Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pccts-1.33MR33/antlr/antlr.c
Examining data/pccts-1.33MR33/antlr/bits.c
Examining data/pccts-1.33MR33/antlr/build.c
Examining data/pccts-1.33MR33/antlr/dumpcycles.c
Examining data/pccts-1.33MR33/antlr/dumpnode.c
Examining data/pccts-1.33MR33/antlr/egman.c
Examining data/pccts-1.33MR33/antlr/err.c
Examining data/pccts-1.33MR33/antlr/fcache.c
Examining data/pccts-1.33MR33/antlr/fset.c
Examining data/pccts-1.33MR33/antlr/fset2.c
Examining data/pccts-1.33MR33/antlr/generic.h
Examining data/pccts-1.33MR33/antlr/globals.c
Examining data/pccts-1.33MR33/antlr/hash.c
Examining data/pccts-1.33MR33/antlr/hash.h
Examining data/pccts-1.33MR33/antlr/lex.c
Examining data/pccts-1.33MR33/antlr/main.c
Examining data/pccts-1.33MR33/antlr/misc.c
Examining data/pccts-1.33MR33/antlr/mode.h
Examining data/pccts-1.33MR33/antlr/mrhoist.c
Examining data/pccts-1.33MR33/antlr/pred.c
Examining data/pccts-1.33MR33/antlr/proto.h
Examining data/pccts-1.33MR33/antlr/scan.c
Examining data/pccts-1.33MR33/antlr/stdpccts.h
Examining data/pccts-1.33MR33/antlr/syn.h
Examining data/pccts-1.33MR33/antlr/tokens.h
Examining data/pccts-1.33MR33/antlr/gen.c
Examining data/pccts-1.33MR33/dlg/automata.c
Examining data/pccts-1.33MR33/dlg/dlg.h
Examining data/pccts-1.33MR33/dlg/dlg_a.c
Examining data/pccts-1.33MR33/dlg/dlg_p.c
Examining data/pccts-1.33MR33/dlg/err.c
Examining data/pccts-1.33MR33/dlg/main.c
Examining data/pccts-1.33MR33/dlg/mode.h
Examining data/pccts-1.33MR33/dlg/output.c
Examining data/pccts-1.33MR33/dlg/relabel.c
Examining data/pccts-1.33MR33/dlg/stdpccts.h
Examining data/pccts-1.33MR33/dlg/support.c
Examining data/pccts-1.33MR33/dlg/tokens.h
Examining data/pccts-1.33MR33/h/antlr.h
Examining data/pccts-1.33MR33/h/AParser.cpp
Examining data/pccts-1.33MR33/h/AParser.h
Examining data/pccts-1.33MR33/h/ast.c
Examining data/pccts-1.33MR33/h/ast.h
Examining data/pccts-1.33MR33/h/ASTBase.cpp
Examining data/pccts-1.33MR33/h/ASTBase.h
Examining data/pccts-1.33MR33/h/AToken.h
Examining data/pccts-1.33MR33/h/ATokenBuffer.cpp
Examining data/pccts-1.33MR33/h/ATokenBuffer.h
Examining data/pccts-1.33MR33/h/ATokenStream.h
Examining data/pccts-1.33MR33/h/ATokPtr.h
Examining data/pccts-1.33MR33/h/ATokPtrImpl.h
Examining data/pccts-1.33MR33/h/BufFileInput.cpp
Examining data/pccts-1.33MR33/h/BufFileInput.h
Examining data/pccts-1.33MR33/h/charbuf.h
Examining data/pccts-1.33MR33/h/charptr.c
Examining data/pccts-1.33MR33/h/charptr.h
Examining data/pccts-1.33MR33/h/config.h
Examining data/pccts-1.33MR33/h/DLexer.h
Examining data/pccts-1.33MR33/h/DLexerBase.cpp
Examining data/pccts-1.33MR33/h/DLexerBase.h
Examining data/pccts-1.33MR33/h/dlgauto.h
Examining data/pccts-1.33MR33/h/dlgdef.h
Examining data/pccts-1.33MR33/h/DLG_stream_input.h
Examining data/pccts-1.33MR33/h/err.h
Examining data/pccts-1.33MR33/h/int.h
Examining data/pccts-1.33MR33/h/PBlackBox.h
Examining data/pccts-1.33MR33/h/PCCTSAST.cpp
Examining data/pccts-1.33MR33/h/PCCTSAST.h
Examining data/pccts-1.33MR33/h/pcctscfg.h
Examining data/pccts-1.33MR33/h/pccts_assert.h
Examining data/pccts-1.33MR33/h/pccts_iostream.h
Examining data/pccts-1.33MR33/h/pccts_istream.h
Examining data/pccts-1.33MR33/h/pccts_setjmp.h
Examining data/pccts-1.33MR33/h/pccts_stdarg.h
Examining data/pccts-1.33MR33/h/pccts_stdio.h
Examining data/pccts-1.33MR33/h/pccts_stdlib.h
Examining data/pccts-1.33MR33/h/pccts_string.h
Examining data/pccts-1.33MR33/h/slist.cpp
Examining data/pccts-1.33MR33/h/SList.h
Examining data/pccts-1.33MR33/sorcerer/cpp.c
Examining data/pccts-1.33MR33/sorcerer/err.c
Examining data/pccts-1.33MR33/sorcerer/gen.c
Examining data/pccts-1.33MR33/sorcerer/globals.c
Examining data/pccts-1.33MR33/sorcerer/h/astlib.h
Examining data/pccts-1.33MR33/sorcerer/h/SASTBase.h
Examining data/pccts-1.33MR33/sorcerer/h/SCommonAST.h
Examining data/pccts-1.33MR33/sorcerer/h/sintstack.h
Examining data/pccts-1.33MR33/sorcerer/h/sorcerer.h
Examining data/pccts-1.33MR33/sorcerer/h/sorlist.h
Examining data/pccts-1.33MR33/sorcerer/h/sstack.h
Examining data/pccts-1.33MR33/sorcerer/h/STreeParser.h
Examining data/pccts-1.33MR33/sorcerer/hash.c
Examining data/pccts-1.33MR33/sorcerer/hash.h
Examining data/pccts-1.33MR33/sorcerer/lib/CASTBase.h
Examining data/pccts-1.33MR33/sorcerer/lib/errsupport.c
Examining data/pccts-1.33MR33/sorcerer/lib/sorcerer.c
Examining data/pccts-1.33MR33/sorcerer/lib/sstack.c
Examining data/pccts-1.33MR33/sorcerer/lib/STreeParser.cpp
Examining data/pccts-1.33MR33/sorcerer/lib/sintstack.c
Examining data/pccts-1.33MR33/sorcerer/lib/sorlist.c
Examining data/pccts-1.33MR33/sorcerer/lib/astlib.c
Examining data/pccts-1.33MR33/sorcerer/look.c
Examining data/pccts-1.33MR33/sorcerer/main.c
