Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gbgetsymbol.c
Examining data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c
Examining data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.h
Examining data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c
Examining data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.h
Examining data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c
Examining data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c
Examining data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shapefil.h
Examining data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c
Examining data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_info/ogdi_info.c
Examining data/ogdi-dfsg-4.1.0+ds/include/Linux/ogdi_macro.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_xdr.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_xdrz.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsdist.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsgeo.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecslist.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecssplit.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecstile.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/matrix.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/matrix.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/datadict.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/network/ecs_clnt.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/network/remote.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/network/sun/ecs_clnt.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/datadict.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/object.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/datadict.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/datainfo.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/open.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/utils.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/datadict.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/open.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrfswq.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/examples/example1/example1.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/examples/example2/example2.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/ecs_sif.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/ecs_svc.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/asyncsvr.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_sif.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_svc.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/dirent.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/getglenv.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/glutil.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/status_d.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/ecs.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/ecs_util.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_clnt.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_svc.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_util.h
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_xdr.c
Examining data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/coorgeom.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/coorgeom.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/get_feat.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/get_feat.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/arc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/arc_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/arc_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/arcdef.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/arcfunc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/bmp.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/cb_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/cb_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/cc1_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/cli_sr_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/cli_sr_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/color_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/color_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/datum_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/datum_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/dtcc_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/dtcc_dn.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/dtcc_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/dtcc_fn.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/help_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/i_stat.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/ibrowse.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/inifunc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/link.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/mapdoc_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/mapdoc_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/mgm_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/mgm_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/muse.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/muse1.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/muse_ask.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/muse_ipc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/muse_sql.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/museapi.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/museconv.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/musedfun.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/musedir.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/musepacy.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/museras.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/musesys.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/phigs.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/phigs_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/phigs_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/pnt_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/pntappl.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/pntgui_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/print_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/reduce2.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/setup.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sql_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sunras_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sunras_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sunrast.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sunrdef.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/sunrfunc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/system_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/system_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/tifffunc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/ts_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/ts_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/valid_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/vec_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/vec_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/vector.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/view.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/view_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/view_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_f.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/include/machine.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/linklist.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/linklist.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/reduce2.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/set.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/set.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vec_d.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpf.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfdproj.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfio.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprim.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprim.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfproj.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfview.h
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c
Examining data/ogdi-dfsg-4.1.0+ds/vpflib/xvt.h
FINAL RESULTS:
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:307:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Invalid layer %s",sel->Select);
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:613:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line, " <SRS>PROJ4:%s</SRS>\n",
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c:112:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szPath, "%s%c%s",
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c:119:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szPath,
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c:127:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( szPath, papszSOFilenames[iSOFile] );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:271:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszFilename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:281:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.dbf", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:288:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.DBF", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:447:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszFilename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:457:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.dbf", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:896:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szSField, szFormat, (int) *((double *) pValue) );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:912:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szSField, szFormat, *((double *) pValue) );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:216:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s.shp", out_file );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:230:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s.dbf", out_file );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:520:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s.aux", out_file );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:523:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s.raw", out_file );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:631:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s.aux", out_file );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:634:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s.raw", out_file );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszLayer );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:361:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shp", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:365:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.SHP", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:372:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shx", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:376:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.SHX", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:583:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszLayer );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:596:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shp", pszBasename );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:601:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shx", pszBasename );
data/ogdi-dfsg-4.1.0+ds/include/Linux/ogdi_macro.h:43:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ZF = system(fp); \
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:416:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*attr)[i].name,name);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:525:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(theKey,attribute_list[i]);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:585:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&(buffer[strlen(buffer)]),"{%s} ",buffer2);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:587:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&(buffer[strlen(buffer)]),"%s ",buffer2);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:597:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(apriv->attributes,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:278:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cln->url,URL);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:1550:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cln->tclprocname, tclproc);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:1875:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retstring,soc[i]->url);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:2025:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NewCache->coverage.Select,ls->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:2745:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error,
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:87:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf( buffer, fmt, args );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:518:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cln->server_version_str, pi.version );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:72:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,libname);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:97:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp,MODULES_PATH "%s",libname);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:105:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp,MODULES_PATH "lib%s.so",libname);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:115:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,libname);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:172:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,functionname);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:124:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->message,error_message);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:350:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->res.ecs_ResultUnion_u.dob.Id,id);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:394:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->res.ecs_ResultUnion_u.dob.attr,attr);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:480:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ECSRESULT(r).s, text);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:525:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ECSRESULT(r).s, temp);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:526:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ECSRESULT(r).s, text);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:647:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->label,label);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:737:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->name,name);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:840:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ECSGEOM(r).text.desc,desc);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1686:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newobj->Id,obj->Id);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1691:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newobj->attr,obj->attr);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1752:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newobj->Id,obj->Id);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1757:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newobj->attr,obj->attr);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1999:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy->desc,source->desc);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:228:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp,url);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:267:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, &dir[i+1]);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:273:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(directory,dir);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:346:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(indexfile, directory);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:349:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(indexfile, DEFAULTS_INDEX_FILE);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:535:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(indexfile, directory);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:570:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*result, value);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecssplit.c:89:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*path, url + i);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.c:149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, pattern);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.c:175:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dp -> _d_entry, s);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:215:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->url,url);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:251:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Could not find the dynamic library \"%s\"",s->server_type);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:295:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"A memory error occurred when creating the server for the URL \"%s\"", url);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:632:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,ls->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:958:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,ECSOBJECTATTR(msg));
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:960:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,attributes);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1270:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,ptr->label);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1272:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,attributes);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1471:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,ECSOBJECTATTR(msg));
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1473:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,attributes);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1833:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->layer[s->nblayer].sel.Select,sel->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2035:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"rm -r %s",path);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2136:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2142:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(layer,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2175:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(drivertype,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2181:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(informationSource,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2187:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2193:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(passwrd,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2199:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(request,chaine);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2494:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->url,url);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2495:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->layer,layer);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2497:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->DriverType,drivertype);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2498:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->InformationSource,infosource);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2499:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->UserDescription,userdesc);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2500:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->AutorizationDescription,autorization);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2501:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr->SelectionRequest,request);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2617:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,character);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2785:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp,character);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2962:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(l->AttrRequest,ptr[count-1]+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2971:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l->AttrRequest,request);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3199:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribute_list[i],ECSOBJECT(msg).Id);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3212:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribute_list[i],argv[l->SelectionAttributeList[i]]);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3337:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribute_list[i],temp);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3345:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribute_list[i],ptr->label);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->imgdir,s->pathname+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:120:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->imgdir,s->pathname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:153:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->genfilename,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:155:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(spriv->genfilename,structure->d_name);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:209:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:211:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,spriv->overview.imgfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:215:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:218:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,spriv->overview.imgfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:221:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:224:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,spriv->overview.imgfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:381:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lpriv->imgfilename,sel->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:393:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:395:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,lpriv->imgfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:400:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:403:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,lpriv->imgfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:407:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,spriv->imgdir);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:410:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer,lpriv->imgfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:473:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Invalid layer %s",sel->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:731:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lpriv->imgfilename,spriv->layer_list[i]);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:745:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line, " <Name>%s</Name>\n",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:749:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line, " <SRS>PROJ4:%s</SRS>\n", PROJ_LONGLAT );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/network/remote.c:294:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Invalid layer %s",ls->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:107:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->pathname,s->pathname+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:109:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->pathname,s->pathname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:442:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Invalid layer %s",sel->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:911:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s@%s@%s@%s@%d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:929:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line, " <Name>%s</Name>\n", result );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:934:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line, " <SRS>PROJ4:%s</SRS>\n", PROJ_LONGLAT );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:974:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s@%s@%s@%s@%d",toc->entries[i].scale,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:1003:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( emsg, "RPF driver UpdateDictionary(%s) unsupported.", info );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:73:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char *access )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:83:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s%s", dir, file );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:85:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( filename, "%s%c%s", dir, DIR_CHAR, file );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:88:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fp = fopen( filename, access );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:98:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fp = fopen( filename, access );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:109:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fp = fopen( filename, access );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:211:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,l->sel.Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:511:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( framefile, "%s%s", dir,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:514:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( framefile, "%s%c%s", dir, DIR_CHAR,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:806:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "parsetoc: Can't open %s",RGPF_TOC);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1156:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(frame->directory,&directory[2]);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1307:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"Can't open %s",filename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1608:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"Can't open frame file %s",filename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:2011:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"Can't open frame file %s",filename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:2094:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"Can't open frame file %s",filename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c:455:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer,s->result.message);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c:511:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Invalid layer %s",sel->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1624:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1635:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,ptr1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1650:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%20s",temp6); /*dap Changed %c to %20s*/
