp:3260:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/mainwindow.cpp:3288:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while (nelems != num_elems && system != NULL) {
data/nted-1.10.18/mainwindow.cpp:3297:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system = system->getPage()->getNextSystem(system);
data/nted-1.10.18/mainwindow.cpp:3314:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while (nelems != num_elems && system != NULL) {
data/nted-1.10.18/mainwindow.cpp:3321:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system = system->getPage()->getNextSystem(system, command_list);
data/nted-1.10.18/mainwindow.cpp:3528:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:3540:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, filename);
data/nted-1.10.18/mainwindow.cpp:3556:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:3647:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:3676:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:4117:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (main_window->m_docu == NULL || access(YELP_PATH, X_OK)) {
data/nted-1.10.18/mainwindow.cpp:4124:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(arg, "ghelp:%s", main_window->m_docu);
data/nted-1.10.18/mainwindow.cpp:4126:8: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl(YELP_PATH, YELP_PATH, arg, NULL) < 0) {
data/nted-1.10.18/mainwindow.cpp:6040:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_current_filename, filename);
data/nted-1.10.18/mainwindow.cpp:6041:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, filename);
data/nted-1.10.18/mainwindow.cpp:6048:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(show_file_name, "Nted - %s", cptr);
data/nted-1.10.18/mainwindow.cpp:6997:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str, uiadd_start);
data/nted-1.10.18/mainwindow.cpp:7007:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Str, str);
data/nted-1.10.18/mainwindow.cpp:7010:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Str, uiadd_end);
data/nted-1.10.18/mainwindow.cpp:8947:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:8953:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(the_filename, page_num_str);
data/nted-1.10.18/mainwindow.cpp:8960:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, selected_filename);
data/nted-1.10.18/mainwindow.cpp:8972:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(the_filename, page_num_str);
data/nted-1.10.18/mainwindow.cpp:8977:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:9087:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:9093:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(the_filename, page_num_str);
data/nted-1.10.18/mainwindow.cpp:9100:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, selected_filename);
data/nted-1.10.18/mainwindow.cpp:9112:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(the_filename, page_num_str);
data/nted-1.10.18/mainwindow.cpp:9117:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:9213:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:9225:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, selected_filename);
data/nted-1.10.18/mainwindow.cpp:9241:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:9302:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, main_window->m_current_filename);
data/nted-1.10.18/mainwindow.cpp:9314:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(the_filename, selected_filename);
data/nted-1.10.18/mainwindow.cpp:9330:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (ok && access(the_filename, F_OK) == 0) {
data/nted-1.10.18/mainwindow.cpp:9399:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "%%Title: %s\n", m_current_filename);
data/nted-1.10.18/mainwindow.cpp:9624:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "%s/%s/index.docbook", NTED_HTMLDIR, *cptr);
data/nted-1.10.18/mainwindow.cpp:9625:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(Str, R_OK)) {
data/nted-1.10.18/mainwindow.cpp:9631:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "%s/en/index.docbook", NTED_HTMLDIR);
data/nted-1.10.18/mainwindow.cpp:9632:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(Str, R_OK)) {
data/nted-1.10.18/mainwindow.h:216:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void setVisibleSystem(NedSystem *system);
data/nted-1.10.18/mainwindow.h:331:53: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void do_staff_config(int staff_number, NedSystem *system);
data/nted-1.10.18/measure.h:42:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void setSystem(NedSystem *system) {m_system = system;}
data/nted-1.10.18/measure.h:42:49: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void setSystem(NedSystem *system) {m_system = system;}
data/nted-1.10.18/midiexport.cpp:434:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aaa, "/%s ", ((MidiEventStruct *) lptr2->data)->note->getChord()->getLyrics(lyrics_idx));
data/nted-1.10.18/midiexport.cpp:440:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(aaa, "%s ", ((MidiEventStruct *) lptr2->data)->note->getChord()->getLyrics(lyrics_idx));
data/nted-1.10.18/midiimporter.cpp:103:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_parts[i].name, cptr);
data/nted-1.10.18/midirecorder.cpp:209:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_parts[i].name, cptr);
data/nted-1.10.18/musicxmlimport.cpp:156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m_error_string, "%s (%d)", Str, m_error->code);
data/nted-1.10.18/musicxmlimport.cpp:181:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("unknown pitch: %s"), m_pitch_name);
data/nted-1.10.18/musicxmlimport.cpp:186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("unknown octave: %s"), m_octave_name);
data/nted-1.10.18/musicxmlimport.cpp:198:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
default: sprintf(Str, _("unknown pitch: %s"), m_pitch_name);
data/nted-1.10.18/musicxmlimport.cpp:370:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("part \"%s\" not defined"), buffer);
data/nted-1.10.18/musicxmlimport.cpp:470:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad lyricnumber: %s"), buffer);
data/nted-1.10.18/musicxmlimport.cpp:753:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(im->m_pitch_name, text);
data/nted-1.10.18/musicxmlimport.cpp:759:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(im->m_octave_name, text);
data/nted-1.10.18/musicxmlimport.cpp:777:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(im->m_parts[im->m_partcount-1].name, text);
data/nted-1.10.18/musicxmlimport.cpp:784:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("Bad voice number: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:797:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("Bad divisions number: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:810:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("Bad midi channel number: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:828:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("Bad midi channel number: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:846:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("Bad midi volume number: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:864:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("Bad midi volume number: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:881:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(im->m_clefsign, text);
data/nted-1.10.18/musicxmlimport.cpp:892:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad clef line: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:906:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad beats value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:920:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad beat-type value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:934:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad keysig value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:948:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad actual-notes value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:962:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad normal-notes value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:976:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad alter value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:998:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(im->m_lyrics[im->m_lyric_number], text);
data/nted-1.10.18/musicxmlimport.cpp:1004:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(im->m_note_type, text);
data/nted-1.10.18/musicxmlimport.cpp:1012:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("bad clef octave value: %s"), text);
data/nted-1.10.18/musicxmlimport.cpp:1081:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res, *atv);
data/nted-1.10.18/musicxmlimport.cpp:1135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, _("unsupported clef: %s %d"), m_clefsign, m_clefline);
data/nted-1.10.18/page.cpp:72:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/page.cpp:145:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/page.cpp:153:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system;
data/nted-1.10.18/page.cpp:156:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void NedPage::insertSystem(NedSystem *system) {
data/nted-1.10.18/page.cpp:158:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_systems = g_list_prepend(m_systems, system);
data/nted-1.10.18/page.cpp:163:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void NedPage::removeSystem(NedSystem *system) {