Examining data/pccts-1.33MR33/sorcerer/mode.h
Examining data/pccts-1.33MR33/sorcerer/proto.h
Examining data/pccts-1.33MR33/sorcerer/scan.c
Examining data/pccts-1.33MR33/sorcerer/sor.h
Examining data/pccts-1.33MR33/sorcerer/stdpccts.h
Examining data/pccts-1.33MR33/sorcerer/sym.h
Examining data/pccts-1.33MR33/sorcerer/test/test6.c
Examining data/pccts-1.33MR33/sorcerer/test/test7/main.c
Examining data/pccts-1.33MR33/sorcerer/test/test7/stdpccts.h
Examining data/pccts-1.33MR33/sorcerer/test/test7/test7.c
Examining data/pccts-1.33MR33/sorcerer/test/tokens6.h
Examining data/pccts-1.33MR33/sorcerer/testcpp/test4/AST.h
Examining data/pccts-1.33MR33/sorcerer/testcpp/test4/main.cpp
Examining data/pccts-1.33MR33/sorcerer/testcpp/test4/SimpleTreeParser.cpp
Examining data/pccts-1.33MR33/sorcerer/testcpp/test4/SimpleTreeParser.h
Examining data/pccts-1.33MR33/sorcerer/testcpp/token3.h
Examining data/pccts-1.33MR33/sorcerer/tokens.h
Examining data/pccts-1.33MR33/sorcerer/sor.c
Examining data/pccts-1.33MR33/support/DECmms/genmms.c
Examining data/pccts-1.33MR33/support/genmk/genmk_old.c
Examining data/pccts-1.33MR33/support/genmk/genmk.c
Examining data/pccts-1.33MR33/support/rexpr/rexpr.c
Examining data/pccts-1.33MR33/support/rexpr/rexpr.h
Examining data/pccts-1.33MR33/support/rexpr/test.c
Examining data/pccts-1.33MR33/support/set/set.c
Examining data/pccts-1.33MR33/support/set/set.h
Examining data/pccts-1.33MR33/support/sym/sym.c
Examining data/pccts-1.33MR33/support/sym/template.h
Examining data/pccts-1.33MR33/testcpp/11/input.h
Examining data/pccts-1.33MR33/testcpp/2/MyLexer.cpp
Examining data/pccts-1.33MR33/testcpp/2/MyLexer.h
Examining data/pccts-1.33MR33/testcpp/3/MyLexer.cpp
Examining data/pccts-1.33MR33/testcpp/3/MyLexer.h
Examining data/pccts-1.33MR33/testcpp/3/mytokens.h
Examining data/pccts-1.33MR33/testcpp/4/mytokens.h
Examining data/pccts-1.33MR33/testcpp/5/input.h
Examining data/pccts-1.33MR33/testcpp/6/main.cpp
Examining data/pccts-1.33MR33/testcpp/8/main.cpp
FINAL RESULTS:
data/pccts-1.33MR33/antlr/antlr.c:88:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(HdrAction, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:102:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FirstAction, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:436:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(CurrentClassName, name);
data/pccts-1.33MR33/antlr/antlr.c:459:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
/* MR22 */ strcpy(BaseClassName,LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:570:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdecl, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:592:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:691:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:752:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:786:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
/* MR1 */ strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:822:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
/* MR1 */ strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:870:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(CurPredName,name);
data/pccts-1.33MR33/antlr/antlr.c:1604:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2361:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2429:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2518:55: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
/* MR21 */ strcpy(pFirstSetSymbol, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2531:53: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
/* MR21 */ strcpy(pFirstSetSymbol, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2632:31: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2890:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2996:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_retv->signalname, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:3006:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_retv->signalname, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:3026:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_retv->action, LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:3551:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile]!=NULL?FileStr[CurFile]:"stdin", zzline);
data/pccts-1.33MR33/antlr/bits.c:78:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, format, (wd&byte_mask[i])>>(i*BitsPerByte));
data/pccts-1.33MR33/antlr/build.c:65:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, parm);
data/pccts-1.33MR33/antlr/build.c:105:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a->action, action);