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1652:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1664:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,ptr1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1678:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1690:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1702:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1714:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returnString,buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:803:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/fac",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:806:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/FAC",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:810:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/edg",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:813:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/EDG",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:817:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/rng",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:820:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/RNG",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:824:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/fbr",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:827:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/FBR",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:832:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->primitiveTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:834:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/edg",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:836:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/EDG",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:839:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/rng",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:841:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/RNG",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:844:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fbr",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:846:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/FBR",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:865:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->primitiveTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:867:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/edg",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:869:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/EDG",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:872:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/rng",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:874:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/RNG",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:877:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fbr",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:879:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/FBR",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1181:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/%s",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1184:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/ebr",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1187:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/EBR",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1192:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->primitiveTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1194:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/ebr",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1196:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/EBR",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1215:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->primitiveTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1217:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/ebr",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1219:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/EBR",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1510:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/%s",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1514:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1529:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1819:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s/%s",spriv->library,lpriv->coverage,spriv->tile[tile_id-1].path,lpriv->primitiveTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1821:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/txt",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1823:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/TXT",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1841:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->primitiveTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:356:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( swq_error,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:399:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( op->string_value, tokens[*tokens_consumed] );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:410:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( swq_error,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:196:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer,SYNTAXERRORMESSAGE,request);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:208:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*coverage, arobase + 1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:211:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer,SYNTAXERRORMESSAGE,s->pathname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:219:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer,SYNTAXERRORMESSAGE,s->pathname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:404:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fcs",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/FCS",spriv->library,lpriv->coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:443:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempfilename,lpriv->fclass);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:444:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempfilename,extJointTables[j]);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:445:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,tempfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:494:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lpriv->joinTableName,tempfilename);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:545:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/cat",spriv->library);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:547:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/CAT",spriv->library);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:581:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = vsprintf(temp, format, ap);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:583:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, temp);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:634:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s%sdht",spriv->database,separator);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:762:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s%slht",spriv->library,separator);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:887:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s%sgrt",spriv->library,separator);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:986:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s%sdqt",spriv->library,separator);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1210:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fcs",spriv->library,covname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1217:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fca",spriv->library,covname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1230:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szErrorMessage, "Can't open the FCS table of '%s', invalid VRF coverage",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1312:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s%s%s%s%s.vdt",spriv->library,separator,covname,separator,tab[j]);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1349:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %s = %s \n",tval,des_buf);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1357:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %12ld = %s \n",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1368:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %12ld = %s \n",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1377:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %12f = %s \n",fval,des_buf);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1489:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/tileref/tileref.aft",spriv->library);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1491:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/TILEREF/TILEREF.AFT",spriv->library);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1526:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/tileref/fbr",spriv->library);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1528:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/TILEREF/FBR",spriv->library);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1612:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fcs",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1614:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/FCS",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1647:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (list[count], name);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1663:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (list[count], name);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1753:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"FEATURE CLASS: %s \nCOVERAGE : %s \n",fclass,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1762:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fcs",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1764:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/FCS",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1790:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,coverage,featureTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1819:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %s - %s \n",ft.header[i].name,ft.header[i].description);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1827:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp,"%s\\%s",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1830:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp2,temp);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1832:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp2,ft.header[i].vdt);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1862:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %s = %s \n",tval,des_buf);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1869:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %12d = %s \n",ival,des_buf);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1876:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %d = %s \n",sintval,des_buf);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1883:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer," %12f = %s \n",fval,des_buf);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1906:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp,"%s%s",ft.path,ft.narrative);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1920:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s\n",line);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1986:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1994:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1999:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:2042:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/fcs",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:2044:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/FCS",spriv->library,coverage);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:174:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->library,&(s->pathname[1]));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:176:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->library,s->pathname);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:184:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spriv->libname,&(spriv->library[i+1]));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:205:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/lat",spriv->database);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:207:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/LAT",spriv->database);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:409:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->joinTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:490:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->featureTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:505:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s/%s/%s",spriv->library,lpriv->coverage,lpriv->joinTableName);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:615:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"Invalid layer %s",sel->Select);
data/ogdi-dfsg-4.1.0+ds/ogdi/examples/example2/example2.c:26:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
errin = scanf("%s",url);
data/ogdi-dfsg-4.1.0+ds/ogdi/examples/example2/example2.c:32:11: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
errin = scanf("%s",layerSelection);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:128:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(argv[1],"%s",str1);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:376:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp,"%s %d",argv0, newprogramno);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:451:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp,"%s %ld &",argv0, newprogramno);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/asyncsvr.c:34:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(argv[1],"%s",str1);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_svc.c:38:3: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_ERR, msg);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_svc.c:42:2: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_ERR, msg);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/dirent.c:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, pattern);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/dirent.c:161:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dp -> _d_entry, s);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:59:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"rm -r %s",path);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:168:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(path, 0) != 0)
data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_svc.c:38:3: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_ERR, msg);
data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_svc.c:42:2: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(LOG_ERR, msg);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:789:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s %d %s %s", proc, ClientID, ObjID, tclvar);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:802:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s %d %s{} {}", proc, ClientID, tclvar);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:54:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
acc = access(path, 0);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:70:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest_path, src_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:135:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_path, dest_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:139:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest_path, tmp_dest_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:144:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_path, dest_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:148:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest_path, tmp_dest_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:194:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathext, path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:360:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathext, path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:371:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
acc = access(real_path, amode);
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:136:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (copy, str);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:101:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.database->path, params->db_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:102:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.database->path, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:103:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.database->name, params->db_name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:104:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.database->library->name, params->lib_name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:116:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.database->library->path, view.database->path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:117:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.database->library->path, view.database->name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:118:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.database->library->path, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:119:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.database->library->path, view.database->library->name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:120:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.database->library->path, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:125:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.path, view.database->path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:126:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.path, view.database->name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:149:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.theme->database, view.database->path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:150:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
view.theme->database = strcat
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:161:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.theme->library, view.database->library->name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:171:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.theme->coverage, params->cov_name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:181:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.theme->expression, params->expression);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:191:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.theme->fc, params->fclass);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:202:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (view.theme->ftable, view.theme->database);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:203:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.theme->ftable, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:204:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.theme->ftable, view.theme->library);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:205:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.theme->ftable, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:206:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.theme->ftable, view.theme->coverage);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:207:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.theme->ftable, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:208:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (view.theme->ftable, view.theme->fc);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:369:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (libpath, view->theme->database);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:370:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (libpath, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:371:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (libpath, view->theme->library);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:372:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (libpath, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:374:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (covpath, libpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:375:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (covpath, view->theme->coverage);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:376:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (covpath, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:383:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:409:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, view->theme->ftable);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:474:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, view->theme->fc);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:478:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:507:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ptype, primtype);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:519:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:520:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, ptype);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:535:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:546:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:547:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, ptype);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:563:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, libpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:565:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:610:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ftable, &view->theme->ftable[j+1]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:612:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ftable, view->theme->ftable);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:652:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tiledir, buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:656:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (tiledir, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:667:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:668:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:669:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, ptype);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:799:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:800:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:804:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:805:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:809:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:810:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1206:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1207:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1208:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, spxname[primclass]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1221:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1222:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1223:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, brname[primclass]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1309:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, lib_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1311:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1340:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, lib_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1342:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, sep);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1474:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1475:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, ptable[primclass]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1508:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1509:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fit.header[TILE_ID_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1539:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1540:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fit.header[FC_ID_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:86:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, browse->path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:128:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "NAME: %s", table.name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:133:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, table.description);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:140:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, table.narrative);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:173:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&string[ strlen (string)], " <%s>", table.header[i].name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:177:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&string[ strlen (string)], "<%s>", table.header[i].description);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:178:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&string[ strlen (string)], "<%s>", table.header[i].vdt);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:179:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&string[ strlen (string)], "<%s>", table.header[i].