data/nted-1.10.18/page.cpp:167:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((lptr = g_list_find(m_systems, system)) == NULL) {
data/nted-1.10.18/page.cpp:221:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool NedPage::isFirst(NedSystem *system) {
data/nted-1.10.18/page.cpp:223:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((lptr = g_list_find(m_systems, system)) == NULL) {
data/nted-1.10.18/page.cpp:229:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool NedPage::isLast(NedSystem *system) {
data/nted-1.10.18/page.cpp:231:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((lptr = g_list_find(m_systems, system)) == NULL) {
data/nted-1.10.18/page.cpp:364:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool NedPage::isLastSystem(NedSystem *system) {
data/nted-1.10.18/page.cpp:371:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return (((NedSystem *) lptr->data) == system);
data/nted-1.10.18/page.cpp:388:73: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void NedPage::determineTempoInverse(NedChordOrRest *element, NedSystem* system, double *tempoinverse, bool *found) {
data/nted-1.10.18/page.cpp:391:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((NedSystem *) lptr->data == system) {
data/nted-1.10.18/page.cpp:687:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/page.cpp:723:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_systems = g_list_append(m_systems, system);
data/nted-1.10.18/page.cpp:836:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/page.cpp:850:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/page.cpp:1228:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/page.cpp:1390:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *NedPage::getNextSystem(NedSystem *system, NedCommandList *command_list /* = NULL */) {
data/nted-1.10.18/page.cpp:1399:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((lptr = g_list_find(m_systems, system)) == NULL) {
data/nted-1.10.18/page.cpp:1400:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
printf("gesucht war: 0x%p\n", system); fflush(stdout);
data/nted-1.10.18/page.cpp:1421:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *NedPage::getPreviousSystem(NedSystem *system) {
data/nted-1.10.18/page.cpp:1423:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((lptr = g_list_find(m_systems, system)) == NULL) {
data/nted-1.10.18/page.h:50:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void removeSystem(NedSystem *system);
data/nted-1.10.18/page.h:51:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void insertSystem(NedSystem *system);
data/nted-1.10.18/page.h:96:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *getNextSystem(NedSystem *system, NedCommandList *command_list = NULL);
data/nted-1.10.18/page.h:97:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *getPreviousSystem(NedSystem *system);
data/nted-1.10.18/page.h:103:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool isFirst(NedSystem *system);
data/nted-1.10.18/page.h:105:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool isLast(NedSystem *system);
data/nted-1.10.18/page.h:106:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool isLastSystem(NedSystem *system);
data/nted-1.10.18/page.h:133:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void determineTempoInverse(NedChordOrRest *element, NedSystem* system, double *tempoinverse, bool *found);
data/nted-1.10.18/pangocairotext.cpp:394:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str1, text);
data/nted-1.10.18/pangocairotext.cpp:395:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str1, m_text);
data/nted-1.10.18/pangocairotext.cpp:403:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str1, m_text);
data/nted-1.10.18/pangocairotext.cpp:404:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str1, text);
data/nted-1.10.18/pangocairotext.cpp:415:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2, endp);
data/nted-1.10.18/pangocairotext.cpp:416:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str1, text);
data/nted-1.10.18/pangocairotext.cpp:417:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str1, str2);
data/nted-1.10.18/pangocairotext.cpp:433:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2, m_text + old_cursor_idx);
data/nted-1.10.18/pangocairotext.cpp:440:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str1, str2);
data/nted-1.10.18/pangocairotext.cpp:445:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2, m_text + old_cursor_idx);
data/nted-1.10.18/pangocairotext.cpp:452:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str1, str2);
data/nted-1.10.18/pangocairotext.cpp:568:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str, text);
data/nted-1.10.18/pangocairotext.cpp:686:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str, in_text);
data/nted-1.10.18/pangocairotext.cpp:702:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_text, Str);
data/nted-1.10.18/resource.cpp:512:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m_font_file_name, "%s/%s", fontdir, FONTFILE);
data/nted-1.10.18/resource.cpp:694:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Str, "error in loadfontfile %s\n", font_file_name);
data/nted-1.10.18/resource.cpp:1239:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, homedir);
data/nted-1.10.18/resource.cpp:1241:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, CONFIG_DIR);
data/nted-1.10.18/resource.cpp:1243:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, R_OK | W_OK | X_OK) != 0) {
data/nted-1.10.18/resource.cpp:1244:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, F_OK) == 0) {
data/nted-1.10.18/resource.cpp:1252:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, R_OK | W_OK | X_OK) != 0) {
data/nted-1.10.18/resource.cpp:1258:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, CONFIG_FILE);
data/nted-1.10.18/resource.cpp:1374:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, homedir);
data/nted-1.10.18/resource.cpp:1376:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, CONFIG_DIR);
data/nted-1.10.18/resource.cpp:1378:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, CONFIG_FILE);
data/nted-1.10.18/resource.cpp:1656:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/nted-1.10.18/resource.cpp:1717:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_word_buffer, word);
data/nted-1.10.18/resource.cpp:1736:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, m_word_buffer);
data/nted-1.10.18/resource.cpp:1789:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, m_word_buffer);
data/nted-1.10.18/resource.cpp:1816:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, m_word_buffer);
data/nted-1.10.18/resource.cpp:2025:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, m_word_buffer);
data/nted-1.10.18/resource.cpp:2062:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, cptr);
data/nted-1.10.18/resource.cpp:3906:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Str, chordname->getRootText());
data/nted-1.10.18/resource.cpp:3941:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Str, chordname->getDownText());
data/nted-1.10.18/staff.cpp:50:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedStaff::NedStaff(NedSystem *system, double ypos, double width, int nr, bool start) :
data/nted-1.10.18/staff.cpp:52:71: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_clef_octave_shift(0), m_keysig(0), m_volume_changes(NULL), m_system(system) {
data/nted-1.10.18/staff.h:46:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedStaff(NedSystem *system, double ypos, double width, int nr, bool start);
data/nted-1.10.18/system.cpp:107:107: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system->m_staffs = g_list_append(system->m_staffs, ((NedStaff *) lptr->data)->clone(addrlist, slurlist, system, j++));
data/nted-1.10.18/system.cpp:110:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system;
data/nted-1.10.18/system.cpp:770:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
NedSystem *system;
data/nted-1.10.18/voice.cpp:3382:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xfamily, ffamily);
data/nted-1.10.18/resource.cpp:501:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fontdir = getenv("NTED_FONT_DIR");
data/nted-1.10.18/resource.cpp:1235:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((homedir = getenv("HOME")) == NULL) {
data/nted-1.10.18/resource.cpp:1370:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((homedir = getenv("HOME")) == NULL) {
data/nted-1.10.18/chordorrest.cpp:3349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024], *cptr;
data/nted-1.10.18/chordorrest.cpp:3761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[100], Str2[100];
data/nted-1.10.18/chordorrest.cpp:3776:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%c%d", restchar, WHOLE_NOTE / len2);
data/nted-1.10.18/chordorrest.cpp:3783:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str2, "%c%d", restchar, WHOLE_NOTE / len2);
data/nted-1.10.18/chordorrest.cpp:3825:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d:%d", WHOLE_NOTE / m_length, tremolo);
data/nted-1.10.18/chordorrest.cpp:3828:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", WHOLE_NOTE / m_length);
data/nted-1.10.18/chordorrest.cpp:3983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/chordorrest.cpp:4077:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/nted-1.10.18/chordorrest.cpp:4113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[100], Str2[100];
data/nted-1.10.18/chordorrest.cpp:4135:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "s%d", WHOLE_NOTE / len2);
data/nted-1.10.18/chordorrest.cpp:4142:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str2, "s%d", WHOLE_NOTE / len2);