data/pccts-1.33MR33/antlr/fset.c:537:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[predicate->source->file],
data/pccts-1.33MR33/antlr/fset.c:540:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[predicate->source->file],
data/pccts-1.33MR33/antlr/fset.c:544:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[predicate->source->file],
data/pccts-1.33MR33/antlr/fset.c:547:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[predicate->source->file],
data/pccts-1.33MR33/antlr/fset.c:598:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset.c:619:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt2->file], alt2->line);
data/pccts-1.33MR33/antlr/fset.c:643:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset.c:657:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt2->file], alt2->line);
data/pccts-1.33MR33/antlr/fset.c:697:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[parentRule->file],parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:723:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr,FileStr[parentRule->file],parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:735:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[parentRule->file], parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:759:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[parentRule->file], parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:772:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[parentRule->file], parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:837:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[parentRule->file], parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:850:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[parentRule->file], parentRule->line);
data/pccts-1.33MR33/antlr/fset.c:1030:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset.c:1077:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset.c:1128:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset.c:1239:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset.c:1357:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[alt1->file], alt1->line);
data/pccts-1.33MR33/antlr/fset2.c:247:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurAmbigfile], CurAmbigline);
data/pccts-1.33MR33/antlr/fset2.c:258:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurAmbigfile], CurAmbigline);
data/pccts-1.33MR33/antlr/fset2.c:1246:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurAmbigfile], CurAmbigline);
data/pccts-1.33MR33/antlr/fset2.c:1871:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout,
data/pccts-1.33MR33/antlr/fset2.c:1968:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout,
data/pccts-1.33MR33/antlr/fset2.c:2213:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout,TerminalString(tn->token));
data/pccts-1.33MR33/antlr/gen.c:153:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen(s) {tab(); fprintf(output, s);}
data/pccts-1.33MR33/antlr/gen.c:154:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen1(s,a) {tab(); fprintf(output, s,a);}
data/pccts-1.33MR33/antlr/gen.c:155:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen2(s,a,b) {tab(); fprintf(output, s,a,b);}
data/pccts-1.33MR33/antlr/gen.c:156:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen3(s,a,b,c) {tab(); fprintf(output, s,a,b,c);}
data/pccts-1.33MR33/antlr/gen.c:157:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen4(s,a,b,c,d) {tab(); fprintf(output, s,a,b,c,d);}
data/pccts-1.33MR33/antlr/gen.c:158:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen5(s,a,b,c,d,e) {tab(); fprintf(output, s,a,b,c,d,e);}
data/pccts-1.33MR33/antlr/gen.c:159:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen6(s,a,b,c,d,e,f) {tab(); fprintf(output, s,a,b,c,d,e,f);}
data/pccts-1.33MR33/antlr/gen.c:160:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gen7(s,a,b,c,d,e,f,g) {tab(); fprintf(output, s,a,b,c,d,e,f,g);}
data/pccts-1.33MR33/antlr/gen.c:162:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen(s) {fprintf(output, s);}
data/pccts-1.33MR33/antlr/gen.c:163:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen1(s,a) {fprintf(output, s,a);}
data/pccts-1.33MR33/antlr/gen.c:164:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen2(s,a,b) {fprintf(output, s,a,b);}
data/pccts-1.33MR33/antlr/gen.c:165:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen3(s,a,b,c) {fprintf(output, s,a,b,c);}
data/pccts-1.33MR33/antlr/gen.c:166:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen4(s,a,b,c,d){fprintf(output, s,a,b,c,d);}
data/pccts-1.33MR33/antlr/gen.c:167:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen5(s,a,b,c,d,e){fprintf(output, s,a,b,c,d,e);}