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:180:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (&string[ strlen (string)], "<%s>", table.header[i].narrative);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:227:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "<%s>", buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:429:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "<%s>", date);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:445:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (temp, "<%s>", date);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:789:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Table_name: %s", name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:792:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Column_name: %s", col);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:795:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Unused_field: %s", unused);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:823:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "Elt: %s Offset: %ld Nr_records: %ld",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:912:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%d Count: %ld %s: ", (i+1), count[i], col);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:937:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (string, "%d Count: %ld %s: ", (i+1), count[i], col);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:999:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (string, temp);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:1006:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (string, temp);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprim.c:1430:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( path, covpath );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprim.c:1431:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, tiledir);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprim.c:1432:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, brname[pclass]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:114:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,filename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:146:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,filepath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:198:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,dbpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:200:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:201:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("LAT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:275:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,dbpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:278:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:279:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("DHT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:349:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,database_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:352:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:353:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lib,library);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:355:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case(lib));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:356:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:357:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("LHT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:426:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,database_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:429:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:430:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("LAT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:559:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:562:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:563:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("LHT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:656:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:659:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:660:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("CAT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:750:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:753:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:754:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("CAT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:849:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:919:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fcnames[j], "%s%c%s",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:992:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:996:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:997:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("TILEREF"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:998:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:999:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("FBR"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1001:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbpath,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1147:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1151:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1152:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("GRT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1242:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char*) proj.name, (char*)projection_names[proj.code]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1353:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1356:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1357:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("CAT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1470:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(covpath,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1473:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1474:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,os_case(coverage));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1476:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1479:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1480:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("FCS"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1548:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fcnames[j],fc);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1599:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1602:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1603:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("CAT"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1705:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1708:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1709:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case(coverage));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1711:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1714:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("FCA"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1801:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(desc,table.description);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1847:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,fctable);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1871:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (description, table.description);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1929:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(covpath,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1932:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1933:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,os_case(coverage));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1935:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1938:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fctable,covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1940:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1941:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("FCS"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1992:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fctable, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1993:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fctable, os_case (table1));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1998:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fctable, os_case (table1));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2075:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(covpath,library_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2078:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2079:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,os_case(coverage));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2081:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(covpath,OS_SEPARATOR_STRING);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2084:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2085:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,os_case("FCS"));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2253:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2263:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2333:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2341:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2401:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2409:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2511:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2514:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2577:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2587:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2658:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,table);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2666:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locname,end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:209:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (token, expr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:498:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (orig_expression, expression);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:513:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fieldname[i], table.header[i].name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:552:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expr.value,token);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:735:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str1,val1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:737:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2,val2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:799:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szMessage, "Repeat count for field %d of record %d of table %s is %d\n",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:802:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szMessage, "Repeat count for field %d of record %d of table %s is %d\n",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:841:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(row[i].ptr,tptr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1058:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(row[i].ptr,origrow[i].ptr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1529:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)retvalue,tptr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1532:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)retvalue,tptr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:127:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qstr,"FEATURE_CLASS = %s AND TABLE1 = %s",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:183:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expr,"FEATURE_CLASS = %s AND TABLE1 = %s",fcname,start_table);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:222:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.table1,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:227:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.key1,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:232:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.table2,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:237:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (rstruct.key2,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:245:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tablename, rstruct.table2 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:246:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prevstr, rstruct.table1 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:254:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expr,"FEATURE_CLASS = %s AND TABLE1 = %s AND TABLE2 <> %s",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:269:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.table1,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:274:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.key1,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:279:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.table2,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:284:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstruct.key2,buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:294:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tablename, rstruct.table2 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:295:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( prevstr, rstruct.table1 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:372:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, table2.path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:379:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, table2.header[KEY2_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:407:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, table2.path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:414:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, table2.header[TILE_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:444:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (keystring, (char*)keyval1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:592:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, table2.path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:601:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, table2.header[KEY2_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:632:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,table2.path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:640:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, table2.header[TILE_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:671:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (keystring, (char*)keyval1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:798:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( path, "%sfcs", covpath );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:851:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:852:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, rcell.table1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:870:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:871:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, rcell.table2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:115:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:116:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, ptable[primclass]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:147:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:148:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fit.header[TILE_ID_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:177:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, covpath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:178:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fit.header[FC_ID_].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:582:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (table->header[i].nullval.Date, NULLDATE);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:631:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (table->header[i].tdx, tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:658:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (table->header[i].narrative, doc);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:754:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy,filename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:813:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tablepath,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:829:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(table.path, tablepath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:900:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idxname,tablepath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1368:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fmtdate,"%s/%s/%s %s:%s:%s", month, day, year, hour, mn, sec);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:474:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( h.vpf_column_name, strupr ( columnname )) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:481:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hack,"Error opening %s\n",tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:501:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hack,"Invalid column name (%s) for %s",columnname,tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1239:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( hack, "No such index < %s >", idxname ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1362:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( hack, "No such index < %s >", idxname ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:633:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( str, value );
data/ogdi-dfsg-4.1.0+ds/vpflib/xvt.h:35:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define xvt_note printf
data/ogdi-dfsg-4.1.0+ds/vpflib/xvt.h:41:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define xvt_fatal printf
data/ogdi-dfsg-4.1.0+ds/vpflib/xvt.h:44:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define xvt_error printf
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gbgetsymbol.c:121:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
pLibrary = LoadLibrary(pszLibrary);
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c:117:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( pfnTest == NULL && getenv( "GDAL_HOME" ) != NULL )
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c:120:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"%s%c%s", getenv("GDAL_HOME"),
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:66:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(libname);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:75:14: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(temp);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:138:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* pszStopOnError = getenv("OGDI_STOP_ON_ERROR");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:129:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env=getenv("DEFAULT_INFO");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:139:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env=getenv("USRHOME");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2110:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gl = getenv("OGDILINK");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/network/remote.c:65:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *proxyhost = getenv("GLTPPROXYHOST");
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:109:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
debug = getenv("GLTPDLOGFILE");
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:255:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
debug = getenv("GLTPDLOGFILE");
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_svc.c:243:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((netid = getenv("NLSPROVIDER")) == NULL) {
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/getglenv.c:33:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gl = getenv("GRASSLAND");
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/getglenv.c:61:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gl = getenv("HOME");
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/getglenv.c:89:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gl = getenv("GISRC");
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/getglenv.c:117:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gl = getenv("GISBASE");
data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_svc.c:243:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((netid = getenv("NLSPROVIDER")) == NULL) {
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1481:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
do_iconv = getenv("CONVERT_OGDI_TXT_TO_UTF8") != NULL;
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:221:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| atoi(sel->Select+5) < 1
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:222:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| atoi(sel->Select+5) > GDALGetRasterCount(spriv->hDS) )
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:254:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->nBand = atoi(sel->Select+5);
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:550:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->layer[s->currentLayer].index = atoi(Id);
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:594:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:610:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( line, " <Name>band_%d</Name>\n", i+1 );
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:617:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:719:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szName[64];
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:733:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szName,"%d",i);
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdal_serv.c:747:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szName,"%d-%d",
data/ogdi-dfsg-4.1.0+ds/contrib/gdal/gdalbridge.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[2048];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:177:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abyHeader[XBASE_FLDHDR_SZ];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:284:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psDBF->fp = fopen( pszFullname, pszAccess );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:289:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psDBF->fp = fopen(pszFullname, pszAccess );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:384:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abyFileHeader[32];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:463:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( pszFullname, "wb" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:470:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( pszFullname, "rb+" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:837:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSField[400], szFormat[20];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:895:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( szFormat, "%%%dd", nWidth );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:910:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( szFormat, "%%%d.%df",
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1035:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pabyRec, pRawTuple, psDBF->nRecordLength );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1083:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pReturnTuple, pabyRec, psDBF->nRecordLength );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( newDBF->pszHeader, psDBF->pszHeader, 32 * psDBF->nFields );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1109:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( newDBF->panFieldOffset, psDBF->panFieldOffset, sizeof(int) * psDBF->nFields );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1111:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( newDBF->panFieldSize, psDBF->panFieldSize, sizeof(int) * psDBF->nFields );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1113:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( newDBF->panFieldDecimals, psDBF->panFieldDecimals, sizeof(int) * psDBF->nFields );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:1115:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( newDBF->pachFieldType, psDBF->pachFieldType, sizeof(int) * psDBF->nFields );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:456:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(pszFieldStart) );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:521:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_aux = fopen( filename, "wt" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:563:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_raw = fopen( filename, "wb" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:632:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_aux = fopen( filename, "wt" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/ogdi_import.c:677:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_raw = fopen( filename, "wb" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:148:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ByteCopy( a, b, c ) memcpy( b, a, c )