data/nted-1.10.18/chordorrest.cpp:4172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[100], Str2[100];
data/nted-1.10.18/chordorrest.cpp:4192:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "s%d", WHOLE_NOTE / len2);
data/nted-1.10.18/chordorrest.cpp:4199:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str2, "s%d", WHOLE_NOTE / len2);
data/nted-1.10.18/chordorrest.cpp:4300:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedChordOrRest::setOffset(char offs_array[115]) {
data/nted-1.10.18/chordorrest.cpp:4309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128], note_descr[128], *cptr;
data/nted-1.10.18/chordorrest.h:250:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void setOffset(char offs_array[115]);
data/nted-1.10.18/chords/chorddialog.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_user_selection[128];
data/nted-1.10.18/chords/chordpainter.cpp:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[128];
data/nted-1.10.18/chords/chordpainter.cpp:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/chords/chordpainter.cpp:460:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", WHOLE_NOTE / length);
data/nted-1.10.18/chords/chordstruct.h:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[6];
data/nted-1.10.18/commands/transposecommand.cpp:33:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_staff_list, staff_list, staff_count * sizeof(bool));
data/nted-1.10.18/crescendo.cpp:49:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double open, ypos1;
data/nted-1.10.18/crescendo.cpp:63:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:65:99: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), m_start_x), Y_POS_PAGE_REL(m_start_y + open));
data/nted-1.10.18/crescendo.cpp:67:99: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), m_start_x), Y_POS_PAGE_REL(m_start_y - open));
data/nted-1.10.18/crescendo.cpp:73:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:75:110: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemStart()), Y_POS_PAGE_REL(ypos1 + open));
data/nted-1.10.18/crescendo.cpp:77:110: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemStart()), Y_POS_PAGE_REL(ypos1 - open));
data/nted-1.10.18/crescendo.cpp:83:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:85:109: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemStart()), Y_POS_PAGE_REL(ypos1 + open));
data/nted-1.10.18/crescendo.cpp:87:109: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemStart()), Y_POS_PAGE_REL(ypos1 - open));
data/nted-1.10.18/crescendo.cpp:92:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:94:111: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemEnd()), Y_POS_PAGE_REL(m_start_y + open));
data/nted-1.10.18/crescendo.cpp:96:111: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemEnd()), Y_POS_PAGE_REL(m_start_y - open));
data/nted-1.10.18/crescendo.cpp:102:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:104:108: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemEnd()), Y_POS_PAGE_REL(ypos1 + open));
data/nted-1.10.18/crescendo.cpp:106:108: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), staff->getSystemEnd()), Y_POS_PAGE_REL(ypos1 - open));
data/nted-1.10.18/crescendo.cpp:112:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:114:93: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), m_end_x), Y_POS_PAGE_REL(ypos1 + open));
data/nted-1.10.18/crescendo.cpp:116:93: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_PAGE_POS_PAGE_REL(staff->getPage(), m_end_x), Y_POS_PAGE_REL(ypos1 - open));
data/nted-1.10.18/crescendo.cpp:122:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open > MAX_CRESCENDO_OPEN) open = MAX_CRESCENDO_OPEN;
data/nted-1.10.18/crescendo.cpp:126:96: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_POS_PAGE_REL(m_line_start_point, m_start_x), Y_POS_PAGE_REL(m_start_y + open));
data/nted-1.10.18/crescendo.cpp:128:96: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_POS_PAGE_REL(m_line_start_point, m_start_x), Y_POS_PAGE_REL(m_start_y - open));
data/nted-1.10.18/crescendo.cpp:134:92: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_move_to(cr, X_POS_PAGE_REL(m_line_end_point, m_end_x), Y_POS_PAGE_REL(m_start_y + open));
data/nted-1.10.18/crescendo.cpp:136:92: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cairo_line_to(cr, X_POS_PAGE_REL(m_line_end_point, m_end_x), Y_POS_PAGE_REL(m_start_y - open));
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:469:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".ntddrm");
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:487:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:561:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/nted-1.10.18/dialogs/drumconfigdialog.cpp:578:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr2, dptr1, sizeof(struct d_info_str));
data/nted-1.10.18/dialogs/druminfo.cpp:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr2, dptr1, sizeof(struct d_info_str));
data/nted-1.10.18/dialogs/lilypondexportdialog.cpp:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnam[4096], foldername[4096];
data/nted-1.10.18/dialogs/lyricseditor.cpp:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/nted-1.10.18/dialogs/lyricseditor.cpp:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/dialogs/lyricseditor.cpp:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[1024];
data/nted-1.10.18/dialogs/lyricseditor.cpp:326:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".txt");
data/nted-1.10.18/dialogs/lyricseditor.cpp:344:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/dialogs/lyricseditor.cpp:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[4096], *cptr;
data/nted-1.10.18/dialogs/lyricseditor.cpp:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/dialogs/lyricseditor.cpp:427:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/nted-1.10.18/dialogs/midirecordconfigdialog.cpp:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/midirecordconfigdialog.cpp:141:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", m_pgm);
data/nted-1.10.18/dialogs/mutedialog.cpp:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/mutedialog.cpp:55:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("Staff %d"), i);
data/nted-1.10.18/dialogs/portchoosedialog.cpp:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/portchoosedialog.cpp:68:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", m_idx);
data/nted-1.10.18/dialogs/selectordialog.cpp:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/selectordialog.cpp:61:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("Staff %d"), i);
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:41:174: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NedStaffContextDialog::NedStaffContextDialog(GtkWindow *parent, NedMainWindow *main_window, bool different_voices, bool allow_delete_system, int staff_count, int staff_pos, char *staff_name, char *staff_short_name, char *group_name, char* group_short_name, int clef_number, int octave_shift, int key_signature_number, int numerator, int demoninator, unsigned int symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int channel, int tempo, int pan[VOICE_COUNT], int chorus, int play_transposed, int reverb, bool muted[VOICE_COUNT]) :
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:41:192: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NedStaffContextDialog::NedStaffContextDialog(GtkWindow *parent, NedMainWindow *main_window, bool different_voices, bool allow_delete_system, int staff_count, int staff_pos, char *staff_name, char *staff_short_name, char *group_name, char* group_short_name, int clef_number, int octave_shift, int key_signature_number, int numerator, int demoninator, unsigned int symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int channel, int tempo, int pan[VOICE_COUNT], int chorus, int play_transposed, int reverb, bool muted[VOICE_COUNT]) :
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:41:216: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NedStaffContextDialog::NedStaffContextDialog(GtkWindow *parent, NedMainWindow *main_window, bool different_voices, bool allow_delete_system, int staff_count, int staff_pos, char *staff_name, char *staff_short_name, char *group_name, char* group_short_name, int clef_number, int octave_shift, int key_signature_number, int numerator, int demoninator, unsigned int symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int channel, int tempo, int pan[VOICE_COUNT], int chorus, int play_transposed, int reverb, bool muted[VOICE_COUNT]) :
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:443:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", staff_pos);
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:519:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", m_midi_program_number[idx]);
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:778:133: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedStaffContextDialog::getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:778:152: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedStaffContextDialog::getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:778:177: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedStaffContextDialog::getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:778:196: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedStaffContextDialog::getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]) {