data/pccts-1.33MR33/antlr/gen.c:168:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen6(s,a,b,c,d,e,f){fprintf(output, s,a,b,c,d,e,f);}
data/pccts-1.33MR33/antlr/gen.c:169:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gen7(s,a,b,c,d,e,f,g){fprintf(output, s,a,b,c,d,e,f,g);}
data/pccts-1.33MR33/antlr/gen.c:2305:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_set", TokenString(p->token));
data/pccts-1.33MR33/antlr/gen.c:2306:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufErrSet, "%s_errset", TokenString(p->token)); /* MR23 */
data/pccts-1.33MR33/antlr/gen.c:2328:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_setbar", TokenString(p->token));
data/pccts-1.33MR33/antlr/gen.c:2329:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufErrSet, "%s_errsetbar", TokenString(p->token)); /* MR23 */
data/pccts-1.33MR33/antlr/gen.c:4521:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(file, LineInfoFormatStr,line,fileName);
data/pccts-1.33MR33/antlr/gen.c:4524:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(file, LineInfoFormatStr,line,prevFileNameMS);
data/pccts-1.33MR33/antlr/lex.c:709:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
/* MR26 */ fprintf(output,strBetween(pSymbol, t, pSeparator));
data/pccts-1.33MR33/antlr/lex.c:774:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f,strBetween(pDataType, pSymbol, pSeparator));
data/pccts-1.33MR33/antlr/lex.c:855:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f,strBetween(pDataType, pSymbol, pSeparator));
data/pccts-1.33MR33/antlr/lex.c:857:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f,strBetween(pSymbol, pEqualSign, pSeparator));
data/pccts-1.33MR33/antlr/main.c:160:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Fn_in_Fl, one_fn);
data/pccts-1.33MR33/antlr/main.c:827:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Parser_h_Name, CurrentClassName);
data/pccts-1.33MR33/antlr/main.c:829:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Parser_c_Name, CurrentClassName);
data/pccts-1.33MR33/antlr/main.c:830:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Parser_c_Name, CPP_FILE_SUFFIX);
data/pccts-1.33MR33/antlr/main.c:1061:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile], zzline);
data/pccts-1.33MR33/antlr/main.c:1157:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, fs);
data/pccts-1.33MR33/antlr/main.c:1162:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf,suffix);
data/pccts-1.33MR33/antlr/main.c:1176:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1192:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1194:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1196:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1198:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1228:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, s, a1, a2, a3);
data/pccts-1.33MR33/antlr/main.c:1244:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, s, d);
data/pccts-1.33MR33/antlr/main.c:1260:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, s, d1, d2);
data/pccts-1.33MR33/antlr/main.c:1526:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, OutputDirectory);
data/pccts-1.33MR33/antlr/main.c:1530:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, dir_sym);
data/pccts-1.33MR33/antlr/main.c:1532:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, p);
data/pccts-1.33MR33/antlr/main.c:1610:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1624:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile], zzline);
data/pccts-1.33MR33/antlr/main.c:1638:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile], zzline);
data/pccts-1.33MR33/antlr/main.c:1663:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/antlr/main.c:1677:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile], zzline);
data/pccts-1.33MR33/antlr/main.c:1691:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile], zzline);
data/pccts-1.33MR33/antlr/main.c:1707:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ua->action, s);
data/pccts-1.33MR33/antlr/main.c:1723:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", name);
data/pccts-1.33MR33/antlr/main.c:1745:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/pccts-1.33MR33/antlr/misc.c:700:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key,rule);
data/pccts-1.33MR33/antlr/mrhoist.c:2218:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruleNameStatic2,"%s/?",ruleNameStatic1);
data/pccts-1.33MR33/antlr/mrhoist.c:2220:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ruleNameStatic2,"%s/%d",ruleNameStatic1,offset+1);
data/pccts-1.33MR33/antlr/scan.c:1288:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( !GenCC ) sprintf(buf,"zzaArg(zztasp%d,%s)",
