Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/orage-4.12.1/globaltime/gt_prefs.c Examining data/orage-4.12.1/globaltime/globaltime.h Examining data/orage-4.12.1/globaltime/timezone_selection.h Examining data/orage-4.12.1/globaltime/globaltime.c Examining data/orage-4.12.1/globaltime/gt_parfile.c Examining data/orage-4.12.1/globaltime/timezone_selection.c Examining data/orage-4.12.1/libical/src/libical/icaltimezone.h Examining data/orage-4.12.1/libical/src/libical/icalvalue.h Examining data/orage-4.12.1/libical/src/libical/icalduration.c Examining data/orage-4.12.1/libical/src/libical/icalrecur.c Examining data/orage-4.12.1/libical/src/libical/icalvalue.c Examining data/orage-4.12.1/libical/src/libical/icallangbind.c Examining data/orage-4.12.1/libical/src/libical/icaltime.c Examining data/orage-4.12.1/libical/src/libical/icaltimezone.c Examining data/orage-4.12.1/libical/src/libical/icalperiod.c Examining data/orage-4.12.1/libical/src/libical/icalrecur.h Examining data/orage-4.12.1/libical/src/libical/icalmemory.h Examining data/orage-4.12.1/libical/src/libical/icalarray.c Examining data/orage-4.12.1/libical/src/libical/icalperiod.h Examining data/orage-4.12.1/libical/src/libical/icalproperty.c Examining data/orage-4.12.1/libical/src/libical/icalattachimpl.h Examining data/orage-4.12.1/libical/src/libical/icalmime.h Examining data/orage-4.12.1/libical/src/libical/icalcomponent.h Examining data/orage-4.12.1/libical/src/libical/astime.h Examining data/orage-4.12.1/libical/src/libical/icaltypes.c Examining data/orage-4.12.1/libical/src/libical/icalparameter.c Examining data/orage-4.12.1/libical/src/libical/icalrestriction.h Examining data/orage-4.12.1/libical/src/libical/icalparameter.h Examining data/orage-4.12.1/libical/src/libical/icalvalueimpl.h Examining data/orage-4.12.1/libical/src/libical/pvl.c Examining data/orage-4.12.1/libical/src/libical/icallangbind.h Examining data/orage-4.12.1/libical/src/libical/icalparser.c Examining data/orage-4.12.1/libical/src/libical/icaltypes.h Examining data/orage-4.12.1/libical/src/libical/icalmime.c Examining data/orage-4.12.1/libical/src/libical/icalenums.h Examining data/orage-4.12.1/libical/src/libical/icalmemory.c Examining data/orage-4.12.1/libical/src/libical/vsnprintf.c Examining data/orage-4.12.1/libical/src/libical/icalattach.c Examining data/orage-4.12.1/libical/src/libical/icalerror.c Examining data/orage-4.12.1/libical/src/libical/sspm.h Examining data/orage-4.12.1/libical/src/libical/icalcomponent.c Examining data/orage-4.12.1/libical/src/libical/sspm.c Examining data/orage-4.12.1/libical/src/libical/pvl.h Examining data/orage-4.12.1/libical/src/libical/icalparser.h Examining data/orage-4.12.1/libical/src/libical/icalproperty.h Examining data/orage-4.12.1/libical/src/libical/caldate.c Examining data/orage-4.12.1/libical/src/libical/icalerror.h Examining data/orage-4.12.1/libical/src/libical/icalarray.h Examining data/orage-4.12.1/libical/src/libical/icaltime.h Examining data/orage-4.12.1/libical/src/libical/icalduration.h Examining data/orage-4.12.1/libical/src/libical/icalparameterimpl.h Examining data/orage-4.12.1/libical/src/libical/icalattach.h Examining data/orage-4.12.1/libical/src/libical/icalenums.c Examining data/orage-4.12.1/libical/src/libicalss/icalss.h Examining data/orage-4.12.1/libical/src/libicalss/icaldirset.h Examining data/orage-4.12.1/libical/src/libicalss/icalclassify.h Examining data/orage-4.12.1/libical/src/libicalss/icalspanlist.h Examining data/orage-4.12.1/libical/src/libicalss/icalcluster.h Examining data/orage-4.12.1/libical/src/libicalss/icalcalendar.c Examining data/orage-4.12.1/libical/src/libicalss/icalfileset.c Examining data/orage-4.12.1/libical/src/libicalss/icalssyacc.c Examining data/orage-4.12.1/libical/src/libicalss/icalgauge.h Examining data/orage-4.12.1/libical/src/libicalss/icalgaugeimpl.h Examining data/orage-4.12.1/libical/src/libicalss/icalmessage.h Examining data/orage-4.12.1/libical/src/libicalss/icaldirset.c Examining data/orage-4.12.1/libical/src/libicalss/icalspanlist.c Examining data/orage-4.12.1/libical/src/libicalss/icalcalendar.h Examining data/orage-4.12.1/libical/src/libicalss/icalcluster.c Examining data/orage-4.12.1/libical/src/libicalss/icalset.c Examining data/orage-4.12.1/libical/src/libicalss/icalfilesetimpl.h Examining data/orage-4.12.1/libical/src/libicalss/icalmessage.c Examining data/orage-4.12.1/libical/src/libicalss/icalsslexer.c Examining data/orage-4.12.1/libical/src/libicalss/icalgauge.c Examining data/orage-4.12.1/libical/src/libicalss/icaldirsetimpl.h Examining data/orage-4.12.1/libical/src/libicalss/icalset.h Examining data/orage-4.12.1/libical/src/libicalss/icalclassify.c Examining data/orage-4.12.1/libical/src/libicalss/icalclusterimpl.h Examining data/orage-4.12.1/libical/src/libicalss/icalssyacc.h Examining data/orage-4.12.1/libical/src/libicalss/icalfileset.h Examining data/orage-4.12.1/tz_convert/tz_convert.c Examining data/orage-4.12.1/src/timezone_names.c Examining data/orage-4.12.1/src/ical-expimp.c Examining data/orage-4.12.1/src/orage-i18n.h Examining data/orage-4.12.1/src/appointment.h Examining data/orage-4.12.1/src/event-list.c Examining data/orage-4.12.1/src/main.c Examining data/orage-4.12.1/src/orage-dbus-object.c Examining data/orage-4.12.1/src/ical-internal.h Examining data/orage-4.12.1/src/day-view.h Examining data/orage-4.12.1/src/event-list.h Examining data/orage-4.12.1/src/orage-dbus-client.c Examining data/orage-4.12.1/src/reminder.c Examining data/orage-4.12.1/src/ical-archive.c Examining data/orage-4.12.1/src/mainbox.h Examining data/orage-4.12.1/src/tray_icon.h Examining data/orage-4.12.1/src/about-xfcalendar.c Examining data/orage-4.12.1/src/parameters.c Examining data/orage-4.12.1/src/timezone_selection.h Examining data/orage-4.12.1/src/orage-dbus-service.h Examining data/orage-4.12.1/src/interface.h Examining data/orage-4.12.1/src/orage-dbus.h Examining data/orage-4.12.1/src/reminder.h Examining data/orage-4.12.1/src/orage-dbus-client.h Examining data/orage-4.12.1/src/functions.h Examining data/orage-4.12.1/src/parameters_internal.h Examining data/orage-4.12.1/src/day-view.c Examining data/orage-4.12.1/src/tz_zoneinfo_read.h Examining data/orage-4.12.1/src/interface.c Examining data/orage-4.12.1/src/tray_icon.c Examining data/orage-4.12.1/src/about-xfcalendar.h Examining data/orage-4.12.1/src/ical-code.h Examining data/orage-4.12.1/src/timezone_selection.c Examining data/orage-4.12.1/src/mainbox.c Examining data/orage-4.12.1/src/orage-dbus-object.h Examining data/orage-4.12.1/src/appointment.c Examining data/orage-4.12.1/src/functions.c Examining data/orage-4.12.1/src/ical-code.c Examining data/orage-4.12.1/src/parameters.h Examining data/orage-4.12.1/src/tz_zoneinfo_read.c Examining data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c Examining data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.h Examining data/orage-4.12.1/panel-plugin/oc_config.c Examining data/orage-4.12.1/panel-plugin/timezone_selection.h Examining data/orage-4.12.1/panel-plugin/timezone_selection.c FINAL RESULTS: data/orage-4.12.1/globaltime/globaltime.c:277:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, _("%s\nclick to modify clock"), clockp->tz->str); data/orage-4.12.1/globaltime/gt_prefs.c:148:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "<b>%s</b>", text); data/orage-4.12.1/libical/src/libical/icalcomponent.c:2255:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new_tzid + tzid_len, suffix_buf); data/orage-4.12.1/libical/src/libical/icalduration.c:44:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalduration.c:44:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icallangbind.c:30:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icallangbind.c:30:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalmemory.c:232:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b,str); data/orage-4.12.1/libical/src/libical/icalmemory.c:327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*pos, string); data/orage-4.12.1/libical/src/libical/icalmime.c:42:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalmime.c:42:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalmime.c:241:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,str); data/orage-4.12.1/libical/src/libical/icalparameter.c:275:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out_buf, buf); data/orage-4.12.1/libical/src/libical/icalparser.c:70:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalparser.c:70:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalparser.c:932:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp,"Cant