data/nted-1.10.18/dialogs/staffcontextdialog.h:38:154: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NedStaffContextDialog(GtkWindow *parent, NedMainWindow *main_window, bool different_voices, bool allow_delete_system, int staff_count, int staff_pos, char *staff_name, char *staffshortname, char *group_name, char* group_short_name, int clef_number, int octave_shift, int key_signature_number, int numerator, int demoninator, unsigned int symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int channel, int tempo, int pan[VOICE_COUNT], int chorus, int play_transposed, int reverb, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/staffcontextdialog.h:38:172: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NedStaffContextDialog(GtkWindow *parent, NedMainWindow *main_window, bool different_voices, bool allow_delete_system, int staff_count, int staff_pos, char *staff_name, char *staffshortname, char *group_name, char* group_short_name, int clef_number, int octave_shift, int key_signature_number, int numerator, int demoninator, unsigned int symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int channel, int tempo, int pan[VOICE_COUNT], int chorus, int play_transposed, int reverb, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/staffcontextdialog.h:38:194: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NedStaffContextDialog(GtkWindow *parent, NedMainWindow *main_window, bool different_voices, bool allow_delete_system, int staff_count, int staff_pos, char *staff_name, char *staffshortname, char *group_name, char* group_short_name, int clef_number, int octave_shift, int key_signature_number, int numerator, int demoninator, unsigned int symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int channel, int tempo, int pan[VOICE_COUNT], int chorus, int play_transposed, int reverb, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/staffcontextdialog.h:39:112: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/staffcontextdialog.h:39:131: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/staffcontextdialog.h:39:156: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/staffcontextdialog.h:39:175: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void getValues(bool *state, bool *different_voices, bool *delete_staff, bool *delete_system, int *staff_pos, char **staff_name, char **staff_short_name, char **group_name, char **group_short_name, int *clef_number, int *octave_shift, int *key_signature_number, bool *ajdust_notes, int *numerator, int *demoninator, unsigned int *symbol, int volume[VOICE_COUNT], int midi_program[VOICE_COUNT], int *channel, int *tempo, int pan[VOICE_COUNT], int *chorus, int *play_transposed, int *reverb, bool *config_changed, bool muted[VOICE_COUNT]);
data/nted-1.10.18/dialogs/textdialog.cpp:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/dialogs/textdialog.cpp:208:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", m_midi_program_number < 0 ? 0: m_midi_program_number);
data/nted-1.10.18/freechord.h:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_chord_name[128];
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:359:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ID_SPEC_KEYSIG_CHANGE: sprintf(Str, "%d", ((NedIdKeysigChange *) spec)->m_key);
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:365:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ID_SPEC_VOLUME_CHANGE: sprintf(Str, "%d", ((NedIdVolumeChange *) spec)->m_volume);
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:589:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs_array[115];
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs_array[115];
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inst_name[128];
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2164:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(inst_name, "Inst %d", m_inst_number + 1);
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2770:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2798:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ID_SPEC_TIME_SIG_CHANGE: sprintf(Str, "%d/%d", ((NedIdTimesigChange *) spec)->m_numerator,
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2805:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ID_SPEC_TEMPO_CHANGE: sprintf(Str, "%d", ((NedIdTempoChange *) spec)->m_tempo);
data/nted-1.10.18/idiotseditor/idiotseditor.h:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_inst_name[MAX_INST_NAME];
data/nted-1.10.18/idiotseditor/idiotseditor.h:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_dist_array[4][MAX_64TH];
data/nted-1.10.18/idiotseditor/idiotseditor.h:311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pending_inst_name[MAX_INST_NAME];
data/nted-1.10.18/importer.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/importer.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/mainwindow.cpp:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[1024], *cptr;
data/nted-1.10.18/mainwindow.cpp:601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_name[128], ac_label[128];
data/nted-1.10.18/mainwindow.cpp:602:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ac_name, "open_recent_action_%d", i);
data/nted-1.10.18/mainwindow.cpp:603:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ac_label, "Open Recent %d", i);
data/nted-1.10.18/mainwindow.cpp:809:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "r")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:2876:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnamenew[1024];
data/nted-1.10.18/mainwindow.cpp:2886:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fnamenew, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:2912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnamenew[1024];
data/nted-1.10.18/mainwindow.cpp:2913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096], show_file_name[4096];
data/nted-1.10.18/mainwindow.cpp:2915:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[4096];
data/nted-1.10.18/mainwindow.cpp:2970:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".ntd");
data/nted-1.10.18/mainwindow.cpp:2987:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fnamenew, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:3177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_cmd[4096];
data/nted-1.10.18/mainwindow.cpp:3178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[4096];
data/nted-1.10.18/mainwindow.cpp:3181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/mainwindow.cpp:3183:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "/tmp/nted_tmp-XXXXXX");
data/nted-1.10.18/mainwindow.cpp:3185:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(fname)) < 0) {
data/nted-1.10.18/mainwindow.cpp:3495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/mainwindow.cpp:3534:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".mid");
data/nted-1.10.18/mainwindow.cpp:3552:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".mid");
data/nted-1.10.18/mainwindow.cpp:3568:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:3631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/mainwindow.cpp:3653:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".ly");
data/nted-1.10.18/mainwindow.cpp:3673:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".ly");
data/nted-1.10.18/mainwindow.cpp:3688:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:3743:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/mainwindow.cpp:4116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[1024];
data/nted-1.10.18/mainwindow.cpp:5137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[4096], *cptr;
data/nted-1.10.18/mainwindow.cpp:5201:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:5243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096], *cptr, show_file_name[4096];
data/nted-1.10.18/mainwindow.cpp:5249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/mainwindow.cpp:6200:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:6263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[4096], *cptr;
data/nted-1.10.18/mainwindow.cpp:6296:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:6646:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], buffer2[1024];
data/nted-1.10.18/mainwindow.cpp:6917:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathfoldername[4096], *cptr;
data/nted-1.10.18/mainwindow.cpp:6954:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(NedResource::m_recent_files[idx], "r")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:6990:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[4096], str[4096], ac_name[128];
data/nted-1.10.18/mainwindow.cpp:7000:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "<menuitem action='open_recent_action_%d'/>", i);
data/nted-1.10.18/mainwindow.cpp:7001:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ac_name, "open_recent_action_%d", i);
data/nted-1.10.18/mainwindow.cpp:7462:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8string[10];
data/nted-1.10.18/mainwindow.cpp:8901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/mainwindow.cpp:8910:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_num_str[128];
data/nted-1.10.18/mainwindow.cpp:8922:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_num_str, "_%d", page_nr);
data/nted-1.10.18/mainwindow.cpp:8954:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".png");
data/nted-1.10.18/mainwindow.cpp:8973:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".png");
data/nted-1.10.18/mainwindow.cpp:9041:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/mainwindow.cpp:9050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_num_str[128];
data/nted-1.10.18/mainwindow.cpp:9062:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_num_str, "_%d", page_nr);
data/nted-1.10.18/mainwindow.cpp:9094:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".svg");
data/nted-1.10.18/mainwindow.cpp:9113:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".svg");