data/pccts-1.33MR33/antlr/scan.c:1290:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(buf,"_t%d%s",
data/pccts-1.33MR33/antlr/scan.c:1311:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( !GenCC ) sprintf(buf,"zzaArg(zztasp%d,%s).",
data/pccts-1.33MR33/antlr/scan.c:1313:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(buf,"_t%d%s.",
data/pccts-1.33MR33/antlr/scan.c:1347:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( !GenCC ) sprintf(buf,"zzaArg(zztasp%s,%s)",i,j);
data/pccts-1.33MR33/antlr/scan.c:1348:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(buf,"_t%s%s",i,j);
data/pccts-1.33MR33/antlr/scan.c:1372:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"_retv.%s",&zzbegexpr[1]);
data/pccts-1.33MR33/antlr/scan.c:1442:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( GenCC ) sprintf(buf,"_ast%d%s",BlkLevel-1,zzbegexpr+1);
data/pccts-1.33MR33/antlr/scan.c:1443:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(buf,"zzastArg(%s)",zzbegexpr+1);
data/pccts-1.33MR33/antlr/scan.c:1487:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_ast", zzbegexpr+1);
data/pccts-1.33MR33/dlg/dlg_a.c:90:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(class_stream,format,string); /* MR1 */
data/pccts-1.33MR33/dlg/dlg_a.c:92:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(OUT,format,string); /* MR1 */
data/pccts-1.33MR33/dlg/dlg_p.c:946:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, file_str[0]!=NULL?file_str[0]:"stdin", zzline);
data/pccts-1.33MR33/dlg/output.c:125:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_h", name);
data/pccts-1.33MR33/dlg/output.c:139:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s);
data/pccts-1.33MR33/dlg/output.c:244:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
/* MR1 */ fprintf(class_stream,
data/pccts-1.33MR33/dlg/output.c:246:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
/* MR1 */ fprintf(class_stream,
data/pccts-1.33MR33/dlg/output.c:715:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", class_name, suffix);
data/pccts-1.33MR33/dlg/support.c:51:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,s,file,line);
data/pccts-1.33MR33/dlg/support.c:170:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,ErrHdr,
data/pccts-1.33MR33/dlg/support.c:184:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,ErrHdr,
data/pccts-1.33MR33/dlg/support.c:198:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,ErrHdr,
data/pccts-1.33MR33/dlg/support.c:230:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, OutputDirectory);
data/pccts-1.33MR33/dlg/support.c:234:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, dir_sym);
data/pccts-1.33MR33/dlg/support.c:237:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, p);
data/pccts-1.33MR33/h/AParser.cpp:557:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(zzFAILtext, LT(i)->getText());
data/pccts-1.33MR33/h/AParser.cpp:653:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(eMsgBuffer, err, d); // dangerous, but I don't care
data/pccts-1.33MR33/h/AParser.cpp:660:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(eMsgBuffer, err, s);
data/pccts-1.33MR33/h/AParser.cpp:667:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(eMsgBuffer, err, s, t);
data/pccts-1.33MR33/h/AParser.cpp:860:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return vfprintf(pFile, pFormat, arglist);
data/pccts-1.33MR33/h/ASTBase.cpp:252:15: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/h/AToken.h:95:17: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/h/AToken.h:136:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(object,"tok_%s",s);
data/pccts-1.33MR33/h/AToken.h:205:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_text,s);
data/pccts-1.33MR33/h/AToken.h:278:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_text,s);
data/pccts-1.33MR33/h/ATokenBuffer.cpp:360:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/h/DLexerBase.cpp:298:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/h/PCCTSAST.cpp:605:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ebuf, "mismatch token in scan(): %s", scan_token_str(parser->token));
data/pccts-1.33MR33/h/PCCTSAST.cpp:681:15: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/h/antlr.h:96:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, zzStackOvfMsg, __FILE__, __LINE__); \
data/pccts-1.33MR33/h/ast.h:38:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, zzStackOvfMsg, __FILE__, __LINE__); \
data/pccts-1.33MR33/h/charptr.c:57:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*a, text);
data/pccts-1.33MR33/h/err.h:195:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, LATEXT(i));