parse as %s value in %s property. Removing entire property", data/orage-4.12.1/libical/src/libical/icalparser.c:960:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp,"No value for %s property. Removing entire property", data/orage-4.12.1/libical/src/libical/icalproperty.c:48:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalproperty.c:48:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalproperty.c:362:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (out_buf, buf); data/orage-4.12.1/libical/src/libical/icalrecur.c:162:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalrecur.c:162:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icaltime.c:54:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icaltime.c:54:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icaltime.c:340:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, size,fmt,tt.year,tt.month,tt.day, data/orage-4.12.1/libical/src/libical/icaltimezone.c:43:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icaltimezone.c:43:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icaltimezone.c:422:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tznames, standard_tzname); data/orage-4.12.1/libical/src/libical/icaltimezone.c:424:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tznames + standard_len + 1, daylight_tzname); data/orage-4.12.1/libical/src/libical/icaltimezone.c:1441:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf (buf, "%4d%2d%2d %4d%2d%2d %s", data/orage-4.12.1/libical/src/libical/icaltimezone.c:1647:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buffer, "%s%02i%02i", sign, hours, minutes); data/orage-4.12.1/libical/src/libical/icaltimezone.c:1649:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buffer, "%s%02i%02i%02i", sign, hours, minutes, seconds); data/orage-4.12.1/libical/src/libical/icaltimezone.c:1662:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zone_files_directory,path); data/orage-4.12.1/libical/src/libical/icaltypes.c:39:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icaltypes.c:39:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalvalue.c:51:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalvalue.c:51:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/icalvalue.c:108:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->id, old->id); data/orage-4.12.1/libical/src/libical/icalvalue.c:324:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp,"%s Values are not implemented", data/orage-4.12.1/libical/src/libical/icalvalue.c:698:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str,data); data/orage-4.12.1/libical/src/libical/icalvalue.c:802:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, url); data/orage-4.12.1/libical/src/libical/icalvalue.c:829:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str,temp); data/orage-4.12.1/libical/src/libical/icalvalue.c:839:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str,temp); data/orage-4.12.1/libical/src/libical/icalvalue.c:1301:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szEncText, ptr); data/orage-4.12.1/libical/src/libical/sspm.c:49:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/sspm.c:49:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libical/sspm.c:183:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name,p); data/orage-4.12.1/libical/src/libical/sspm.c:680:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(boundary,line); data/orage-4.12.1/libical/src/libical/sspm.c:722:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(boundary,line); data/orage-4.12.1/libical/src/libical/sspm.c:746:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data,line); data/orage-4.12.1/libical/src/libical/sspm.c:823:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(boundary,line); data/orage-4.12.1/libical/src/libical/sspm.c:956:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(header_lines[current_line],buf); data/orage-4.12.1/libical/src/libical/sspm.c:991:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(last_line,buf_start); data/orage-4.12.1/libical/src/libical/sspm.c:1310:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf->pos, string); data/orage-4.12.1/libical/src/libical/sspm.c:1481:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp,"Content-Type: %s/%s",major,minor); data/orage-4.12.1/libical/src/libical/sspm.c:1486:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp,";boundary=\"%s\"",header->boundary); data/orage-4.12.1/libical/src/libical/sspm.c:1493:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp,header->content_type_params[i]); data/orage-4.12.1/libical/src/libical/sspm.c:1505:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp,"Content-Transfer-Encoding: %s\n", data/orage-4.12.1/libical/src/libical/vsnprintf.c:107:1: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(char *str, size_t n, char const *fmt, va_list ap) data/orage-4.12.1/libical/src/libical/vsnprintf.c:109:1: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(str, n, fmt, ap) data/orage-4.12.1/libical/src/libical/vsnprintf.c:134:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. ret = vsprintf(p, fmt, ap); data/orage-4.12.1/libical/src/libical/vsnprintf.c:143:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(char *str, size_t n, char const *fmt, ...) data/orage-4.12.1/libical/src/libical/vsnprintf.c:145:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(str, n, fmt, va_alist) data/orage-4.12.1/libical/src/libical/vsnprintf.c:159:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. return (vsnprintf(str, n, fmt, ap)); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:88:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path,impl->dir); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:90:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path,BOOKED_DIR); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:195:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dir,impl->dir); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:197:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dir,BOOKED_DIR); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:215:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path,impl->dir); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:217:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path,INCOMING_FILE); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:232:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path,impl->dir); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:234:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path,PROP_FILE); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:249:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path,impl->dir); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:251:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path,FBLIST_FILE); data/orage-4.12.1/libical/src/libicalss/icalcluster.c:65:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libicalss/icalcluster.c:65:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libicalss/icalcluster.c:81:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(impl->id,ICALCLUSTER_ID); data/orage-4.12.1/libical/src/libicalss/icaldirset.c:87:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libicalss/icaldirset.c:87:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libicalss/icaldirset.c:318:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s/%s",dset->dir,"SEQUENCE"); data/orage-4.12.1/libical/src/libicalss/icaldirset.c:377:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path,"%s/%s", dset->dir,(char*)pvl_data(dset->directory_iterator)); data/orage-4.12.1/libical/src/libicalss/icaldirset.c:402:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uidstring,"%d-%s",(int)getpid(),unamebuf.nodename); data/orage-4.12.1/libical/src/libicalss/icaldirset.c:404:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uidstring,"%d-%s",(int)getpid(),"WINDOWS"); /* FIX: There must be an easy get the system name */ data/orage-4.12.1/libical/src/libicalss/icaldirset.c:410:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(uidstring,icalproperty_get_uid(uid)); data/orage-4.12.1/libical/src/libicalss/icalfileset.c:50:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libicalss/icalfileset.c:50:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/orage-4.12.1/libical/src/libicalss/icalfileset.c:364:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system(tmp) < 0){ data/orage-4.12.1/libical/src/libicalss/icalmessage.c:162:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/orage-4.12.1/libical/src/libicalss/icalmessage.c:165:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/orage-4.12.1/libical/src/libicalss/icalset.c:183:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, path); data/orage-4.12.1/libical/src/libicalss/icalset.c:197:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, dp->d_name); data/orage-4.12.1/libical/src/libicalss/icalssyacc.c:469:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:153:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(clock->tooltip_prev, res); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:180:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line->prev, res); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:484:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. || sscanf(ret, OC_RC_COLOR data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:488:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. gint i = sscanf(ret, OC_RC_COLOR , (unsigned int *)&color.red , (unsigned int *)&color.green , (unsigned int *)&color.blue); data/orage-4.12.1/src/appointment.c:1906:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(color, ORAGE_COLOR_FORMAT, &red, &green, &blue); data/orage-4.12.1/src/ical-code.c:4189:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(tmp, "UID:%sXFICAL_UID_LEN", ical_uid); data/orage-4.12.1/src/ical-code.c:4192:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(uid, "UID:%sXFICAL_UID_LEN", ical_uid); data/orage-4.12.1/src/reminder.c:874:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = system(cmd); data/orage-4.12.1/src/reminder.c:1105:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(cur_alarm->alarm_time, XFICAL_APPT_DATE_FORMAT data/orage-4.12.1/src/reminder.c:1110:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(cur_alarm->alarm_time, XFICAL_APPT_TIME_FORMAT data/orage-4.12.1/src/tz_zoneinfo_read.c:793:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zone_tab_file_name, tz_dir); data/orage-4.12.1/src/tz_zoneinfo_read.c:794:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(zone_tab_file_name, ZONETAB_FILE); data/orage-4.12.1/src/tz_zoneinfo_read.c:850:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(country_file_name, tz_dir); data/orage-4.12.1/src/tz_zoneinfo_read.c:851:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(country_file_name, COUNTRY_FILE); data/orage-4.12.1/tz_convert/tz_convert.c:1427:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "+0000000 -0000000 %s\n", timezone_name); data/orage-4.12.1/src/interface.c:1008:29: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. file = g_build_filename(g_get_home_dir(), "orage_export.ics", NULL); data/orage-4.12.1/globaltime/globaltime.c:65:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char env_tz[256]; data/orage-4.12.1/globaltime/globaltime.c:399:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(clocks.time_now, "%02d:%02d", now->tm_hour, now->tm_min); data/orage-4.12.1/globaltime/globaltime.c:401:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(clocks.time_now, "%02d:%02d-", now->tm_hour, now->tm_min); data/orage-4.12.1/globaltime/globaltime.c:403:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(clocks.time_now, "%02d:%02d+", now->tm_hour, now->tm_min); data/orage-4.12.1/globaltime/globaltime.c:529:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(clocks.time_now, "88:88"); data/orage-4.12.1/globaltime/gt_parfile.c:52:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%uR %uG %uB", color->red, color->green, color->blue); data/orage-4.12.1/globaltime/gt_prefs.c:365:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char env_tz[256]; data/orage-4.12.1/globaltime/timezone_selection.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_old[MAX_AREA_LENGTH+2]; /*+2 = / + null */ data/orage-4.12.1/globaltime/timezone_selection.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_offset[100], s_country[100], s_changes[200], s_change[50] data/orage-4.12.1/globaltime/timezone_selection.c:92:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(area_old, "S T a R T"); /* this never matches */ data/orage-4.12.1/libical/src/libical/icalarray.c:88:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)(array->data) + ( array->num_elements * array->element_size ), element, data/orage-4.12.1/libical/src/libical/icalarray.c:152:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data,array->data,array->element_size*array->space_allocated); data/orage-4.12.1/libical/src/libical/icalcomponent.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; data/orage-4.12.1/libical/src/libical/icalcomponent.c:134:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(comp->id,"comp"); data/orage-4.12.1/libical/src/libical/icalcomponent.c:1256:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/orage-4.12.1/libical/src/libical/icalcomponent.c:2191:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tzid_copy, *new_tzid, suffix_buf[32]; data/orage-4.12.1/libical/src/libical/icalcomponent.c:2237:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). suffix = atoi (existing_tzid + existing_tzid_len); data/orage-4.12.1/libical/src/libical/icalcomponent.c:2247:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (suffix_buf, "%i", max_suffix + 1); data/orage-4.12.1/libical/src/libical/icalduration.c:192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[32]; data/orage-4.12.1/libical/src/libical/icalenums.c:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[36]; data/orage-4.12.1/libical/src/libical/icalenums.c:115:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "%i.%i", major, minor); data/orage-4.12.1/libical/src/libical/icalerror.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[160]; data/orage-4.12.1/libical/src/libical/icallangbind.c:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[25]; data/orage-4.12.1/libical/src/libical/icalmime.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mimetype[TMPSZ]; data/orage-4.12.1/libical/src/libical/icalmime.c:213:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[256]; data/orage-4.12.1/libical/src/libical/icalparameter.c:59:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v->id,"para"); data/orage-4.12.1/libical/src/libical/icalparameter.c:128:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new,old,sizeof(struct icalparameter_impl)); data/orage-4.12.1/libical/src/libical/icalparameterimpl.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; data/orage-4.12.1/libical/src/libical/icalparser.c:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libical/icalparser.c:518:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024]; data/orage-4.12.1/libical/src/libical/icalparser.c:927:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[200]; /* HACK */ data/orage-4.12.1/libical/src/libical/icalparser.c:955:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[200]; /* HACK */ data/orage-4.12.1/libical/src/libical/icalproperty.