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:362:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psSHP->fpSHP = fopen(pszFullname, pszAccess );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:366:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psSHP->fpSHP = fopen(pszFullname, pszAccess );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:373:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psSHP->fpSHX = fopen(pszFullname, pszAccess );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:377:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psSHP->fpSHX = fopen(pszFullname, pszAccess );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+36, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+44, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:432:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+52, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:436:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+60, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+68, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:444:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+76, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+84, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+92, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nOffset, pabyBuf + i * 8, 4 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:478:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nLength, pabyBuf + i * 8 + 4, 4 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:597:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpSHP = fopen(pszFullname, "wb" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:602:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpSHX = fopen(pszFullname, "wb" );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:938:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyRec + nRecordSize, psObject->panPartType,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &psShape->nSHPType, pabyRec + 8, 4 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfXMin), pabyRec + 8 + 4, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1250:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfYMin), pabyRec + 8 + 12, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfXMax), pabyRec + 8 + 20, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1252:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfYMax), pabyRec + 8 + 28, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nPoints, pabyRec + 40 + 8, 4 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1264:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nParts, pabyRec + 36 + 8, 4 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->panPartStart, pabyRec + 44 + 8, 4 * nParts );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1298:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->panPartType, pabyRec + nOffset, 4*nParts );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1312:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psShape->padfX + i,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1316:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psShape->padfY + i,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1333:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfZMin), pabyRec + nOffset, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1334:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfZMax), pabyRec + nOffset + 8, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1341:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfZ + i,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1357:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfMMin), pabyRec + nOffset, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1358:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfMMax), pabyRec + nOffset + 8, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1365:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfM + i,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nPoints, pabyRec + 44, 4 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1394:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psShape->padfX+i, pabyRec + 48 + 16 * i, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1395:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psShape->padfY+i, pabyRec + 48 + 16 * i + 8, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1406:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfXMin), pabyRec + 8 + 4, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1407:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfYMin), pabyRec + 8 + 12, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1408:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfXMax), pabyRec + 8 + 20, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1409:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfYMax), pabyRec + 8 + 28, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1421:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfZMin), pabyRec + nOffset, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1422:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfZMax), pabyRec + nOffset + 8, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1429:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfZ + i,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1445:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfMMin), pabyRec + nOffset, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1446:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(psShape->dfMMax), pabyRec + nOffset + 8, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1453:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfM + i,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfX, pabyRec + 12, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1476:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfY, pabyRec + 20, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1488:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfZ, pabyRec + nOffset, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:1503:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psShape->padfM, pabyRec + nOffset, 8 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_info/ogdi_info.c:184:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szDMS1[128];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_info/ogdi_info.c:185:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szDMS2[128];
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_info/ogdi_info.c:201:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( szDMS1, "%4dd%2d'%7.4f\"", nDeg, nMin, dfRemainder*3600.0 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_info/ogdi_info.c:207:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( szDMS2, "%4dd%2d'%7.4f\"", nDeg, nMin, dfRemainder*3600.0 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_info/ogdi_info.c:745:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nSampleFrequency = atoi(argv[++i]);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:159:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sqlmessage[SQL_MAX_MESSAGE_LENGTH];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:160:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sqlstate[32];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:382:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[33];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theKey[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024],buffer2[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:515:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sqlmessage[SQL_MAX_MESSAGE_LENGTH];
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:516:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sqlstate[32];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:107:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cln_empty_string[1] = "";
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:289:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( cln->server_version_str, "4.0" );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:2743:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:2759:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( cln->server_version_str, "4.0" );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *element_stack[STACK_MAX];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdata[5000];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10000];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:520:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( cln->server_version_str, "4.0" );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:73:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp,".dll");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:114:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp,"lib");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:116:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp,".so");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1034:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ECSGEOM(r).matrix.x.x_val,array,sizeof(u_int)*size);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ECSGEOM(r).image.x.x_val,array,sizeof(u_int)*size);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[512];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urlfile[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:355:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr=fopen(indexfile, "r");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:527:26: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char *tmpkey, *value, *tmpfile;
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:540:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strncat(indexfile, tmpfile, len);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:542:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr=fopen(indexfile, "r");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecssplit.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*server, url, i );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecssplit.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*machine, url, slash - url);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ OFS_MAXPATHNAME ];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:156:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:235:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Could not find the dynamic library \"remote\"");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:347:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:494:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:605:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:686:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:716:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:808:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1092:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1337:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1535:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1587:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1641:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1671:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1702:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1754:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1820:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp,s->layer,(sizeof(ecs_Layer)*s->layer_tablesize));
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1969:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfile = fopen("testinterface.txt","a");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_dir[_MAX_PATH];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2033:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chaine[200];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2114:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
attr = fopen(gl,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char character[2];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2761:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char character[2];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[100];
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3331:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp,"%ld",ptr->no_cat);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[125];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc,sc[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:213:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spriv->overview.imgfile = fopen(buffer,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:219:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spriv->overview.imgfile = fopen(buffer,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:225:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
spriv->overview.imgfile = fopen(buffer,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,sc[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:396:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpriv->imgfile = fopen(buffer,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:404:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpriv->imgfile = fopen(buffer,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:411:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpriv->imgfile = fopen(buffer,"rb");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:709:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:751:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:760:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.h:72:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[49152];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imgname[10]; /* IMG name */
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.h:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imgfilename[14]; /* IMG file name */
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.h:132:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
layerfunc *open;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:217:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:246:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:262:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:514:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:530:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,sc[4];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:78:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier = fopen(spriv->genfilename,"r");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:143:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->zonenumber = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:153:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->ARV = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:159:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->BRV = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:179:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->rowtiles = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:187:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->coltiles = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:237:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->tilelist[count] = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,sc[4];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:285:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier = fopen(spriv->genfilename,"r");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:317:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->ARV = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:323:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->BRV = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:342:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->rowtiles = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:349:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->coltiles = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:391:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lpriv->tilelist[count] = atoi(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:421:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sub[20];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:479:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test = fopen(spriv->genfilename,"r");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:520:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,sc[4];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:525:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier = fopen(spriv->genfilename,"r");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/network/remote.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:875:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50],result[50];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:893:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:937:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:945:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:1001:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[129];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.h:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[16];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.h:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char georef[7];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.h:405:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[65536]; /* 256*256 Sub frames */
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.h:568:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
layerfunc *open;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:88:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( filename, access );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:98:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( filename, access );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:109:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( filename, access );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:248:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(boundid);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NITF[5];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:798:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:820:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FSDWNG[6];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:877:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Can't locate section %d in table of contents",locations[i].id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:893:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"parse_toc: n = %d\n",n);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:989:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Error on malloc of entries[%d].frames",i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1000:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Error on malloc of entries[%d].frames[%d]",i,j);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1046:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Bad boundary id in FF index record %d", i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1071:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Bad row num:%d, in FF index record %d",frame_row,i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1078:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Bad col number in FF index record %d", i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1090:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"FF %d is a duplicate", i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1169:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"parse_toc: *num_boundaries = %d\n",*num_boundaries);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1596:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NITF[5];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1602:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:2003:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:2078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:174:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:235:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:292:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:398:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",position);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:480:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:528:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:589:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:608:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:703:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",position);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:774:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:809:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:859:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:861:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:870:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:953:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",position);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1057:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1110:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1201:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",position);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1321:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",l->index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1376:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1396:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",index);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1442:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/object.c:1455:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",value);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c:440:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((layerMethod[s->layer[layer].sel.F].open) == NULL) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c:444:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((layerMethod[s->layer[layer].sel.F].open)(s,&(s->layer[layer]))) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.c:504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/skeleton/skeleton.h:218:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
layerfunc *open;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1077:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[120];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1085:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Unable to read the edge %d in the face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1113:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Unable to allocate memory in vrf_get_ring_coords() for face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1127:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Unable to allocate memory in vrf_get_ring_coords() for face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1144:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Unable to allocate memory in vrf_get_ring_coords() for face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1178:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Cycle detected in the edges of face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1217:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Unable to read the edge %d in the face %d, segment %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1268:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Line %d: Memory allocation failure for segment %d in the face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1288:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Line %d: Memory allocation failure for segment %d in the face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1309:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Line %d: Memory allocation failure for segment %d in the face %d",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1622:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%c",temp1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1623:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString,"{ ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1625:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString," } ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1634:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString,"{ ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1636:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString," } ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1651:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString,"{ ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1653:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString," } ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1663:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString,"{ ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1665:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returnString," } ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1671:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%f",temp2);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1683:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%f",temp3);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1695:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",temp4);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1707:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",temp5);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:541:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:596:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",(int) area_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:631:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
object_id = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:650:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:651:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:692:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:720:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:721:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:759:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",feature_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:774:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:989:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d", (int) line_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1023:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
object_id = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1071:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1126:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",feature_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1270:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1326:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",(int) point_id+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1364:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
object_id = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1384:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1445:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1446:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",feature_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1580:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1581:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1638:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d", (int) text_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1677:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
object_id = atoi(id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1696:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1697:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1758:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMsg[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1759:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szErrorMsg, "Object index=%d references incorrect tile_id=%d (nbTile=%d)",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1790:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",feature_id);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/object.c:1805:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swq_error[1024];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:267:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( swq_error, "Not enough tokens to complete expression." );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:292:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(swq_error,"Unclosed brackets, or incomplete expression.");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:318:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( swq_error, "Failed to identify field:" );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:332:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( swq_error, "Not enough tokens to complete expression." );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:340:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( swq_error, "Failed to identify operation:" );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:349:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( swq_error, "Used logical operation with non-logical operand.");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:371:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( swq_error, "Not enough tokens to complete expression." );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:397:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
op->string_value = (char *)
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:400:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
op->int_value = atoi(op->string_value);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *token_list[MAX_TOKEN], *rest_of_expr;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:513:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( swq_error, "Syntax error, %d extra tokens",
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[60];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512],*temp;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*fclass, temp, arobase - temp);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfilename[100];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:539:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tab[3][7]={"char","float","int"};
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char separator[2]={SEPARATOR,'\0'};