data/nted-1.10.18/mainwindow.cpp:9129:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((svgfile = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:9185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/mainwindow.cpp:9219:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".ps");
data/nted-1.10.18/mainwindow.cpp:9237:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".ps");
data/nted-1.10.18/mainwindow.cpp:9253:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((psfile = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:9274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char the_filename[4096];
data/nted-1.10.18/mainwindow.cpp:9308:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".pdf");
data/nted-1.10.18/mainwindow.cpp:9326:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(the_filename, ".pdf");
data/nted-1.10.18/mainwindow.cpp:9342:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pdffile = fopen(the_filename, "w")) == NULL) {
data/nted-1.10.18/mainwindow.cpp:9372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/mainwindow.cpp:9606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/mainwindow.h:371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_current_filename[4096];
data/nted-1.10.18/measure.cpp:49:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_measure_number_str, "%d", num);
data/nted-1.10.18/measure.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_measure_number_str[8];
data/nted-1.10.18/midiexport.cpp:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aaa[128];
data/nted-1.10.18/midiexport.h:54:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char m_channel_pgms[16];
data/nted-1.10.18/midiimporter.cpp:93:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_parts[i].id, "part1");
data/nted-1.10.18/midiimporter.cpp:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/nted-1.10.18/midiimporter.cpp:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/nted-1.10.18/midiimporter.cpp:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/nted-1.10.18/midiimporter.cpp:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/nted-1.10.18/midirecorder.cpp:199:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_parts[i].id, "part1");
data/nted-1.10.18/musicxmlimport.cpp:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFLEN];
data/nted-1.10.18/musicxmlimport.cpp:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH - 20];
data/nted-1.10.18/musicxmlimport.cpp:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/musicxmlimport.cpp:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:814:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("Bad midi-programm number: %d"), im->m_current_part->midi_pgm);
data/nted-1.10.18/musicxmlimport.cpp:832:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("Bad midi channel number: %d"), im->m_current_part->midi_channel);
data/nted-1.10.18/musicxmlimport.cpp:850:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("Bad volume number: %d"), vol);
data/nted-1.10.18/musicxmlimport.cpp:868:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("Bad temo value: %d"), tempo);
data/nted-1.10.18/musicxmlimport.cpp:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:1146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:1151:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("unsupported time signature: %d/%d"), m_beats, m_beat_type);
data/nted-1.10.18/musicxmlimport.cpp:1158:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("unsupported time signature: %d/%d"), m_beats, m_beat_type);
data/nted-1.10.18/musicxmlimport.cpp:1172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:1177:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("unsupported key signature: %d"), m_keysig);
data/nted-1.10.18/musicxmlimport.cpp:1188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:1197:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("actual notes value %d is not allowed"), m_actual_notes);
data/nted-1.10.18/musicxmlimport.cpp:1202:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("actual notes value %d and normal-notes value %d is not allowed"),
data/nted-1.10.18/musicxmlimport.cpp:1233:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("unsupported note length: %d (divisions = %d)"), m_duration, m_current_part->divisions);
data/nted-1.10.18/musicxmlimport.cpp:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.cpp:1248:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, _("unsupported alter value %d"), m_alter);
data/nted-1.10.18/musicxmlimport.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_lyrics[MAX_LYRICS_LINES][DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_error_string[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.h:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_note_type[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.h:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pitch_name[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.h:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_octave_name[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/musicxmlimport.h:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_clefsign[DEFAULT_STRING_LENGTH];
data/nted-1.10.18/note.cpp:379:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedNote::setOffset(char offs_array[OFFS_ARRAY_SIZE]) {
data/nted-1.10.18/note.cpp:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs_array[OFFS_ARRAY_SIZE];
data/nted-1.10.18/note.cpp:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs_array[OFFS_ARRAY_SIZE];
data/nted-1.10.18/note.cpp:641:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned int NedNote::determineState(int pitch, int line, int half_offs, char offs_array[117], int keysig) {
data/nted-1.10.18/note.h:103:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void setOffset(char offs_array[OFFS_ARRAY_SIZE]);
data/nted-1.10.18/note.h:109:74: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned int determineState(int pitch, int line, int half_offs, char offs_array[115], int keysig);
data/nted-1.10.18/page.cpp:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/pangocairotext.cpp:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[1024], str2[1024];
data/nted-1.10.18/pangocairotext.cpp:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[1024], str2[1024];
data/nted-1.10.18/pangocairotext.cpp:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/pangocairotext.cpp:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[1024];
data/nted-1.10.18/pangocairotext.cpp:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cori, *ori, buf1[1024];
data/nted-1.10.18/pangocairotext.h:64:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char utf8code[4];
data/nted-1.10.18/resource.cpp:693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/resource.cpp:1231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[4096], *homedir;
data/nted-1.10.18/resource.cpp:1259:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "w")) == NULL) {
data/nted-1.10.18/resource.cpp:1359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[4096], *homedir;
data/nted-1.10.18/resource.cpp:1360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/nted-1.10.18/resource.cpp:1361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128];
data/nted-1.10.18/resource.cpp:1379:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "r")) == NULL) {
data/nted-1.10.18/resource.cpp:1387:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1393:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: client number expected", m_input_line);
data/nted-1.10.18/resource.cpp:1402:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1408:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: port number expected", m_input_line);
data/nted-1.10.18/resource.cpp:1417:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1423:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: client number expected", m_input_line);
data/nted-1.10.18/resource.cpp:1432:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1438:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: port number expected", m_input_line);
data/nted-1.10.18/resource.cpp:1447:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1453:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: print command expected", m_input_line);
data/nted-1.10.18/resource.cpp:1462:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1468:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: width size expected", m_input_line);
data/nted-1.10.18/resource.cpp:1477:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1483:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: height size expected", m_input_line);
data/nted-1.10.18/resource.cpp:1492:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1498:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: last folder expected", m_input_line);
data/nted-1.10.18/resource.cpp:1507:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1513:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: last xml file expected", m_input_line);
data/nted-1.10.18/resource.cpp:1522:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1528:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: last midi file expected", m_input_line);
data/nted-1.10.18/resource.cpp:1537:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: index of recent file expected", m_input_line);
data/nted-1.10.18/resource.cpp:1543:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: '=' expected", m_input_line);
data/nted-1.10.18/resource.cpp:1549:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: file name expected", m_input_line);