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; data/orage-4.12.1/libical/src/libical/icalproperty.c:107:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(prop->id,"prop"); data/orage-4.12.1/libical/src/libical/icalrecur.c:306:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi(t) * sign ; data/orage-4.12.1/libical/src/libical/icalrecur.c:448:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parser.rt.count = atoi(value); data/orage-4.12.1/libical/src/libical/icalrecur.c:452:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parser.rt.interval = (short)atoi(value); data/orage-4.12.1/libical/src/libical/icalrecur.c:520:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/orage-4.12.1/libical/src/libical/icaltimezone.c:1406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; /* Used to store each line of zones.tab as it is read. */ data/orage-4.12.1/libical/src/libical/icaltimezone.c:1407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[1024]; /* Stores the city name when parsing buf. */ data/orage-4.12.1/libical/src/libical/icaltimezone.c:1430:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (filename, "r"); data/orage-4.12.1/libical/src/libical/icaltimezone.c:1509:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (filename, "r"); data/orage-4.12.1/libical/src/libical/icaltimezone.c:1587:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/orage-4.12.1/libical/src/libical/icalvalue.c:79:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v->id,"val"); data/orage-4.12.1/libical/src/libical/icalvalue.c:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( new->data.v_recur, old->data.v_recur, data/orage-4.12.1/libical/src/libical/icalvalue.c:323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libical/icalvalue.c:359:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = icalvalue_new_integer(atoi(str)); data/orage-4.12.1/libical/src/libical/icalvalue.c:409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libical/icalvalue.c:410:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp,"GEO Values are not implemented"); data/orage-4.12.1/libical/src/libical/icalvalue.c:518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libical/icalvalue.c:536:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libical/icalvalue.c:640:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str,"icalvalue_binary_as_ical_string is not implemented yet"); data/orage-4.12.1/libical/src/libical/icalvalue.c:682:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str,"%c%02d%02d%02d",sign,abs(h),abs(m),abs(s)); data/orage-4.12.1/libical/src/libical/icalvalue.c:684:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str,"%c%02d%02d",sign,abs(h),abs(m)); data/orage-4.12.1/libical/src/libical/icalvalue.c:821:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/orage-4.12.1/libical/src/libical/icalvalue.c:824:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp,"%02d%02d%02dZ",data->hour,data->minute,data->second); data/orage-4.12.1/libical/src/libical/icalvalue.c:826:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp,"%02d%02d%02d",data->hour,data->minute,data->second); data/orage-4.12.1/libical/src/libical/icalvalue.c:835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/orage-4.12.1/libical/src/libical/icalvalue.c:837:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp,"%04d%02d%02d",data->year,data->month,data->day); data/orage-4.12.1/libical/src/libical/icalvalue.c:900:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str,"%f",data); data/orage-4.12.1/libical/src/libical/icalvalue.c:915:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str,"%f;%f",data.lat,data.lon); data/orage-4.12.1/libical/src/libical/icalvalueimpl.h:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; data/orage-4.12.1/libical/src/libical/sspm.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libical/sspm.c:152:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[1024]; data/orage-4.12.1/libical/src/libical/sspm.c:199:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[1024]; data/orage-4.12.1/libical/src/libical/sspm.c:213:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char value[1024]; data/orage-4.12.1/libical/src/libical/sspm.c:681:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(boundary,"--"); data/orage-4.12.1/libical/src/libical/sspm.c:708:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/orage-4.12.1/libical/src/libical/sspm.c:723:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(boundary,"--"); data/orage-4.12.1/libical/src/libical/sspm.c:809:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/orage-4.12.1/libical/src/libical/sspm.c:824:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(boundary,"--"); data/orage-4.12.1/libical/src/libical/sspm.c:923:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header_lines[MAX_HEADER_LINES][BUF_SIZE]; /* HACK, hard limits */ data/orage-4.12.1/libical/src/libical/sspm.c:1172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4] = {0,0,0,0}; data/orage-4.12.1/libical/src/libical/sspm.c:1250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[3]; data/orage-4.12.1/libical/src/libical/sspm.c:1252:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"=%02X",ch); data/orage-4.12.1/libical/src/libical/sspm.c:1372:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char BaseTable[64] = { data/orage-4.12.1/libical/src/libical/sspm.c:1382:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outbuf[4]; data/orage-4.12.1/libical/src/libical/sspm.c:1418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[3]; data/orage-4.12.1/libical/src/libical/sspm.c:1467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[TMP_BUF_SIZE]; data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalclusterimpl.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; /* clus */ data/orage-4.12.1/libical/src/libicalss/icaldirset.c:310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[128]; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[ICAL_PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:323:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename,"w"); data/orage-4.12.1/libical/src/libicalss/icaldirset.c:333:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (f = fopen(filename,"r+")) != 0){ data/orage-4.12.1/libical/src/libicalss/icaldirset.c:341:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sequence = atoi(temp)+1; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[ICAL_PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uidstring[ICAL_PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:423:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clustername[ICAL_PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:582:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[256]; data/orage-4.12.1/libical/src/libicalss/icaldirset.c:672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[ICAL_PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalfileset.c:118:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fset->fd = open(fset->path, flags, mode); data/orage-4.12.1/libical/src/libicalss/icalfileset.c:120:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fset->fd = open(fset->path, flags, mode); data/orage-4.12.1/libical/src/libicalss/icalfileset.c:342:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[ICAL_PATH_MAX]; data/orage-4.12.1/libical/src/libicalss/icalmessage.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[45]; data/orage-4.12.1/libical/src/libicalss/icalset.c:179:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX], data/orage-4.12.1/libical/src/libicalss/icalset.c:268:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, impl, sizeof(icalset)); data/orage-4.12.1/libical/src/libicalss/icalsslexer.c:546:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yytext[YYLMAX]; data/orage-4.12.1/libical/src/libicalss/icalsslexer.c:645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yytext_r[YYLMAX]; data/orage-4.12.1/panel-plugin/oc_config.c:239:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *clock_rotation_array[3] = {_("No rotation"), _("Rotate left") data/orage-4.12.1/panel-plugin/oc_config.c:381:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, _("Line %d:"), cur_line); data/orage-4.12.1/panel-plugin/timezone_selection.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_old[MAX_AREA_LENGTH+2]; /*+2 = / + null */ data/orage-4.12.1/panel-plugin/timezone_selection.