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1229:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szErrorMessage[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[8] = {'A', 'L', 'T', 'P', 'a', 'l', 't', 'p' };
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1726:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line,temp[128],temp2[128],*item_buf, *att_buf, *des_buf, *tval;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1732:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1813:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"ATTRIBUTES:\n");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1908:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"\n\n");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1954:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_name[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:2006:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:2014:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:2037:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.h:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database[256]; /* fullpath to database and library are usefull when opening table */
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.h:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char library[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.h:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libname[32]; /* the short name of the library (last part of the path) */
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.h:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char metadatastring[250000]; /*transfert to updatedictionnary of the metadata strings*/
data/ogdi-dfsg-4.1.0+ds/ogdi/examples/example2/example2.c:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[100];
data/ogdi-dfsg-4.1.0+ds/ogdi/examples/example2/example2.c:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layerSelection[100];
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[255];
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/asyncsvr.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[255];
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/asyncsvr.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/asyncsvr.c:166:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp,"gltpd %d",newprogramno);
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_svc.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[FMNAMESZ + 1];
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/ecs_svc.c:292:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open("/dev/console", 2);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/dirent.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ OFS_MAXPATHNAME ];
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_dir[_MAX_PATH];
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1000];
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_dir[_MAX_PATH];
data/ogdi-dfsg-4.1.0+ds/ogdi/include/ecs_util.h:1087:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datumtable[10];
data/ogdi-dfsg-4.1.0+ds/ogdi/include/ecs_util.h:1097:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_version_str[32];
data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_svc.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[FMNAMESZ + 1];
data/ogdi-dfsg-4.1.0+ds/ogdi/include/sun/ecs_svc.c:292:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open("/dev/console", 2);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:219:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = cln_CreateClient(&ClientID,(char *)argv[1]);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:253:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:368:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ClientID = cln_GetClientIdFromURL((char *)argv[1]);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:375:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp, (char *)argv[2],(char *)argv[3],&layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:375:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp, (char *)argv[2],(char *)argv[3],&layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:413:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:419:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp, (char *)argv[2],(char *)argv[3], &layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:419:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp, (char *)argv[2],(char *)argv[3], &layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:458:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((j=ecs_SetGeoRegionList(interp,&GR,(char *)argv[2])) == ECS_FAILURE) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:464:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:499:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:575:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class[129];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:625:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:686:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:730:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:736:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
userdata.tclvar=(char *)argv[2];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:767:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:788:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:834:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:840:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = cln_GetObject(ClientID,(char *)argv[2]);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:843:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
userdata.tclvar=(char *)argv[3];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:845:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
userdata.ObjID=(char *)argv[2];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:883:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:926:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:934:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return _interpEcsResult(interp,cln_UpdateDictionary(ClientID,(char *)argv[2]),NULL);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:964:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1000:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1069:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1080:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cln_SetTclProc(ClientID,(char *)argv[2]);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1120:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1126:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((j = ecs_SetGeoRegionList(interp,&GR,(char *)argv[2])) != ECS_SUCCESS) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1173:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1179:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp,(char *)argv[2],(char *)argv[3],&layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1179:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp,(char *)argv[2],(char *)argv[3],&layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1227:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1233:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp,(char *)argv[2],(char *)argv[3],&layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1233:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((_GetLayer(interp,(char *)argv[2],(char *)argv[3],&layer)) != TCL_OK) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1269:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1334:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((ClientID = cln_GetClientIdFromURL((char *)argv[1])) < 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1406:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%d",result->error);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1524:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer," %d %d %d } ",
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1553:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"{%ld %ld %d %d}",
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1588:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%ld %u %u %u",
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1596:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer," %lu",category->qty);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1696:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%lf %lf %lf %lf ",
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1739:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%lf %lf %lf %lf %lf %lf",
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1768:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer," {%lf %lf} ",
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1804:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%u ", matrix->x.x_val[i]);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1839:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%u ", image->x.x_val[i]);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:1877:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer," {%lf %lf} ",area->ring.ring_val[i].centroid.x, area->ring.ring_val[i].centroid.y);
data/ogdi-dfsg-4.1.0+ds/vpflib/get_feat.c:189:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp, area->rings, (area->nr_rings * sizeof (RING*)));
data/ogdi-dfsg-4.1.0+ds/vpflib/get_feat.c:349:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp, ring->segs, (ring->nr_segs * sizeof (SEGMENT*)));
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[6];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:150:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:164:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_COORD_UNIT_NAME_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_COORD_PROJ_NAME_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quad_15deg[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quad_1deg[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char georef[20]; /* string representation of above */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mgrs[30];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:554:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char promptstr[40]; /*needed by Fusion */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[PNT_LABEL_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:605:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_COORD_NAME_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:838:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_message[80];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:923:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from_ellips[3]; /* isph in FORTRAN; nnfr in NT MADTRAN */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/coord_d.h:1047:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt_str[80];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/datum_d.h:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_DATUM_NAME_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/datum_d.h:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ellips_num[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/datum_d.h:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char area[MAX_DATUM_AREA_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/datum_d.h:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[6];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_d.h:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_name[SIZE_FILENAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_d.h:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_ELLIPS_NAME_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_d.h:65:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[3] ; /* alphanumeric code identifier */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_d.h:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_ELLIPS_NAME_SIZE];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/ellips_d.h:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[3] ;
data/ogdi-dfsg-4.1.0+ds/vpflib/include/mapdoc_d.h:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/mapdoc_d.h:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[48];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/mapdoc_d.h:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/mapdoc_d.h:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_file_dir[SZ_FNAME]; /* default map directory SR */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hour[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minute[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char second[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/raster_d.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[30]; /* Source of the data */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_val [MAX_VALUE_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LEN + 1];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME_LEN + 1];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QUERY_NAME_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql_stmt[MAX_SQL_STMT_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAX_NAME_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[MAX_NAME_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database[MAX_NAME_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[MAX_NAME_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/sqllib_d.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[MAX_NAME_LEN];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_d.h:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[30];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_d.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[20][30]; /*Change: 20 strings instead of 10 */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_d.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help_topic[49];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_d.h:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[30];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/unit_d.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[7][15];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_d.h:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[30];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_d.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[20][30]; /* Change: 20 strings instead of 10 */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_d.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help_topic[49];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_d.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[30];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/units_d.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[7][15];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VDATE[21]; /* Include null end of string */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[81]; /* Field description */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdt[13]; /* Value description table name */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_description[101];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char narrative_table[13];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[17];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[5];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char column_description[101];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_description[13];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thematic_index[13];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vpf_version[11];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database_name[9];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database_desc[101];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_standard[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char originator[51];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressee[101];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downgrading[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downgrade_date[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char releasability[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other_std_name[51];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other_std_date[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other_std_ver[11];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edition_number[11];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edition_date[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char library_name[9];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product_type[13];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char library_name[13];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[101];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_series[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_id[31];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_edition[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_name[101];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_date[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downgrading[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downgrading_date[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char releasability[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ellipsoid_name[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ellipsoid_detail[51];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vert_datum_name[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vert_datum_code[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sound_datum_name[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sound_datum_code[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geo_datum_name[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geo_datum_code[11];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char projection_name[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char projection_code[3];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter1[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter2[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter3[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter4[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char false_origin_x[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char false_origin_y[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char false_origin_z[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_pt[11];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_long[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_lat[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_z[6];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_table_x[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_table_y[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_table_z[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_pt[11];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_long[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_lat[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_z[6];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_table_x[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_table_y[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_table_z[16];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coverage_name[9];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[51];
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first_edge[2]; /* to be defined as NULL */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:618:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[13]; /* Table filename */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:620:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[81]; /* Table description */
data/ogdi-dfsg-4.1.0+ds/vpflib/include/vpf_d.h:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char narrative[13]; /* Table narrative file name */
data/ogdi-dfsg-4.1.0+ds/vpflib/linklist.c:480:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (element, position->next->element, position->next->element_size);
data/ogdi-dfsg-4.1.0+ds/vpflib/linklist.c:597:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp->element, element, size);
data/ogdi-dfsg-4.1.0+ds/vpflib/linklist.c:813:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (position->next->element, element, position->next->element_size);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:60:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int muse_fix_path_case(const char* src_path, char dest_path[SZ_FNAME])
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:84:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_path, dest_path, i);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:113:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_path, dest_path, limit+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:132:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_dest_path[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:145:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_path, ";1");
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:161:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_path, tmp_path, limit+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:166:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_path, tmp_path, limit+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathext[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:202:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(real_path, mode);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathext[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpath[SZ_FNAME];
data/ogdi-dfsg-4.1.0+ds/vpflib/reduce2.c:503:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/ogdi-dfsg-4.1.0+ds/vpflib/reduce2.c:677:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string," **** Error # %d SID = %d \n", m, *idr );
data/ogdi-dfsg-4.1.0+ds/vpflib/set.c:789:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->buf,b.buf,nbytes);
data/ogdi-dfsg-4.1.0+ds/vpflib/set.c:796:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->buf,b.buf,nbytes);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf.h:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[21];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StatusMessage[40], string[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:49:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sep[2] = {DIR_SEPARATOR,'\0'};
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:52:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (StatusMessage, "INITIALIZING!");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:53:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "Please be patient");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:69:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (view.name, "MUSE");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:237:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (view.theme->ftable, ".lft");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:242:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (view.theme->ftable, ".aft");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:247:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (view.theme->ftable, ".tft");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:252:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (view.theme->ftable, ".pft");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptype[4], StatusMessage[40], string[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:355:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], libpath[255], covpath[255], tiledir[255], ftable[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:357:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sep[2] = {DIR_SEPARATOR,'\0'};
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:384:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "fca");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:433:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptype, "EDG");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:446:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptype, "FAC");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:459:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptype, "TXT");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:475:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (string, ".PFT");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:479:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "fcs");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:521:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path,".FIT");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:536:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "FCS");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:564:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "tileref");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:566:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "tileref.aft");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:635:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (StatusMessage, "Retrieve Features");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:636:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Searching Tile Nr. %ld", tile);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:746:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld Found", vec->nr_lines);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:780:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld Found", vec->nr_points);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:801:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "rng");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:806:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "edg");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:811:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "fbr");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:840:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld Found", vec->nr_areas);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:876:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld Found", vec->nr_text);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:936:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_lines, vec->lines, (vec->nr_lines * sizeof (LINE_FEATURE*)));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:955:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_points, vec->points, (vec->nr_points * sizeof (POINT_FEATURE*)));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:973:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_areas, vec->areas, (vec->nr_areas * sizeof (AREA_FEATURE*)));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:991:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp_text, vec->text, (vec->nr_text * sizeof (TEXT_FEATURE*)));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1256:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1282:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], StatusMessage[40], string[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1286:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sep[2] = {DIR_SEPARATOR,'\0'};