data/pccts-1.33MR33/h/err.h:301:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for (i=0; i<LL_K; i++) strcpy(buf->textLA[i], zztextLA[i]);
data/pccts-1.33MR33/h/err.h:306:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf->text, zzlextext);
data/pccts-1.33MR33/h/err.h:361:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for (i=0; i<LL_K; i++) strcpy(zztextLA[i], buf->textLA[i]);
data/pccts-1.33MR33/h/err.h:366:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zzlextext, buf->text);
data/pccts-1.33MR33/h/err.h:642:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NLATEXT, zzinf_text[zzinf_labase]);
data/pccts-1.33MR33/h/err.h:730:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&zzinf_text_buffer[zzinf_text_buffer_index], NLATEXT);
data/pccts-1.33MR33/h/slist.cpp:113:15: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/sorcerer/cpp.c:39:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CPPParser_h_Name, CurClassName);
data/pccts-1.33MR33/sorcerer/cpp.c:118:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CPPParser_C_Name, CurClassName);
data/pccts-1.33MR33/sorcerer/cpp.c:119:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(CPPParser_C_Name, CPP_FILE_SUFFIX);
data/pccts-1.33MR33/sorcerer/gen.c:130:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CPPParser_h_Name, CurClassName);
data/pccts-1.33MR33/sorcerer/lib/STreeParser.cpp:158:15: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int iRet = vfprintf(pFile, pFormat, marker);
data/pccts-1.33MR33/sorcerer/lib/astlib.c:751:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ebuf, "mismatch token in ast_scan(): %s", scan_token_str(parser->token));
data/pccts-1.33MR33/sorcerer/look.c:643:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[t->file], t->line);
data/pccts-1.33MR33/sorcerer/look.c:662:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[t->file], t->line);
data/pccts-1.33MR33/sorcerer/main.c:382:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( p->arg ) sprintf(buf, "%s ___", p->option);
data/pccts-1.33MR33/sorcerer/main.c:383:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(buf, p->option);
data/pccts-1.33MR33/sorcerer/main.c:493:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, s, a1, a2, a3);
data/pccts-1.33MR33/sorcerer/main.c:508:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, s, d);
data/pccts-1.33MR33/sorcerer/main.c:522:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, f, l);
data/pccts-1.33MR33/sorcerer/main.c:683:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, fs);
data/pccts-1.33MR33/sorcerer/main.c:688:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if ( GenCPP ) strcat(buf, CPP_FILE_SUFFIX);
data/pccts-1.33MR33/sorcerer/main.c:745:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, OutputDirectory);
data/pccts-1.33MR33/sorcerer/main.c:749:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, dir_sym);
data/pccts-1.33MR33/sorcerer/main.c:752:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, p);
data/pccts-1.33MR33/sorcerer/main.c:909:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s);
data/pccts-1.33MR33/sorcerer/main.c:936:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->type, t);
data/pccts-1.33MR33/sorcerer/main.c:937:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->label, lab);
data/pccts-1.33MR33/sorcerer/main.c:938:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->init, init);
data/pccts-1.33MR33/sorcerer/main.c:977:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->init, s+1);
data/pccts-1.33MR33/sorcerer/main.c:980:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->decl, decl);
data/pccts-1.33MR33/sorcerer/main.c:981:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->var, id_in_decl(decl));
data/pccts-1.33MR33/sorcerer/main.c:1038:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, prefix);
data/pccts-1.33MR33/sorcerer/main.c:1076:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call, prefix);
data/pccts-1.33MR33/sorcerer/main.c:1105:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, duh);
data/pccts-1.33MR33/sorcerer/main.c:1111:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(call, s);
data/pccts-1.33MR33/sorcerer/scan.c:912:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", zzbegexpr+1);
data/pccts-1.33MR33/sorcerer/sor.c:370:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokdefs_file, LATEXT(1));
data/pccts-1.33MR33/sorcerer/sor.c:371:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokdefs_file, tokdefs_file+1); /* remove quotes */
data/pccts-1.33MR33/sorcerer/sor.c:965:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zzastArg(1)->label, label.text);