data/nted-1.10.18/resource.cpp:1558:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: m_toolboxX expected", m_input_line);
data/nted-1.10.18/resource.cpp:1564:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "cannot read config: line %d: m_toolboxY expected", m_input_line);
data/nted-1.10.18/resource.cpp:1902:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/resource.cpp:1931:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/resource.cpp:1959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/nted-1.10.18/resource.cpp:1987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/resource.cpp:2021:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[128];
data/nted-1.10.18/resource.cpp:2052:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/nted-1.10.18/resource.cpp:3901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Str[128], *cptr;
data/nted-1.10.18/resource.cpp:3926:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Str, "%d", WHOLE_NOTE / length);
data/nted-1.10.18/resource.h:772:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *m_recent_files[MAX_RECENT_FILES];
data/nted-1.10.18/resource.h:902:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_word_buffer[128];
data/nted-1.10.18/staff.cpp:1049:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedStaff::findAccidentals(char offs_array[115], NedMeasure *meas_info, unsigned long long midi_time, bool including) {
data/nted-1.10.18/staff.cpp:1295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/staff.h:105:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void findAccidentals(char offs_array[115], NedMeasure *meas_info, unsigned long long midi_time, bool including);
data/nted-1.10.18/staff.h:155:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char m_sharpPos[7][7];
data/nted-1.10.18/staff.h:156:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char m_flatPos[7][7];
data/nted-1.10.18/system.cpp:1602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/voice.cpp:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offs_array[115];
data/nted-1.10.18/voice.cpp:2831:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void NedVoice::findAccidentals(char offs_array[115], NedMeasure *meas_info, unsigned long long midi_time, bool including) {
data/nted-1.10.18/voice.cpp:2884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/voice.cpp:2977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/voice.cpp:3043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/voice.cpp:3121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/voice.cpp:3188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/nted-1.10.18/voice.cpp:3193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chordcode[128];
data/nted-1.10.18/voice.cpp:3204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ffamily[1024], xtext[1024], *xfamily;
data/nted-1.10.18/voice.cpp:3205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root_text[1024], down_text[1024], up_text[1024];
data/nted-1.10.18/voice.h:116:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void findAccidentals(char offs_array[115], NedMeasure *meas_info, unsigned long long midi_time, bool including);
data/nted-1.10.18/chordorrest.cpp:363:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == 0 || strlen(text) < 1) return;
data/nted-1.10.18/chordorrest.cpp:412:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == 0 || strlen(text) < 1) return;
data/nted-1.10.18/chordorrest.cpp:426:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == 0 || strlen(text) < 1) return;
data/nted-1.10.18/chordorrest.cpp:439:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 0; i < strlen(text); i++) {
data/nted-1.10.18/chordorrest.cpp:448:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 0; i < strlen(text); i++) {
data/nted-1.10.18/chordorrest.cpp:456:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 0; i < strlen(text); i++) {
data/nted-1.10.18/chordorrest.cpp:461:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == NULL || strlen(text) < 1) return;
data/nted-1.10.18/chordorrest.cpp:464:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 0; i < strlen(text); i++) {
data/nted-1.10.18/chordorrest.cpp:484:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == NULL || strlen(text) < 1) return;
data/nted-1.10.18/chordorrest.cpp:3499:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
roottext == NULL ? 0 : strlen(roottext), roottext == NULL ? "" : roottext,
data/nted-1.10.18/chordorrest.cpp:3500:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uptext == NULL ? 0 : strlen(uptext), uptext == NULL ? "" : uptext,
data/nted-1.10.18/chordorrest.cpp:3501:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
downtext == NULL ? 0 : strlen(downtext), downtext == NULL ? "" : downtext, fcn->getSize());
data/nted-1.10.18/chordorrest.cpp:3555:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
marker, ftext->getX(), ftext->getY(), strlen(ftext->getText()), ftext->getText(),
data/nted-1.10.18/chordorrest.cpp:3556:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ftext->m_font_family), ftext->m_font_family,
data/nted-1.10.18/chordorrest.cpp:3588:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
marker, fchord->getX(), fchord->getY(), strlen(fchord->getCode()), fchord->getCode(), fchord->getChordName(), fchord->getStatus());
data/nted-1.10.18/chordorrest.cpp:3778:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:3780:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, " ");
data/nted-1.10.18/chordorrest.cpp:3786:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:3788:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, " ");
data/nted-1.10.18/chordorrest.cpp:3831:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:4137:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:4139:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, " ");
data/nted-1.10.18/chordorrest.cpp:4145:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:4147:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, " ");
data/nted-1.10.18/chordorrest.cpp:4194:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:4202:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/chordorrest.cpp:4204:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, " ");
data/nted-1.10.18/chords/chorddialog.cpp:73:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m_user_selection, "C");
data/nted-1.10.18/chords/chordpainter.cpp:462:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/dialogs/chordnamedialog.cpp:124:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:128:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:133:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:173:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:181:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:183:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:189:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/chordnamedialog.cpp:191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/dialogs/lilypondexportdialog.cpp:86:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 0) {
data/nted-1.10.18/dialogs/lilypondexportdialog.cpp:96:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(foldername, cptr1, cptr2 - cptr1);
data/nted-1.10.18/dialogs/lyricseditor.cpp:192:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert(m_buffer[num], &iter, dotnewbuf, strlen(dotnewbuf));
data/nted-1.10.18/dialogs/lyricseditor.cpp:195:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert(m_buffer[num], &iter, dotbuf, strlen(dotbuf));
data/nted-1.10.18/dialogs/lyricseditor.cpp:202:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer, "\n");
data/nted-1.10.18/dialogs/lyricseditor.cpp:208:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, " ");
data/nted-1.10.18/dialogs/lyricseditor.cpp:209:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert(m_buffer[num], &iter, buffer, strlen(buffer));
data/nted-1.10.18/dialogs/lyricseditor.cpp:358:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, the_filename, cptr - the_filename);
data/nted-1.10.18/dialogs/lyricseditor.cpp:441:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, filename, cptr - filename);
data/nted-1.10.18/dialogs/lyricseditor.cpp:450:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/nted-1.10.18/dialogs/lyricseditor.cpp:459:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert(lyrics_editor->m_buffer[lyrics_editor->m_current_verse], &itr2, buffer, strlen(buffer));
data/nted-1.10.18/dialogs/midiimportdialog.cpp:135:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > 0) {
data/nted-1.10.18/dialogs/midiimportdialog.cpp:139:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > 0) {
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:149:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = (cptr != NULL && strlen(cptr) > 0);
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:156:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cptr != NULL && strlen(cptr) > 0) {
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:167:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = (cptr != NULL && strlen(cptr) > 0);
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:174:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cptr != NULL && strlen(cptr) > 0) {
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:185:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = (cptr != NULL && strlen(cptr) > 0);
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:192:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cptr != NULL && strlen(cptr) > 0) {
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:202:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = (cptr != NULL && strlen(cptr) > 0);