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1310:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "tileref");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1312:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "fbr");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1341:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "tileref");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1343:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "tileref.aft");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1398:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (StatusMessage, "TILE SEARCH");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1399:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld Found", nr_tiles);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1467:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], StatusMessage[40], string[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1476:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, ".FIT");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1582:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (StatusMessage, "Retrieve Features");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:1583:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Searching Tile Nr. %ld", tile);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, ch, date[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string, *temp, index[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:125:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** TABLE HEADER DATA ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:131:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "DESCRIPTION: ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:135:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (string, "NULL");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:138:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "NARRATIVE TABLE: ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:142:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (string, "NULL");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:145:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "BYTE ORDER: %c", table.byte_order);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:148:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "HEADER LENGTH: %ld", table.ddlen);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:151:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "RECORD LENGTH: %ld", table.reclen);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:154:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "NR RECORDS: %ld", table.nrows);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:157:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "NR FIELDS: %ld", table.nfields);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:167:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** FIELD DESCRIPTORS ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:172:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld", (i+1));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:174:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&string[ strlen (string)], "<%c>", table.header[i].type);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:175:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&string[ strlen (string)], "<%ld>", table.header[i].count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:176:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&string[ strlen (string)], "<%c>", table.header[i].keytype);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:188:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** TABLE RECORD DATA ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:200:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld: ", i);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:209:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%c>", ch);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:244:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%ld>", lval);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:259:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%ld>",lptr[k]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:276:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%d>", ival);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:291:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%d>",iptr[k]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:308:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%f>", fval);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:323:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%f>", fptr[k]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:340:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp,"<%lf,%lf>", cval.x, cval.y);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:357:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%lf,%lf>", cptr[k].x, cptr[k].y);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:377:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, " %lf, %lf", cptr[k].x, cptr[k].y);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:394:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%ld,%ld,%ld>",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:410:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%ld,%ld,%ld>",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:462:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%f,%f,%f>", zval.x, zval.y, zval.z);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:478:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%f,%f,%f>",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:506:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "END_OF_TABLE");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:547:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** VARIABLE LENGTH INDEX HEADER DATA ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:550:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Entries: %ld", entries);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:553:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Size: %ld", size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:561:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "***** RECORD DATA *****");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:573:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "%ld: %ld, %ld", i, offset, length);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:582:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "END_OF_TABLE");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:624:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** SPATIAL INDEX HEADER DATA ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:627:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Number of Primitives: %ld", numprim);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:630:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Xmin: %f", xmin);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:633:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Ymin: %f", ymin);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:636:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Xmax: %f", xmax);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:639:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Ymax: %f", ymax);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:642:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Number of Nodes: %ld", nnode);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:646:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** SPATIAL INDEX BIN ARRAY RECORDS ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:658:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Node: %ld, Offset: %ld, Count: %ld",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:684:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "****** SPATIAL INDEX BIN DATA RECORDS ******");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:699:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "X1: %3d, Y1: %3d, X2: %3d, Y2: %3d, ID: %d",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:711:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "END_OF_TABLE");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:734:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string, *temp, name[13], col[26], unused[5];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:765:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "***** THEMATIC INDEX HEADER DATA *****");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:768:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Header_size: %ld", length);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:771:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Nr_entries: %ld", (int32)nr_entries);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:774:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Nr_rows: %ld", nr_rows);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:777:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Index_type: %c", indx_type);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:780:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Data_type: %c", data_type);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:783:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Nr_elements: %ld", (int32)nr_elts);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:786:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Index_data_type: %c", index_data_type);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:808:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "***** INDEX DIRECTORY RECORDS *****");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:840:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Elt: %d Offset: %ld Nr_records: %ld",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:853:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Elt: %ld Offset: %ld Nr_records: %ld",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:866:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Elt: %f Offset: %ld Nr_records: %ld",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:879:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (string, "Elt: %f Offset: %ld Nr_records: %ld",
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:895:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "***** INDEX DATA RECORDS *****");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:915:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%hd>",row_nrs[j]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:940:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (temp, "<%ld>",row_nrs[j]);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:957:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "END_OF_TABLE");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:1060:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (string, "MAXLINES REACHED");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprim.c:1427:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **libname, path[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], *producer=(char *)NULL;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255],lib[16], *description=(char *)NULL;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:420:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], *lib, found;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255],sec;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:648:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:742:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:899:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fcnames[j] = (char *)xvt_malloc(sizeof(char)*(strlen(coverages[i])+
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:974:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], dbpath[255],*libname;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], *buf;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1240:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(proj.name,"Unknown");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255],*cov,*description=(char *)NULL;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1454:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **fcnames = (char **)NULL, path[255], covpath[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1593:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255],*cov;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1698:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *desc = (char *)NULL, path[255], *fctable, *fc;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255],*description=(char *)NULL;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1915:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fctable = (char *)NULL, path[255], covpath[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2068:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255], covpath[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[260];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:733:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[300], str2[300];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:1061:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lval2 = atol(expr.value);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:1070:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval2 = (short)atoi (expr.value);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:1204:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lval2 = atol(expr.value);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:1215:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sval2 = atoi(expr.value);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:797:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMessage[256];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:966:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, keys, (size_t)count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1054:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row[i].ptr,origrow[i].ptr,sizeof(char));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1064:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1069:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1074:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1079:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1085:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1092:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1097:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1102:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1107:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1112:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[i].ptr, origrow[i].ptr, (size_t)size);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1506:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(char));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1513:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tptr, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1561:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(int32));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1565:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr,(size_t) row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1571:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(short int));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1575:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1581:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(float));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1585:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1591:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(double));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1595:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1601:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(coordinate_type));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1607:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1616:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(tri_coordinate_type));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1620:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1626:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(double_coordinate_type));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1630:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1636:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(double_tri_coordinate_type));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1640:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1646:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(date_type));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1650:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1656:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value,row[col].ptr,sizeof(id_triplet_type));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1660:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (retvalue, row[col].ptr, (size_t)row[col].count *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qstr[80];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tablename[255], *buf, expr[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevstr[80];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:343:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval, *tval, path[255], *keystring;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:560:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval, *tval, path[255], *keystring;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.h:16:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table1[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.h:17:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key1[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.h:18:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table2[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.h:19:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key2[40];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfselec.c:117:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, ".FIT");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:87:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char box[4]; /* Search box */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:118:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_over( unsigned char box1[4], unsigned char box2[4] )
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:118:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int is_over( unsigned char box1[4], unsigned char box2[4] )
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:121:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char box1[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:122:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char box2[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:194:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char box[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:215:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&box,&(rec[j].bound),4*sizeof(unsigned char));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:254:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void search_cell( int32 record, int level, unsigned char bnd[4],
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:260:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bnd[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:266:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char locbnd[4],cut;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:339:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tempbox[4];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:363:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (head, htmp, 6*sizeof (int32));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfspx.c:373:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&bnd[0], &head[BOUND_START], 4*sizeof (float));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:74:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nanstr[8] = {-1,-1,-1,-1,-1,-1,-1,127};
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:76:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &n,&nanstr[0],sizeof(n));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:88:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nanstr[4] = {-1,-1,-1,127};
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &n,&nanstr[0],sizeof(n));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:238:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = (int32)atoi(temp); /****should this be atol ?****/
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:807:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tablepath[255], *idxname,*ptr;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year[8], month[8], day[8], hour[8], mn[8], sec[8];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h:41:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char date_type[21] ; /* Include null end of string */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[81]; /* Field description */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdt[13]; /* Value description table name */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[13]; /* Name of the VPF table */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h:119:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[81]; /* Table description */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.h:120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char narrative[13]; /* Table narrative file name */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:130:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(src,dest,size) memcpy(dest,src,size)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:130:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(src,dest,size) memcpy(dest,src,size)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:206:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:207:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:247:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:266:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:267:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:286:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:287:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:306:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:307:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:323:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d1,elem1,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:324:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d2,elem2,sizeof(ThematicIndexDirectory));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf ,
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:544:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hack,"No such type < %c >", table.header[tablepos].type ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:556:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (( tmpfp = tmpfile() ) == NULL ) {
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:629:12: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy ( buf, d[k].value.strval, strlen(buf) ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:748:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) bcopy ( datetemp, d[k].value.strval, sizeof(date_type) ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:936:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &ival, value, sizeof (int32)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:939:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &sval, value, sizeof (short int)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:942:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &fval, value, sizeof (float)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:945:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dval, value, sizeof (double)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1055:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &ival, value, sizeof (int32)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1059:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &sval, value, sizeof (short int)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1063:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &fval, value, sizeof (float)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1067:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( &dval, value, sizeof (double)) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hack[80] ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hack[80];
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1560:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dsearch.value.ival, value, sizeof(int32) );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1567:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dsearch.value.sval, value, sizeof(short int) );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1574:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dsearch.value.fval, value, sizeof(float) );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1581:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dsearch.value.dval, value, sizeof(double) );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1589:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dsearch.value.cval, value, sizeof(char) );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1596:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dsearch.value.strval, value, (size_t)idx->h.type_count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1607:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dsearch.value.strval, value, sizeof(date_type) );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1910:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( tolower (*((char *) r[c].ptr + j)) == idx_set[i]) {
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfview.h:28:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9]; /* Name of the library */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfview.h:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9]; /* Name of the VPF database */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfview.h:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9]; /* View name */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfview.h:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sympath[255]; /* Symbol set path */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:403:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (keys, row[i].ptr, (size_t)count * sizeof(id_triplet_type) ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:545:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xvt_free((char *)row[field].ptr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:637:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, str, (size_t)(len+1));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:644:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof (date_type) * (size_t)count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:649:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof (int32) * (size_t)count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:654:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof (short) * (size_t)count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:659:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof (float) * (size_t)count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:664:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof (double) * (size_t)count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:670:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof(id_triplet_type) *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:679:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value, sizeof (coordinate_type) *
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:691:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value,