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_offset[100], s_country[100], s_changes[200], s_change[50] data/orage-4.12.1/panel-plugin/timezone_selection.c:93:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(area_old, "S T a R T"); /* this never matches */ data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:131:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(clock_line->prev, "New line"); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[OC_MAX_LINE_LENGTH-1]; data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[OC_MAX_LINE_LENGTH-1]; data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[OC_MAX_LINE_LENGTH-1], res_next[OC_MAX_LINE_LENGTH-1]; data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:501:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(clock_line->prev, "New line"); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:553:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "data%d", i); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:556:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "font%d", i); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:597:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%uR %uG %uB" data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:607:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%uR %uG %uB" data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:640:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "data%d", i); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:642:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "font%d", i); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:647:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "data%d", i); data/orage-4.12.1/panel-plugin/xfce4-orageclock-plugin.c:649:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "font%d", i); data/orage-4.12.1/src/appointment.c:1462:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(recur_exception->type, "RDATE"); data/orage-4.12.1/src/appointment.c:1467:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(recur_exception->type, "EXDATE"); data/orage-4.12.1/src/appointment.c:2741:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *availability_array[2] = {_("Free"), _("Busy")}; data/orage-4.12.1/src/appointment.c:3017:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *when_array[4] = {_("Before Start"), _("Before End") data/orage-4.12.1/src/appointment.c:3296:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *recur_freq_array[6] = { data/orage-4.12.1/src/appointment.c:3298:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *weekday_array[7] = { data/orage-4.12.1/src/day-view.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s_date, a_day[9]; data/orage-4.12.1/src/day-view.c:714:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "O00."); data/orage-4.12.1/src/day-view.c:952:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[5+1], *date, *today; data/orage-4.12.1/src/event-list.c:478:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "O00."); data/orage-4.12.1/src/event-list.c:489:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "A00."); data/orage-4.12.1/src/event-list.c:566:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "O00."); data/orage-4.12.1/src/event-list.c:578:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "A00."); data/orage-4.12.1/src/event-list.c:607:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_day[9]; /* yyyymmdd */ data/orage-4.12.1/src/event-list.c:653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_day[9]; /* yyyymmdd */ data/orage-4.12.1/src/event-list.c:668:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_day[9]; /* yyyymmdd */ data/orage-4.12.1/src/event-list.c:921:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *title, a_day[9]; data/orage-4.12.1/src/event-list.h:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_now[6]; /* hh:mm */ data/orage-4.12.1/src/event-list.h:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_now[XFICAL_APPT_TIME_FORMAT_LEN]; /* yyyymmddThhmmss */ data/orage-4.12.1/src/functions.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *formatted, time_stamp[10]; data/orage-4.12.1/src/functions.c:647:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char i18_time[128]; data/orage-4.12.1/src/functions.c:656:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char i18_date[128]; data/orage-4.12.1/src/functions.c:747:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char icaltime[XFICAL_APPT_TIME_FORMAT_LEN]; data/orage-4.12.1/src/functions.c:772:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char i18_time[10]; data/orage-4.12.1/src/ical-code.c:956:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[50]; data/orage-4.12.1/src/ical-code.c:2165:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(excp->type, "EXDATE"); data/orage-4.12.1/src/ical-code.c:2185:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(excp->type, "RDATE"); data/orage-4.12.1/src/ical-code.c:2347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_type[8]; data/orage-4.12.1/src/ical-code.c:3204:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "O00."); data/orage-4.12.1/src/ical-code.c:4088:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *uid, ical_uid[XFICAL_UID_LEN+1]; data/orage-4.12.1/src/mainbox.c:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_date[9]; data/orage-4.12.1/src/mainbox.c:693:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_day[9]; /* yyyymmdd */ data/orage-4.12.1/src/mainbox.c:711:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "O00."); data/orage-4.12.1/src/mainbox.c:740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_day[9]; /* yyyymmdd */ data/orage-4.12.1/src/mainbox.c:761:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(file_type, "O00."); data/orage-4.12.1/src/reminder.c:556:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char heading[250]; data/orage-4.12.1/src/timezone_selection.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_old[MAX_AREA_LENGTH+2]; /*+2 = / + null */ data/orage-4.12.1/src/timezone_selection.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_offset[100], s_country[100], s_changes[200], s_change[50] data/orage-4.12.1/src/timezone_selection.c:92:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(area_old, "S T a R T"); /* this never matches */ data/orage-4.12.1/src/tray_icon.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_date[9]; data/orage-4.12.1/src/tz_zoneinfo_read.c:148:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(file_name, "r"); data/orage-4.12.1/src/tz_zoneinfo_read.c:357:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, *str_nl, cc[4]; data/orage-4.12.1/src/tz_zoneinfo_read.c:429:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_next[101], s_prev[101]; data/orage-4.12.1/src/tz_zoneinfo_read.c:651:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). par_file = fopen(TZ_CONVERT_PAR_FILE_LOC, "r"); data/orage-4.12.1/src/tz_zoneinfo_read.c:790:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tz_dir, "zoneinfo/"); /* now we have the base directory */ data/orage-4.12.1/src/tz_zoneinfo_read.c:798:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(zone_tab_file = fopen(zone_tab_file_name, "r"))) { data/orage-4.12.1/src/tz_zoneinfo_read.c:844:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tz_dir, "misc/"); /* this is shorter than "zoneinfo" so it is safe */ data/orage-4.12.1/src/tz_zoneinfo_read.c:846:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tz_dir, "zoneinfo/"); /* now we have the base directory */ data/orage-4.12.1/src/tz_zoneinfo_read.c:854:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(country_file = fopen(country_file_name, "r"))) { data/orage-4.12.1/src/tz_zoneinfo_read.c:891:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(zones_tab_file = fopen(ICAL_ZONES_TAB_FILE_LOC, "r"))) { data/orage-4.12.1/tz_convert/tz_convert.c:135:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(file_name, "r"); data/orage-4.12.1/tz_convert/tz_convert.c:426:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(ical_file = fopen(out_file, "w"))) { data/orage-4.12.1/tz_convert/tz_convert.c:455:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(ical_file = fopen(out_file, "w"))) { data/orage-4.12.1/tz_convert/tz_convert.c:640:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100], until_date[31]; data/orage-4.12.1/tz_convert/tz_convert.c:1107:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). par_file = fopen(par_file_name, "w"); data/orage-4.12.1/tz_convert/tz_convert.c:1369:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ical_zone_tab = fopen(ical_zone, "r+"); data/orage-4.12.1/tz_convert/tz_convert.c:1374:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ical_zone_tab = fopen(ical_zone, "w"); data/orage-4.12.1/tz_convert/tz_convert.c:1382:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ical_zone_tab = fopen(ical_zone, "r+"); data/orage-4.12.1/globaltime/gt_prefs.c:379:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(gtk_entry_get_text(GTK_ENTRY(modify_clock->name_entry))) data/orage-4.12.1/globaltime/timezone_selection.c:163:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_change_time, " "); data/orage-4.12.1/globaltime/timezone_selection.c:172:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_change, " "); data/orage-4.12.1/globaltime/timezone_selection.c:192:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_country, " "); data/orage-4.12.1/globaltime/timezone_selection.c:198:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_country, " "); data/orage-4.12.1/globaltime/timezone_selection.c:199:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_changes, " "); data/orage-4.12.1/libical/src/libical/icalcomponent.c:2248:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_tzid = malloc (tzid_len + strlen (suffix_buf) + 1); data/orage-4.12.1/libical/src/libical/icalcomponent.c:2254:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (new_tzid, tzid, tzid_len); data/orage-4.12.1/libical/src/libical/icalcomponent.c:2267:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (tzid); data/orage-4.12.1/libical/src/libical/icalduration.c:87:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(str); data/orage-4.12.1/libical/src/libical/icallangbind.c:209:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* copy = (char*) malloc(strlen(str)+1); data/orage-4.12.1/libical/src/libical/icallangbind.c:301:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_size = 2 * strlen(str); data/orage-4.12.1/libical/src/libical/icalmemory.c:230:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* b = icalmemory_tmp_buffer(strlen(str)+1); data/orage-4.12.1/libical/src/libical/icalmemory.c:310:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_length = strlen(string); data/orage-4.12.1/libical/src/libical/icalparameter.c:274:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_buf = icalmemory_tmp_buffer(strlen(buf)); data/orage-4.12.1/libical/src/libical/icalparser.c:191:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf,start,size); data/orage-4.12.1/libical/src/libical/icalparser.c:266:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next = (char*)(size_t)line+(size_t)strlen(line);\ data/orage-4.12.1/libical/src/libical/icalparser.c:291:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(line); data/orage-4.12.1/libical/src/libical/icalparser.c:646:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str == 0 || strlen(str) == 0 ){ data/orage-4.12.1/libical/src/libical/icalparser.c:1060:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(data->pos); data/orage-4.12.1/libical/src/libical/icalparser.c:1071:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out,data->pos,size); data/orage-4.12.1/libical/src/libical/icalproperty.c:325:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/orage-4.12.1/libical/src/libical/icalproperty.c:361:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_buf = icalmemory_tmp_buffer (strlen (buf) + 1); data/orage-4.12.1/libical/src/libical/icalrecur.c:362:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = (char*)vals_copy+strlen(vals_copy); data/orage-4.12.1/libical/src/libical/icaltime.c:384:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(str); data/orage-4.12.1/libical/src/libical/icaltimezone.c:419:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). standard_len = strlen (standard_tzname); data/orage-4.12.1/libical/src/libical/icaltimezone.c:420:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). daylight_len = strlen (daylight_tzname); data/orage-4.12.1/libical/src/libical/icaltimezone.c:1418:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (get_zone_directory()) + strlen (ZONES_TAB_FILENAME) data/orage-4.12.1/libical/src/libical/icaltimezone.c:1418:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (get_zone_directory()) + strlen (ZONES_TAB_FILENAME) data/orage-4.12.1/libical/src/libical/icaltimezone.c:1498:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (get_zone_directory()) + strlen (zone->location) + 6; data/orage-4.12.1/libical/src/libical/icaltimezone.c:1498:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (get_zone_directory()) + strlen (zone->location) + 6; data/orage-4.12.1/libical/src/libical/icaltimezone.c:1659:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zone_files_directory = malloc(strlen(path)+1); data/orage-4.12.1/libical/src/libical/icalvalue.c:185:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* out = (char*)malloc(sizeof(char) * strlen(str) +1); data/orage-4.12.1/libical/src/libical/icalvalue.c:696:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = (char*)icalmemory_tmp_buffer(strlen(data)+1); data/orage-4.12.1/libical/src/libical/icalvalue.c:724:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_sz = strlen(value->data.v_string)+1; data/orage-4.12.1/libical/src/libical/icalvalue.c:801:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = icalmemory_tmp_buffer (strlen (url) + 1); data/orage-4.12.1/libical/src/libical/icalvalue.c:860:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(str,"T"); data/orage-4.12.1/libical/src/libical/icalvalue.c:1295:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr) >= nMaxBufferLen) data/orage-4.12.1/libical/src/libical/sspm.c:163:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p+=strlen(parameter); data/orage-4.12.1/libical/src/libical/sspm.c:181:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name,p,(size_t)s-(size_t)p); data/orage-4.12.1/libical/src/libical/sspm.c:203:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name,line,(size_t)c-(size_t)line); data/orage-4.12.1/libical/src/libical/sspm.c:226:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = c+strlen(line); data/orage-4.12.1/libical/src/libical/sspm.c:448:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(major_content_type_map[i].str))==0){ data/orage-4.12.1/libical/src/libical/sspm.c:472:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(minor_content_type_map[i].str))==0){ data/orage-4.12.1/libical/src/libical/sspm.c:676:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((boundary = (char*)malloc(strlen(line)+5)) == 0){ data/orage-4.12.1/libical/src/libical/sspm.c:718:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((boundary = (char*)malloc(strlen(line)+5)) == 0){ data/orage-4.12.1/libical/src/libical/sspm.c:735:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen(line); data/orage-4.12.1/libical/src/libical/sspm.c:819:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((boundary = (char*)malloc(strlen(line)+5)) == 0){ data/orage-4.12.1/libical/src/libical/sspm.c:954:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(buf) < BUF_SIZE); data/orage-4.12.1/libical/src/libical/sspm.c:973:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = (char*) ( (size_t)strlen(last_line)+ data/orage-4.12.1/libical/src/libical/sspm.c:981:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (last_line[strlen(last_line)-1] == '\n'){ data/orage-4.12.1/libical/src/libical/sspm.c:982:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last_line[strlen(last_line)-1] = '\0'; data/orage-4.12.1/libical/src/libical/sspm.c:989:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(buf_start) + strlen(last_line) < BUF_SIZE); data/orage-4.12.1/libical/src/libical/sspm.c:989:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(buf_start) + strlen(last_line) < BUF_SIZE); data/orage-4.12.1/libical/src/libical/sspm.c:1293:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_length = strlen(string); data/orage-4.12.1/libical/src/libical/sspm.c:1593:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(buf.buffer[strlen(buf.buffer)-1] != '\n'){ data/orage-4.12.1/libical/src/libical/vsnprintf.c:96:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, p, n-1); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:89:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path,"/"); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:196:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(dir,"/"); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:216:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path,"/"); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:233:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path,"/"); data/orage-4.12.1/libical/src/libicalss/icalcalendar.c:250:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path,"/"); data/orage-4.12.1/libical/src/libicalss/icalfileset.c:189:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read(fd,p,1) != 1 || *p=='\n'){ data/orage-4.12.1/libical/src/libicalss/icalfileset.c:382:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz=write(fset->fd,str,strlen(str)); data/orage-4.12.1/libical/src/libicalss/icalfileset.c:384:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( sz != strlen(str)){ data/orage-4.12.1/libical/src/libicalss/icalset.c:184:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr = buf + strlen(buf); data/orage-4.12.1/libical/src/libicalss/icalsslexer.c:838:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/orage-4.12.1/libical/src/libicalss/icalssyacc.c:535:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/orage-4.12.1/libical/src/libicalss/icalssyacc.c:1298:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = s+strlen(s)-1; data/orage-4.12.1/panel-plugin/timezone_selection.c:164:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_change_time, " "); data/orage-4.12.1/panel-plugin/timezone_selection.c:173:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_change, " "); data/orage-4.12.1/panel-plugin/timezone_selection.c:193:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_country, " "); data/orage-4.12.1/panel-plugin/timezone_selection.c:199:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_country, " "); data/orage-4.12.1/panel-plugin/timezone_selection.c:200:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_changes, " "); data/orage-4.12.1/src/appointment.c:694:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(appSound_entry_filename) > 0) data/orage-4.12.1/src/appointment.c:884:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tmp); data/orage-4.12.1/src/appointment.c:1459:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(text); data/orage-4.12.1/src/appointment.c:1463:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recur_exception->time, orage_i18_time_to_icaltime(text), 16); data/orage-4.12.1/src/appointment.c:1476:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recur_exception->time, orage_i18_date_to_icaldate(text), 16); data/orage-4.12.1/src/appointment.c:1478:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recur_exception->time, orage_i18_time_to_icaltime(text), 16); data/orage-4.12.1/src/appointment.c:1486:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recur_exception->time, orage_i18_time_to_icaltime(text), 16); data/orage-4.12.1/src/appointment.c:1488:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(recur_exception->time, orage_i18_date_to_icaldate(text), 16); data/orage-4.12.1/src/appointment.c:1549:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tmp_type, "-"); data/orage-4.12.1/src/appointment.c:1551:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tmp_type, "+"); data/orage-4.12.1/src/appointment.c:1553:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp_type, p_type, 1); data/orage-4.12.1/src/appointment.c:1660:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(appt->starttime) > 6 ) { data/orage-4.12.1/src/appointment.c:1689:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(appt->endtime) > 6 ) { data/orage-4.12.1/src/appointment.c:1726:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(appt->completedtime) > 6 ) { data/orage-4.12.1/src/appointment.c:2206:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , _(" *** COPY ***"), strlen(_(" *** COPY ***")), &i); data/orage-4.12.1/src/day-view.c:177:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, orage_i18_date_to_icaldate(s_date), 8); data/orage-4.12.1/src/day-view.c:555:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tip_note = g_markup_escape_text(tmp_note, strlen(tmp_note)); data/orage-4.12.1/src/day-view.c:707:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dw->a_day, orage_i18_date_to_icaldate(s_date), 8); data/orage-4.12.1/src/event-list.c:320:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(start_time, stime, len); data/orage-4.12.1/src/event-list.c:323:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(end_time, "99999", len); /* long in the future*/ data/orage-4.12.1/src/event-list.c:325:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(end_time, stime+len, len); data/orage-4.12.1/src/event-list.c:422:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp = g_strstr_len(tmp_note, strlen(tmp_note), "\n")) != NULL) { data/orage-4.12.1/src/event-list.c:424:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(tmp_note)-strlen(tmp)) < len) data/orage-4.12.1/src/event-list.c:424:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(tmp_note)-strlen(tmp)) < len) data/orage-4.12.1/src/event-list.c:425:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp_note)-strlen(tmp); data/orage-4.12.1/src/event-list.c:425:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp_note)-strlen(tmp); data/orage-4.12.1/src/event-list.c:624:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(a_day, "19000101", 8); data/orage-4.12.1/src/event-list.c:635:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, stime, 8); data/orage-4.12.1/src/event-list.c:659:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, stime, 8); data/orage-4.12.1/src/event-list.c:661:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(el->date_now, stime, XFICAL_APPT_TIME_FORMAT_LEN-1); data/orage-4.12.1/src/event-list.c:671:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, orage_i18_date_to_icaldate(gtk_button_get_label( data/orage-4.12.1/src/event-list.c:924:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, orage_i18_date_to_icaldate(title), 8); data/orage-4.12.1/src/functions.c:345:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (cur = text; cur && (cmd = strstr(cur, old)); cur = cmd + strlen(old)) { data/orage-4.12.1/src/functions.c:421:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int text_len=strlen(text); data/orage-4.12.1/src/ical-archive.c:122:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gint x_len = strlen("X-ORAGE-ORIG-"); data/orage-4.12.1/src/ical-code.c:1200:275: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orage_message(110, "appt_add_exceptions_internal: EXDATE is date (%s) (%d). There is libical bug http://sourceforge.net/tracker/?func=detail&aid=2901161&group_id=16077&atid=116077 which causes that excluded dates do not work properly in Orage.", excp->time, strlen(excp->time)); data/orage-4.12.1/src/ical-code.c:2161:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) > 16) data/orage-4.12.1/src/ical-code.c:2180:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) > 16) data/orage-4.12.1/src/ical-code.c:2353:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file_type, uid, 4); /* file id */ data/orage-4.12.1/src/ical-code.c:3838:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(appt->starttimecur, icaltime_as_ical_string(sdate), 16); data/orage-4.12.1/src/ical-code.c:3840:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(appt->endtimecur, icaltime_as_ical_string(edate), 16); data/orage-4.12.1/src/ical-code.c:4019:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next += strlen(str); data/orage-4.12.1/src/ical-code.c:4054:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prev += strlen(str); data/orage-4.12.1/src/ical-code.c:4063:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prev -= strlen(str); data/orage-4.12.1/src/ical-code.c:4105:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text_len == strlen(text_upper)) { data/orage-4.12.1/src/ical-code.c:4121:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , text_len, strlen(text_upper)); data/orage-4.12.1/src/ical-code.c:4131:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). beg -= strlen("\nBEGIN:"); /* we need to be able to find first, too */ data/orage-4.12.1/src/ical-code.c:4193:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ical_uid) > XFICAL_UID_LEN-2) { data/orage-4.12.1/src/ical-expimp.c:145:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = g_strstr_len(tmp, strlen(tmp), "DCREATED:")) { data/orage-4.12.1/src/ical-expimp.c:146:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp2 = tmp+strlen("DCREATED:yyyymmddThhmmss"); data/orage-4.12.1/src/ical-expimp.c:167:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = g_strstr_len(tmp, strlen(tmp), ";TZID=/")) { data/orage-4.12.1/src/ical-expimp.c:392:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(uid) < 5) { data/orage-4.12.1/src/ical-expimp.c:397:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uid_end = g_strstr_len((const gchar *)uid, strlen(uid), ","); data/orage-4.12.1/src/interface.c:463:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , strlen(filename), ","); data/orage-4.12.1/src/interface.c:870:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , strlen(file), &pos); data/orage-4.12.1/src/mainbox.c:85:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cur_date, orage_cal_to_icaldate(GTK_CALENDAR(cal->mCalendar)), 8); data/orage-4.12.1/src/mainbox.c:483:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = g_markup_escape_text(tmp_note, strlen(tmp_note)); data/orage-4.12.1/src/mainbox.c:706:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, s_time, 8); data/orage-4.12.1/src/mainbox.c:757:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(a_day, s_time, 8); data/orage-4.12.1/src/parameters.c:381:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (g_par.sound_application == NULL || strlen(g_par.sound_application) == 0 data/orage-4.12.1/src/parameters.c:1106:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint tz_offset = strlen("/usr/share/zoneinfo/"); data/orage-4.12.1/src/reminder.c:564:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(heading, _("Reminder "), 100); data/orage-4.12.1/src/reminder.c:866:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sep += strlen(" - "); /* points now to the end-time */ data/orage-4.12.1/src/reminder.c:1103:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cur_alarm->alarm_time) < XFICAL_APPT_DATE_FORMAT_LEN) { data/orage-4.12.1/src/reminder.c:1139:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , strlen(cur_alarm->title)) data/orage-4.12.1/src/timezone_selection.c:175:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_change_time, " "); data/orage-4.12.1/src/timezone_selection.c:184:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_change, " "); data/orage-4.12.1/src/timezone_selection.c:204:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_country, " "); data/orage-4.12.1/src/timezone_selection.c:210:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_country, " "); data/orage-4.12.1/src/timezone_selection.c:211:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s_changes, " "); data/orage-4.12.1/src/tz_zoneinfo_read.c:277:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("Abbr:%d (%d)(%s)\n", i, (int)strlen((char *)(tmp + i)) data/orage-4.12.1/src/tz_zoneinfo_read.c:279:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen((char *)(tmp + i)); data/orage-4.12.1/src/tz_zoneinfo_read.c:371:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tz_array.cc[tz_array.count], ++str_nl, 2); data/orage-4.12.1/src/tz_zoneinfo_read.c:392:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tz_array.country[tz_array.count], str, (str_nl - str)); data/orage-4.12.1/src/tz_zoneinfo_read.c:553:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("zoneinfo/")]); data/orage-4.12.1/src/tz_zoneinfo_read.c:722:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tz_len = strlen(tz); data/orage-4.12.1/src/tz_zoneinfo_read.c:738:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in_timezone_name = strdup(&in_file[in_file_base_offset + strlen(tz2)]); data/orage-4.12.1/src/tz_zoneinfo_read.c:779:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int zoneinfo_len=strlen("zoneinfo/"); data/orage-4.12.1/src/tz_zoneinfo_read.c:788:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tz_dir, in_file, in_file_base_offset); data/orage-4.12.1/src/tz_zoneinfo_read.c:792:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zone_tab_file_name = malloc(strlen(tz_dir) + strlen(ZONETAB_FILE) + 1); data/orage-4.12.1/src/tz_zoneinfo_read.c:792:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zone_tab_file_name = malloc(strlen(tz_dir) + strlen(ZONETAB_FILE) + 1); data/orage-4.12.1/src/tz_zoneinfo_read.c:831:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int zoneinfo_len=strlen("zoneinfo/"); data/orage-4.12.1/src/tz_zoneinfo_read.c:841:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tz_dir, in_file, in_file_base_offset); data/orage-4.12.1/src/tz_zoneinfo_read.c:849:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). country_file_name = malloc(strlen(tz_dir) + strlen(COUNTRY_FILE) + 1); data/orage-4.12.1/src/tz_zoneinfo_read.c:849:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). country_file_name = malloc(strlen(tz_dir) + strlen(COUNTRY_FILE) + 1); data/orage-4.12.1/tz_convert/tz_convert.c:264:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("Abbr:%d (%d)(%s)\n", i, (int)strlen((char *)(tmp + i)) data/orage-4.12.1/tz_convert/tz_convert.c:266:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen((char *)(tmp + i)); data/orage-4.12.1/tz_convert/tz_convert.c:345:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_file_name_len = strlen(out_file); data/orage-4.12.1/tz_convert/tz_convert.c:346:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). backup_ending_len = strlen(backup_ending); data/orage-4.12.1/tz_convert/tz_convert.c:350:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(backup_out_file, out_file, out_file_name_len); data/orage-4.12.1/tz_convert/tz_convert.c:352:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(backup_out_file, backup_ending, backup_ending_len); data/orage-4.12.1/tz_convert/tz_convert.c:396:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in_file_name_len = strlen(&in_file_name[in_file_base_offset]); data/orage-4.12.1/tz_convert/tz_convert.c:397:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ical_ending_len = strlen(ical_ending); data/orage-4.12.1/tz_convert/tz_convert.c:401:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out_file, &in_file_name[in_file_base_offset], in_file_name_len); data/orage-4.12.1/tz_convert/tz_convert.c:403:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(out_file, ical_ending, ical_ending_len); data/orage-4.12.1/tz_convert/tz_convert.c:408:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("zoneinfo/")]); data/orage-4.12.1/tz_convert/tz_convert.c:479:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(data); data/orage-4.12.1/tz_convert/tz_convert.c:1113:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = in_file_base_offset + strlen("zoneinfo"); data/orage-4.12.1/tz_convert/tz_convert.c:1116:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len <= strlen(in_file)) { data/orage-4.12.1/tz_convert/tz_convert.c:1365:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(timezone_name), buf_len; data/orage-4.12.1/tz_convert/tz_convert.c:1439:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len = strlen(&ical_zone_buf[offset-18]); data/orage-4.12.1/tz_convert/tz_convert.c:1580:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tz_len = strlen(tz); data/orage-4.12.1/tz_convert/tz_convert.c:1596:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in_timezone_name = strdup(&in_file[in_file_base_offset + strlen(tz2)]); ANALYSIS SUMMARY: Hits = 464 Lines analyzed = 59348 in approximately 1.53 seconds (38679 lines/second) Physical Source Lines of Code (SLOC) = 40701 Hits@level = [0] 314 [1] 177 [2] 179 [3] 1 [4] 107 [5] 0 Hits@level+ = [0+] 778 [1+] 464 [2+] 287 [3+] 108 [4+] 107 [5+] 0 Hits/KSLOC@level+ = [0+] 19.115 [1+] 11.4002 [2+] 7.05142 [3+] 2.6535 [4+] 2.62893 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.