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:209:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cptr != NULL && strlen(cptr) > 0) {
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:220:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = (cptr != NULL && strlen(cptr) > 0);
data/nted-1.10.18/dialogs/scoreinfodialog.cpp:227:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cptr != NULL && strlen(cptr) > 0) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:425:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (main_window->m_staff_contexts[i].m_staff_name != NULL && strlen(main_window->m_staff_contexts[i].m_staff_name->getText()) > 0) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:665:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) < 1) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:676:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newname != NULL && strlen(newname) > 0) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:691:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newshortname != NULL && strlen(newshortname) > 0) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:698:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newgroupname) < 1) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:709:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newgroupname != NULL && strlen(newgroupname) > 0) {
data/nted-1.10.18/dialogs/staffcontextdialog.cpp:724:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newshortgroupname != NULL && strlen(newshortgroupname) > 0) {
data/nted-1.10.18/dialogs/staffselectdialog.cpp:54:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (main_window->m_staff_contexts[i].m_staff_name != NULL && strlen(main_window->m_staff_contexts[i].m_staff_name->getText()) > 0) {
data/nted-1.10.18/dialogs/textdialog.cpp:261:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/freechordname.cpp:48:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (roottext != NULL && strlen(roottext) > 0) {
data/nted-1.10.18/freechordname.cpp:51:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uptext != NULL && strlen(uptext) > 0) {
data/nted-1.10.18/freechordname.cpp:54:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (downtext != NULL && strlen(downtext) > 0) {
data/nted-1.10.18/freechordname.cpp:62:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (roottext != NULL && strlen(roottext) > 0) {
data/nted-1.10.18/freechordname.cpp:65:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uptext != NULL && strlen(uptext) > 0) {
data/nted-1.10.18/freechordname.cpp:68:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (downtext != NULL && strlen(downtext) > 0) {
data/nted-1.10.18/freechordname.cpp:77:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (roottext != NULL && strlen(roottext) > 0) {
data/nted-1.10.18/freechordname.cpp:80:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uptext != NULL && strlen(uptext) > 0) {
data/nted-1.10.18/freechordname.cpp:83:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (downtext != NULL && strlen(downtext) > 0) {
data/nted-1.10.18/freechordname.cpp:143:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newroottext) > 0) {
data/nted-1.10.18/freechordname.cpp:148:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newuptext) > 0) {
data/nted-1.10.18/freechordname.cpp:153:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newdowntext) > 0) {
data/nted-1.10.18/freechordname.cpp:221:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (roottext != NULL && strlen(roottext) > 0) {
data/nted-1.10.18/freechordname.cpp:228:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uptext != NULL && strlen(uptext) > 0) {
data/nted-1.10.18/freechordname.cpp:235:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (downtext != NULL && strlen(downtext) > 0) {
data/nted-1.10.18/freetext.cpp:82:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((nfamily = (char *) g_try_malloc(strlen(m_font_family) + 1)) == NULL) {
data/nted-1.10.18/freetext.cpp:121:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newtext) > 0) {
data/nted-1.10.18/freetext.cpp:198:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text != NULL && strlen(text) > 0) {
data/nted-1.10.18/freetext.cpp:227:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(LILYSEGNO) - 1;
data/nted-1.10.18/freetext.cpp:233:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(LILYCODA) - 1;
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2371:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pitch_tab[i-4]) > 1) {
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2563:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pitch_tab[i-4]) > 1) {
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2692:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"ABC", strlen("ABC"));
data/nted-1.10.18/idiotseditor/idiotseditor.cpp:2833:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pitch_tab[i-4]) > 1) {
data/nted-1.10.18/mainwindow.cpp:817:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, fname, cptr - fname);
data/nted-1.10.18/mainwindow.cpp:1036:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->title != NULL && strlen(m_score_info->title->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:1039:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->subject != NULL && strlen(m_score_info->subject->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:1042:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->composer != NULL && strlen(m_score_info->composer->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:1045:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->arranger != NULL && strlen(m_score_info->arranger->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:1048:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->copyright != NULL && strlen(m_score_info->copyright->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:1903:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (staff_name != NULL && strlen(staff_name) > 0) {
data/nted-1.10.18/mainwindow.cpp:1922:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (staff_short_name != NULL && strlen(staff_short_name) > 0) {
data/nted-1.10.18/mainwindow.cpp:1941:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (group_name != NULL && strlen(group_name) > 0) {
data/nted-1.10.18/mainwindow.cpp:1960:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (group_short_name != NULL && strlen(group_short_name) > 0) {
data/nted-1.10.18/mainwindow.cpp:2634:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(textptr) > 0) {
data/nted-1.10.18/mainwindow.cpp:3011:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, the_filename, cptr - the_filename);
data/nted-1.10.18/mainwindow.cpp:3042:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->title != NULL && strlen(m_score_info->title->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:3045:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->subject != NULL && strlen(m_score_info->subject->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:3048:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->composer != NULL && strlen(m_score_info->composer->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:3051:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->arranger != NULL && strlen(m_score_info->arranger->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:3054:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->copyright != NULL && strlen(m_score_info->copyright->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:3073:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(m_staff_contexts[i].m_staff_name->getText()) < 1) {
data/nted-1.10.18/mainwindow.cpp:3077:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "NAME: %zd %s\n", strlen(m_staff_contexts[i].m_staff_name->getText()), m_staff_contexts[i].m_staff_name->getText());
data/nted-1.10.18/mainwindow.cpp:3082:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(m_staff_contexts[i].m_staff_short_name->getText()) < 1) {
data/nted-1.10.18/mainwindow.cpp:3086:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "NAME_SHORT_NAME: %zd %s\n", strlen(m_staff_contexts[i].m_staff_short_name->getText()), m_staff_contexts[i].m_staff_short_name->getText());
data/nted-1.10.18/mainwindow.cpp:3091:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(m_staff_contexts[i].m_group_name->getText()) < 1) {
data/nted-1.10.18/mainwindow.cpp:3095:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "GROUP_NAME: %zd %s\n", strlen(m_staff_contexts[i].m_group_name->getText()), m_staff_contexts[i].m_group_name->getText());
data/nted-1.10.18/mainwindow.cpp:3100:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(m_staff_contexts[i].m_group_short_name->getText()) < 1) {
data/nted-1.10.18/mainwindow.cpp:3104:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "GROUP_SHORT_NAME: %zd %s\n", strlen(m_staff_contexts[i].m_group_short_name->getText()), m_staff_contexts[i].m_group_short_name->getText());
data/nted-1.10.18/mainwindow.cpp:3757:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->title != NULL && strlen(m_score_info->title->getText()) > 1) {
data/nted-1.10.18/mainwindow.cpp:3761:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->subject != NULL && strlen(m_score_info->subject->getText()) > 1) {
data/nted-1.10.18/mainwindow.cpp:3765:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->composer != NULL && strlen(m_score_info->composer->getText()) > 1) {
data/nted-1.10.18/mainwindow.cpp:3769:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->arranger != NULL && strlen(m_score_info->arranger->getText()) > 1) {