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:703:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row[field].ptr, value,
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:715:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( row[field].ptr, value,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:270:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) malloc(strlen(pszFilename)+5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:272:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:280:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) malloc(strlen(pszBasename) + 5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:446:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) malloc(strlen(pszFilename)+5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:448:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:456:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) malloc(strlen(pszBasename) + 5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:572:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int) strlen(pszFieldName) < 10 )
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:573:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pszFInfo, pszFieldName, strlen(pszFieldName));
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:573:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy( pszFInfo, pszFieldName, strlen(pszFieldName));
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:575:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pszFInfo, pszFieldName, 10);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:665:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pszStringField,
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:804:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pszFieldName, (char *) psDBF->pszHeader+iField*32, 11 );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:897:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int)strlen(szSField) > psDBF->panFieldSize[iField] )
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:900:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]),
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:901:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szSField, strlen(szSField) );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:913:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int) strlen(szSField) > psDBF->panFieldSize[iField] )
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:915:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]),
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:916:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szSField, strlen(szSField) );
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:921:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int) strlen((char *) pValue) > psDBF->panFieldSize[iField] )
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:927:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((char *) pValue);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/dbfopen.c:930:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]),
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:346:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) malloc(strlen(pszLayer)+5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:348:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:360:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) malloc(strlen(pszBasename) + 5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:582:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) malloc(strlen(pszLayer)+5);
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:584:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/ogdi-dfsg-4.1.0+ds/contrib/ogdi_import/shpopen.c:595:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) malloc(strlen(pszBasename) + 5);
data/ogdi-dfsg-4.1.0+ds/include/Linux/ogdi_macro.h:19:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int ZF = read(p,s,fp); \
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:407:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*attr)[i].name = malloc(strlen(name)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:575:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:585:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&(buffer[strlen(buffer)]),"{%s} ",buffer2);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:587:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&(buffer[strlen(buffer)]),"%s ",buffer2);
data/ogdi-dfsg-4.1.0+ds/ogdi/attr_driver/odbc/odbc.c:591:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apriv->attributes = malloc(strlen(buffer)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:276:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cln->url = (char *) malloc(strlen(URL)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:287:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cln->datumtable,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:1548:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cln->tclprocname = (char *) malloc(strlen(tclproc)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:1855:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(retstring,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:1865:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(retstring," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:1871:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenght += strlen(soc[i]->url) + 2;
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/client.c:2019:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NewCache->coverage.Select = (char *) malloc(strlen(ls->Select)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:355:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& pi->cur_layer != NULL && strlen(pi->cdata) > 0 )
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:450:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(pi->cdata) + len < sizeof(pi->cdata)-1 )
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:452:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cdata_len = strlen(pi->cdata);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:454:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pi->cdata + cdata_len, text, len );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_capabilities.c:498:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XML_Parse( parser, cap_doc, strlen(cap_doc), TRUE );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:70:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp = (char *) malloc(strlen(libname)+5)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:95:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp = (char *) malloc(strlen(MODULES_PATH)+strlen(libname)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:95:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp = (char *) malloc(strlen(MODULES_PATH)+strlen(libname)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:103:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp = (char *) malloc(strlen(MODULES_PATH)+strlen(libname)+7)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:103:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp = (char *) malloc(strlen(MODULES_PATH)+strlen(libname)+7)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:112:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp = (char *) malloc(strlen(libname)+7)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:168:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = (char *) malloc(strlen(functionname)+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecs_dyna.c:171:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp,"_");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:118:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->message = (char *) malloc(strlen(error_message)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:345:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->res.ecs_ResultUnion_u.dob.Id = (char *) malloc(strlen(id)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:389:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->res.ecs_ResultUnion_u.dob.attr = (char *) malloc(strlen(attr)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:475:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ECSRESULT(r).s = (char *) malloc(strlen(text)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:519:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ECSRESULT(r).s = (char *) malloc(strlen(text)+strlen(temp)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:519:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ECSRESULT(r).s = (char *) malloc(strlen(text)+strlen(temp)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:642:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr->label = (char *) malloc(strlen(label)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:732:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr->name = (char *) malloc(strlen(name)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:835:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ECSGEOM(r).text.desc = (char *) malloc(strlen(desc)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1675:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((returncode == TRUE) && (obj->Id != NULL) && ((newobj->Id = (char *) malloc(strlen(obj->Id)+1)) == NULL)) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1679:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((returncode == TRUE) && (obj->attr != NULL) && ((newobj->attr = (char *) malloc(strlen(obj->attr)+1)) == NULL)) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1741:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((returncode == TRUE) && (obj->Id != NULL) && ((newobj->Id = (char *) malloc(strlen(obj->Id)+1)) == NULL)) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1745:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((returncode == TRUE) && (obj->attr != NULL) && ((newobj->attr = (char *) malloc(strlen(obj->attr)+1)) == NULL)) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsassoc.c:1995:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy->desc = (char *) malloc(strlen(source->desc)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:224:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=(char*) malloc (strlen(url)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:261:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i= strlen(dir)-1;
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:341:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indexfile=(char *) malloc (strlen(directory) + 14);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:347:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (indexfile[strlen(indexfile)-1]!='/')
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:348:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indexfile,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:440:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1]=='\n')
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:441:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1]='\0'; /* remove \n */
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:530:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indexfile=(char *) malloc (strlen(directory) +strlen(filename)+3);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:530:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indexfile=(char *) malloc (strlen(directory) +strlen(filename)+3);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:536:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (indexfile[strlen(indexfile)-1]!='/')
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:537:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indexfile,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:540:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(indexfile, tmpfile, len);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:565:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*result=(char *) malloc (strlen(value)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:627:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (begin==(int) strlen(string)) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:632:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length=strlen(set);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecsinfo.c:633:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end=strlen(string)-1;
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecslist.c:445:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, element, (size_t) elSize);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/ecssplit.c:88:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*path = malloc( strlen(url + i) + 1 );
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.c:161:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((dp -> _d_entry = malloc(strlen(s) + 1)) == NULL) )
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/opendir.c:207:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dp.d_name);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:209:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->url = malloc(strlen(url)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:626:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(ls->Select)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:956:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(attributes)+strlen(ECSOBJECTATTR(msg))+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:956:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(attributes)+strlen(ECSOBJECTATTR(msg))+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:959:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1268:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(attributes)+strlen(ptr->label)+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1268:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(attributes)+strlen(ptr->label)+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1271:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1469:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(attributes)+strlen(ECSOBJECTATTR(msg))+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1469:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(attributes)+strlen(ECSOBJECTATTR(msg))+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1472:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:1827:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->layer[s->nblayer].sel.Select = (char *) malloc(strlen(sel->Select)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2122:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(chaine)+1;
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2479:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->url = malloc(strlen(url)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2481:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->layer = malloc(strlen(layer)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2483:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->DriverType = malloc(strlen(drivertype)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2485:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->InformationSource = malloc(strlen(infosource)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2487:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->UserDescription = malloc(strlen(userdesc)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2489:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->AutorizationDescription = malloc(strlen(autorization)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2491:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr->SelectionRequest = malloc(strlen(request)+1)) == NULL)
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2604:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(request)+4);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2608:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2609:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0,ptr = request;i<(int) strlen(request);i++,ptr++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2611:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2623:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int) strlen(temp);i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2661:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*ExtractRequest,temp,candlist[count-6]);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2665:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*ExtractRequest,temp,candlist[count-6]+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2670:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*DriverType,ptr,candlist[count-5]-candlist[count-6]-1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2674:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*InformationSource,ptr,candlist[count-4]-candlist[count-5]-1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2678:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*UserDescription,ptr,candlist[count-3]-candlist[count-4]-1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2682:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*AutorizationDescription,ptr,candlist[count-2]-candlist[count-3]-1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2686:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*SelectionRequest,ptr,candlist[count-1]-candlist[count-2]-1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2770:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(l->sel.Select)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2776:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2777:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0,ptr1 = l->sel.Select;i<(int) strlen(l->sel.Select);i++,ptr1++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2779:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2860:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int) strlen(request);i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2872:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int) strlen(request);i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2895:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->AttrRequest = malloc(strlen(request)+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2918:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l->AttrRequest,request,pos);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2926:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer,ptr[i]+1,ptr[i+1]-ptr[i]-1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2955:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(l->AttrRequest,"?");
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:2959:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(l->AttrRequest,ptr[i+1],ptr[i+2]-ptr[i+1]);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3076:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int) strlen(*request);i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3194:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute_list[i] = malloc(strlen(ECSOBJECT(msg).Id)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3207:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute_list[i] = malloc(strlen(argv[l->SelectionAttributeList[i]])+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3332:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute_list[i] = malloc(strlen(temp)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/c-api/server.c:3340:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute_list[i] = malloc(strlen(ptr->label)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:107:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spriv->imgdir = (char *) malloc(strlen(s->pathname)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:144:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spriv->genfilename = (char *) malloc(strlen(spriv->imgdir)+
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:145:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(structure->d_name)+2);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:154:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(spriv->genfilename,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:210:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:216:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:222:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:239:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = getc(spriv->overview.imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:247:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = getc(spriv->overview.imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:250:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = getc(spriv->overview.imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:258:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = getc(spriv->overview.imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:394:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:401:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:408:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer,"/");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:423:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(lpriv->imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:431:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(lpriv->imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:434:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(lpriv->imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:442:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(lpriv->imgfile);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:610:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:864:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen (string); i++)
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/adrg.c:877:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen (string); i++)
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:361:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Red = ((unsigned int) getc(ptrlpriv->imgfile)) / 43;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:363:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Green = ((unsigned int) getc(ptrlpriv->imgfile)) / 43;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:365:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Blue = ((unsigned int) getc(ptrlpriv->imgfile)) / 43;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:629:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Red = ((unsigned int) getc(ptrlpriv->imgfile));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:631:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Green = ((unsigned int) getc(ptrlpriv->imgfile));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/object.c:633:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Blue = ((unsigned int) getc(ptrlpriv->imgfile));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:84:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:99:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lpriv->imgname,buffer,8);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:203:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:250:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:291:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:306:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lpriv->imgname,buffer,8);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:359:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lpriv->imgfilename,buffer,12);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:407:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:531:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/adrg/utils.c:564:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fichier);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:99:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spriv->pathname = (char *) malloc(strlen(s->pathname)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:711:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:919:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=0;j<(int) strlen(buffer);j++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/rpf.c:980:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=0;j<(int) strlen(buffer);j++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:75:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filename = malloc(strlen(dir)+strlen(file)+3);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:75:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *filename = malloc(strlen(dir)+strlen(file)+3);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:82:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( dir[strlen(dir)-1] == '/' || dir[strlen(dir)-1] == '\\' )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:82:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( dir[strlen(dir)-1] == '/' || dir[strlen(dir)-1] == '\\' )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:93:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(dir); filename[i] != '\0'; i++ )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:104:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(dir); filename[i] != '\0'; i++ )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:206:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = malloc(strlen(l->sel.Select)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:214:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = strlen(buffer);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:498:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framefile = malloc(strlen(lpriv->entry->frames[tile_col][tile_row].directory)+
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:499:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lpriv->entry->frames[tile_col][tile_row].filename)+3);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:510:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( dir[strlen(dir)-1] == '\\' || dir[strlen(dir)-1] == '/' )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:510:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( dir[strlen(dir)-1] == '\\' || dir[strlen(dir)-1] == '/' )
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:1133:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dir));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/rpf/utils.c:2183:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i=0; i< (int) strlen(chaine); i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1608:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(returnString,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1672:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenght += strlen(buffer) + 2;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1679:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(returnString," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1684:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenght += strlen(buffer) + 2;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1691:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(returnString," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1696:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenght += strlen(buffer) + 2;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1703:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(returnString," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1708:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenght += strlen(buffer) + 2;