data/nted-1.10.18/mainwindow.cpp:3773:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_score_info->copyright != NULL && strlen(m_score_info->copyright->getText()) > 1) {
data/nted-1.10.18/mainwindow.cpp:3894:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_staff_contexts[i].m_staff_name != NULL && strlen(m_staff_contexts[i].m_staff_name->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:3897:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_staff_contexts[i].m_staff_short_name != NULL && strlen(m_staff_contexts[i].m_staff_short_name->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:5215:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, filename, cptr - filename);
data/nted-1.10.18/mainwindow.cpp:6133:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) < 1) return;
data/nted-1.10.18/mainwindow.cpp:6139:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(folder) > 0) {
data/nted-1.10.18/mainwindow.cpp:6195:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) < 1) return;
data/nted-1.10.18/mainwindow.cpp:6369:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, filename, cptr - filename);
data/nted-1.10.18/mainwindow.cpp:6515:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (im->m_parts[i].name != NULL && strlen(im->m_parts[i].name) > 0) {
data/nted-1.10.18/mainwindow.cpp:6967:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathfoldername, NedResource::m_recent_files[idx], cptr - NedResource::m_recent_files[idx]);
data/nted-1.10.18/mainwindow.cpp:7011:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_recentFileMergeId = gtk_ui_manager_add_ui_from_string(m_ui_manager, Str, strlen(Str), &error);
data/nted-1.10.18/mainwindow.cpp:7697:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (main_window->m_score_info->title != NULL && strlen(main_window->m_score_info->title->getText()) > 0) {
data/nted-1.10.18/mainwindow.cpp:7723:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (main_window->m_score_info->title != NULL && strlen(main_window->m_score_info->title->getText()) > 0) {
data/nted-1.10.18/midiexport.cpp:193:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeByte(0xff); writeByte(META_TRACK_NAME); writeByte(strlen(s));
data/nted-1.10.18/midiexport.cpp:202:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeByte(0xff); writeByte(META_TEXT); writeByte(strlen(s));
data/nted-1.10.18/midiexport.cpp:435:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen = strlen(((MidiEventStruct *) lptr2->data)->note->getChord()->getLyrics(lyrics_idx));
data/nted-1.10.18/midiexport.cpp:442:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen += strlen(((MidiEventStruct *) lptr2->data)->note->getChord()->getLyrics(lyrics_idx));
data/nted-1.10.18/midiimporter.cpp:225:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sbyte = getc(fp);
data/nted-1.10.18/midiimporter.cpp:236:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((type = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:288:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:292:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data2 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:319:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:323:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data2 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:334:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:338:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data2 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:345:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:349:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data2 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:357:43: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((m_current_midi_instrument[chan] = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:367:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:374:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:378:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data2 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:387:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:391:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data2 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:398:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((data1 = getc(fp)) == EOF) {
data/nted-1.10.18/midiimporter.cpp:428:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((the_val = getc(fp)) & 0x80) {
data/nted-1.10.18/midiimporter.cpp:436:37: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
the_val = (the_val << 7) + ((c = getc(fp)) & 0x7F);
data/nted-1.10.18/midiimporter.cpp:449:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c[i] = getc(fp);
data/nted-1.10.18/midiimporter.cpp:462:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c[i] = getc(fp);
data/nted-1.10.18/musicxmlimport.cpp:152:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Str, m_error->message, DEFAULT_STRING_LENGTH - 20 - 1);
data/nted-1.10.18/pangocairotext.cpp:166:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == NULL || strlen(text) < 1) {
data/nted-1.10.18/pangocairotext.cpp:172:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_text[strlen(m_text) - 1] == '-') {
data/nted-1.10.18/pangocairotext.cpp:174:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_text[strlen(m_text) - 1] = '\0';
data/nted-1.10.18/pangocairotext.cpp:247:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text != NULL && strlen(text) > 0) {
data/nted-1.10.18/pangocairotext.cpp:251:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_text[strlen(m_text) - 1] == '-') {
data/nted-1.10.18/pangocairotext.cpp:253:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_text[strlen(m_text) - 1] = '\0';
data/nted-1.10.18/pangocairotext.cpp:260:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(m_text) < 1) {
data/nted-1.10.18/pangocairotext.cpp:309:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(m_text) < 1) {
data/nted-1.10.18/pangocairotext.cpp:332:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (other_text == NULL || strlen(other_text) < 1) {
data/nted-1.10.18/pangocairotext.cpp:333:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !(m_text == NULL || strlen(m_text) < 1);
data/nted-1.10.18/pangocairotext.cpp:335:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (m_measure_text == NULL || strlen(m_measure_text) < 1) return true;
data/nted-1.10.18/pangocairotext.cpp:391:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text == NULL || strlen(text) < 1) return;
data/nted-1.10.18/pangocairotext.cpp:406:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_cursor_idx = strlen(m_measure_text);
data/nted-1.10.18/pangocairotext.cpp:432:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (old_cursor_idx < strlen(m_measure_text)) {
data/nted-1.10.18/pangocairotext.cpp:438:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str1, m_text, m_cursor_idx);
data/nted-1.10.18/pangocairotext.cpp:444:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (old_cursor_idx < strlen(m_measure_text)) {
data/nted-1.10.18/pangocairotext.cpp:450:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str1, m_text, m_cursor_idx);
data/nted-1.10.18/pangocairotext.cpp:492:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int ll = strlen(m_measure_text);
data/nted-1.10.18/pangocairotext.cpp:654:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(cptr2, utf8_ptr->short_chars, strlen(utf8_ptr->short_chars))) {
data/nted-1.10.18/pangocairotext.cpp:662:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_src = strlen(utf8_ptr->short_chars) + 1;
data/nted-1.10.18/pangocairotext.cpp:664:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cptr3 = cptr + strlen(cptr) + (len_dest - len_src); cptr3 >= cptr + (len_dest - len_src); cptr3--) {
data/nted-1.10.18/resource.cpp:507:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_file_name = new char[strlen(fontdir) + strlen("/") + strlen(FONTFILE) + 1];
data/nted-1.10.18/resource.cpp:507:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_file_name = new char[strlen(fontdir) + strlen("/") + strlen(FONTFILE) + 1];
data/nted-1.10.18/resource.cpp:507:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_file_name = new char[strlen(fontdir) + strlen("/") + strlen(FONTFILE) + 1];
data/nted-1.10.18/resource.cpp:1240:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fname, "/");
data/nted-1.10.18/resource.cpp:1257:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fname, "/");
data/nted-1.10.18/resource.cpp:1375:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fname, "/");
data/nted-1.10.18/resource.cpp:1377:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fname, "/");
data/nted-1.10.18/resource.cpp:1727:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(fp)) == '\n') m_input_line++;
data/nted-1.10.18/resource.cpp:3319:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(subtime(&m_expected_time, &now));
data/nted-1.10.18/resource.cpp:3928:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(Str, ".");
data/nted-1.10.18/voice.cpp:3379:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((xfamily = (char *) g_try_malloc(strlen(ffamily) + 1)) == NULL) {
data/nted-1.10.18/voice.cpp:3477:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(buffer, "LINE_", strlen("LINE_"))) {
ANALYSIS SUMMARY:
Hits = 699
Lines analyzed = 74640 in approximately 2.66 seconds (28075 lines/second)
Physical Source Lines of Code (SLOC) = 61036
Hits@level = [0] 645 [1] 194 [2] 280 [3] 3 [4] 222 [5] 0
Hits@level+ = [0+] 1344 [1+] 699 [2+] 505 [3+] 225 [4+] 222 [5+] 0
Hits/KSLOC@level+ = [0+] 22.0198 [1+] 11.4523 [2+] 8.27381 [3+] 3.68635 [4+] 3.6372 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.