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/feature.c:1715:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(returnString," ");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:105:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token = (char *) SWQ_MALLOC(strlen(expression)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:128:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token = (char *) SWQ_MALLOC(strlen(expression)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:319:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( swq_error, tokens[*tokens_consumed],
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:320:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(swq_error) - strlen(swq_error) - 1 );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:341:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( swq_error, tokens[*tokens_consumed],
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:342:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(swq_error) - strlen(swq_error) - 1 );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/swq.c:398:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SWQ_MALLOC(strlen(tokens[*tokens_consumed])+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:164:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<(int) strlen(request);i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:176:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp,request,pos);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(request) > pos) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:180:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*expression = malloc(strlen(request)-pos+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:186:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*expression,request+pos+1,strlen(request)-pos-2);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:186:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(*expression,request+pos+1,strlen(request)-pos-2);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:187:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*expression)[strlen(request)-pos-2] = '\0';
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*coverage = malloc(strlen(arobase+1) + 1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:210:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*fclass) == 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:218:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*coverage) == 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:459:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code = lpriv->primitiveTableName[strlen(lpriv->primitiveTableName)-2];
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:493:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpriv->joinTableName = malloc(strlen(tempfilename)+1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1634:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = (char*) malloc (strlen (fclass) + 1);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1635:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp, name, strlen (fclass));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1635:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy (temp, name, strlen (fclass));
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1655:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (fclass, list[j],strlen(fclass)) == 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1689:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j = 0; j < strlen(list[i]); ++j) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1699:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer,list[i],j);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1831:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp2,"\\");
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1850:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(item_buf) > strlen(fclass))
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1850:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(item_buf) > strlen(fclass))
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1851:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item_buf[strlen(fclass)] = '\0';
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:1977:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( short_name, name, i );
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/utils.c:2064:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (fclass, name, strlen(fclass)) != 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:166:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s->pathname) == 0) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:181:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(spriv->library) - 1; spriv->library[i] != '/'; --i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:182:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spriv->database,spriv->library,i);
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrf.c:195:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0;i<(int) (strlen(s->pathname)-3);i++) {
data/ogdi-dfsg-4.1.0+ds/ogdi/driver/vrf/vrfswq.c:162:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(tptr)-1; i >= 0 && tptr[i] == ' '; i-- )
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/asyncsvr.c:138:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str1,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/gltpd/sun/asyncsvr.c:44:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str1,"");
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/dirent.c:147:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((dp -> _d_entry = malloc(strlen(s) + 1)) == NULL) )
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/dirent.c:193:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dp.d_name);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/getglenv.c:181:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(keyinfo);
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:85:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in) + 1;
data/ogdi-dfsg-4.1.0+ds/ogdi/glutil/iofile.c:122:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in) + 1;
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:283:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(family);
data/ogdi-dfsg-4.1.0+ds/ogdi/tcl_interface/ecs_tcl.c:649:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(class,startp,class_len);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:77:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dest_path);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:136:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp_path, ".");
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:471:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tp, de->d_name, tpath + SZ_FNAME - tp);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:485:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, tpath, SZ_FNAME);
data/ogdi-dfsg-4.1.0+ds/vpflib/musedir.c:490:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(path);
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:62:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen (string); i++)
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:93:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen (string); i++)
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:134:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:174:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( str, post_white, strlen(post_white)+1 );
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:206:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:214:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen (str); i++)
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:235:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string1, str1, len);
data/ogdi-dfsg-4.1.0+ds/vpflib/strfunc.c:236:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string2, str2, len);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:606:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen (view->theme->ftable) - 1;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpf2vec.c:662:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tiledir, "");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:89:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:94:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp (&browse->path[(strlen (browse->path) - 1)], "x", 1) == 0) ||
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:95:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp (&browse->path[(strlen (browse->path) - 1)], "X", 1) == 0) ||
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:96:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp (&browse->path[(strlen (browse->path) - 3)], "fcz", 3) == 0))
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:103:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strncmp (&browse->path[(strlen (browse->path) - 2)], "si", 2) == 0) ||
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:104:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp (&browse->path[(strlen (browse->path) - 2)], "SI", 2) == 0))
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:111:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strncmp (&browse->path[(strlen (browse->path) - 2)], "ti", 2) == 0) ||
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:112:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp (&browse->path[(strlen (browse->path) - 2)], "TI", 2) == 0))
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:160:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:173:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], " <%s>", table.header[i].name);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:174:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%c>", table.header[i].type);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:175:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%ld>", table.header[i].count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:176:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%c>", table.header[i].keytype);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:177:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%s>", table.header[i].description);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:178:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%s>", table.header[i].vdt);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:179:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%s>", table.header[i].tdx);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:180:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (&string[ strlen (string)], "<%s>", table.header[i].narrative);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:184:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:222:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (buf);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:556:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:668:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:798:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:888:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (string, " ");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:988:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen (temp);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:989:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen (string);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfbrows.c:1017:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (string, &temp[start], end);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:141:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy = (char *)xvt_malloc(strlen(filepath)+2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:147:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(copy,".");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:658:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:752:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:899:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcnames[j] = (char *)xvt_malloc(sizeof(char)*(strlen(coverages[i])+
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:900:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(subset[j-((*nfc)-n)])+
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:995:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1003:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dbpath[strlen(dbpath)-1] == DIR_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1004:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbpath[strlen(dbpath)-1] = '\0';
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1005:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(dbpath)-1;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1012:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dbpath,"");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1136:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(proj.name,"");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1150:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1472:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (covpath[strlen(covpath)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1539:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcnames[j] = (char *)xvt_malloc(strlen(fc)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1707:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[strlen(path)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1794:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
desc = (char *)xvt_malloc(strlen(table.description)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1870:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
description = (char*)xvt_malloc (strlen (table.description)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:1931:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (covpath[strlen(covpath)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2077:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (covpath[strlen(covpath)-1] != OS_SEPARATOR)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2246:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locname = (char*) xvt_zmalloc (strlen (tablename) * sizeof(char)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2268:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(locname);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2326:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locname = (char*) xvt_zmalloc (strlen (tablename) * sizeof (char)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2394:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locname = (char*)xvt_zmalloc (strlen (tablename) * sizeof(char)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2499:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locname = (char*)xvt_zmalloc (strlen (tablename) * sizeof(char)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2570:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locname = (char*)xvt_zmalloc (strlen (tablename) * sizeof(char)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2592:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(locname);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfprop.c:2651:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
locname = (char*)xvt_zmalloc (strlen (table) * sizeof (char)+1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:195:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmpi (expr, delimstr[i], strlen (delimstr[i])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:197:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strnicmp (expr, delimstr[i], strlen (delimstr[i])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:199:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp (expr, delimstr[i], strlen (delimstr[i])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:210:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i< (int32)strlen(token); i++)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:215:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmpi (expr, delimstr[j], strlen (delimstr[j])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:218:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strnicmp (expr, delimstr[j], strlen (delimstr[j])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:221:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp (expr, delimstr[j], strlen (delimstr[j])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:227:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token[strlen (delimstr[j])] = '\0';
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:326:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (Mstrncmpi (expression, delimstr[i], strlen (delimstr[i])) == 0)
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:337:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expression += strlen(token);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:401:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*token_value = strlen (token);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfquery.c:497:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
orig_expression = (char*)xvt_zmalloc (strlen (expression) + 1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:102:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CurrentChar = fgetc(fp);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:106:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CurrentChar = fgetc (fp) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:114:52: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(count = 0; CurrentChar != EOF; CurrentChar = fgetc(fp), count++) {
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:133:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CurrentChar = fgetc(fp ) ; /* read character after backslash */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:136:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( fgetc (fp) != (int32) SPACE ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:798:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(table.path) < 128 )
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:803:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i, id, table.path + strlen(table.path) - 128, (unsigned int)count);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfread.c:1544:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
row[col].count = strlen(retvalue);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:375:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:410:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:443:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keystring = (char*)xvt_malloc (strlen((char*)keyval1));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:596:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:636:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (path);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfrelat.c:670:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keystring = (char*)xvt_malloc (strlen ((char*)keyval1));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:134:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (size_t)strlen (temp);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:196:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy ( temp, "" ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:415:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
table->ddlen = strlen (table->defstr);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:425:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, table->defstr, (size_t)ddlen);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:448:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (table->description, des, 80);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (table->narrative ,nar, 12);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:606:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (table->header[i].description, des, 80);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:612:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (table->header[i].vdt, vdt, 12);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:630:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
table->header[i].tdx = (char*)xvt_zmalloc (strlen (tdx)+ 1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:657:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
table->header[i].narrative = (char*)xvt_zmalloc (strlen (doc) + 1);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:704:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(table->name,"");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:707:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(table->description,"");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:708:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(table->narrative,"");
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:752:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (filename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:817:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=strlen(tablepath);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:827:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(table.name,&(tablepath[j+1]),12);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:828:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
table.path = (char*)xvt_zmalloc (strlen (tablepath) + 5);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:888:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qty = strlen(tablename);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:899:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname = (char*)xvt_zmalloc (sizeof (char) * (strlen (tablepath)+2));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:903:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (idxname[strlen(tablepath)-1] == '.')
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:904:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-2] = idxext;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:906:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-1] = idxext;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:911:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (idxname[strlen(tablepath)-1] == '.')
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:912:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-2] = idxmaj;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:914:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-1] = idxmaj;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:926:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (idxname[strlen(tablepath)-1] == '.')
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:927:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-2] = idxext;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:929:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-1] = idxext;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:934:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (idxname[strlen(tablepath)-1] == '.')
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:935:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-2] = idxmaj;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:937:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idxname[strlen(tablepath)-1] = idxmaj;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1251:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp) == ';')
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1356:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (year, date, 4);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1358:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (month, &date[4], 2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1360:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (day, &date[6], 2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1362:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (hour, &date[8], 2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1364:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (mn, &date[10], 2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftable.c:1366:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sec, &date[12], 2);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:446:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i < (int32)strlen(columnname); i++ ) /* copy into header structure */
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:453:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=0 ; i < (int32)strlen(columnname); i++ ) {
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:628:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d[k].value.strval = (char*)xvt_malloc (strlen (buf));
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:629:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) bcopy ( buf, d[k].value.strval, strlen(buf) ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:784:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = strlen ( tablename ); i > 0; i-- )
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:788:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( h.vpf_table_name, strupr ( &tablename[i+1] ), 13 ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:790:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( h.vpf_table_name, &tablename[i+1], 13 ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:794:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( h.vpf_table_name, strupr ( tablename), 13 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:796:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( h.vpf_table_name, tablename, 13 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:799:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=strlen(h.vpf_table_name); i < 12 ; i++ )
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1849:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = strlen ( tablename ); i > 0; i-- )
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1853:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( gi.vpf_table_name, strupr ( &tablename[i+1] ), 13 ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1855:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( gi.vpf_table_name, &tablename[i+1], 13 ) ;
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1859:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi.vpf_table_name, strupr ( tablename), 13 );
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1861:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi.vpf_table_name, tablename, 13);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1863:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gi.vpf_column_name, columnname,25);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:1869:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gi.nbins = strlen(idx_set);
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:2053:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int32 query_len = strlen(query_str),
data/ogdi-dfsg-4.1.0+ds/vpflib/vpftidx.c:2205:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int32 query_len = strlen(query_str),
data/ogdi-dfsg-4.1.0+ds/vpflib/vpfwrite.c:634:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = strlen(value) ; i < table.header[field].count; i++ )
ANALYSIS SUMMARY:
Hits = 1835
Lines analyzed = 95227 in approximately 2.58 seconds (36851 lines/second)
Physical Source Lines of Code (SLOC) = 54319
Hits@level = [0] 389 [1] 397 [2] 885 [3] 19 [4] 534 [5] 0
Hits@level+ = [0+] 2224 [1+] 1835 [2+] 1438 [3+] 553 [4+] 534 [5+] 0
Hits/KSLOC@level+ = [0+] 40.9433 [1+] 33.7819 [2+] 26.4732 [3+] 10.1806 [4+] 9.83081 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.