data/pccts-1.33MR33/sorcerer/sor.c:972:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zzastArg(1)->label, label.text);
data/pccts-1.33MR33/sorcerer/sor.c:1054:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zzastArg(1)->label, label.text);
data/pccts-1.33MR33/sorcerer/sor.c:1385:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zzastArg(1)->label, label.text); t = zzastArg(1);
data/pccts-1.33MR33/sorcerer/sor.c:1446:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zzastArg(1)->label, label.text);
data/pccts-1.33MR33/sorcerer/sor.c:1884:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, ErrHdr, FileStr[CurFile]!=NULL?FileStr[CurFile]:"stdin", zzline);
data/pccts-1.33MR33/sorcerer/sor.h:43:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{fprintf(stderr, ErrHdr, f, l); \
data/pccts-1.33MR33/sorcerer/sor.h:46:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{fprintf(stderr, ErrHdr, FileStr[CurFile], zzline); \
data/pccts-1.33MR33/sorcerer/sor.h:49:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{fprintf(stderr, ErrHdr, FileStr[CurFile], zzline); \
data/pccts-1.33MR33/sorcerer/sor.h:53:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{found_error=1; fprintf(stderr, ErrHdr, f, l); \
data/pccts-1.33MR33/sorcerer/sor.h:56:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{found_error=1; fprintf(stderr, ErrHdr, FileStr[CurFile], zzline); \
data/pccts-1.33MR33/sorcerer/sor.h:59:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{found_error=1; fprintf(stderr, ErrHdr, FileStr[CurFile], zzline); \
data/pccts-1.33MR33/sorcerer/test/test6.c:59:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->text, s);
data/pccts-1.33MR33/sorcerer/test/test7/stdpccts.h:17:40: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define zzcr_ast(tr, attr, tok, txt) { strcpy(tr->text, txt); tr->token=tok; }
data/pccts-1.33MR33/sorcerer/testcpp/test4/AST.h:14:46: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
AST(ANTLRTokenPtr t){ _type = t->getType(); strcpy(text, t->getText()); }
data/pccts-1.33MR33/support/DECmms/genmms.c:226:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ATOKENBUFFER_O, ATOKENBUFFER_C);
data/pccts-1.33MR33/support/DECmms/genmms.c:228:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ATOKENBUFFER_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/DECmms/genmms.c:229:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(APARSER_O, APARSER_C);
data/pccts-1.33MR33/support/DECmms/genmms.c:231:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(APARSER_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/DECmms/genmms.c:233:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ASTBASE_O, ASTBASE_C);
data/pccts-1.33MR33/support/DECmms/genmms.c:235:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ASTBASE_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/DECmms/genmms.c:237:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PCCTSAST_O, PCCTSAST_C);
data/pccts-1.33MR33/support/DECmms/genmms.c:239:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(PCCTSAST_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/DECmms/genmms.c:241:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LIST_O, LIST_C);
data/pccts-1.33MR33/support/DECmms/genmms.c:243:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(LIST_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/DECmms/genmms.c:245:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DLEXERBASE_O, DLEXERBASE_C);
data/pccts-1.33MR33/support/DECmms/genmms.c:247:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(DLEXERBASE_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/DECmms/genmms.c:271:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( p->arg ) sprintf(buf, "%s ___", p->option);
data/pccts-1.33MR33/support/DECmms/genmms.c:272:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(buf, p->option);
data/pccts-1.33MR33/support/DECmms/genmms.c:748:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", outdir);
data/pccts-1.33MR33/support/genmk/genmk.c:388:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ATOKENBUFFER_O, ATOKENBUFFER_C);
data/pccts-1.33MR33/support/genmk/genmk.c:390:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ATOKENBUFFER_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk.c:391:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(APARSER_O, APARSER_C);
data/pccts-1.33MR33/support/genmk/genmk.c:393:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(APARSER_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk.c:395:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ASTBASE_O, ASTBASE_C);
data/pccts-1.33MR33/support/genmk/genmk.c:397:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ASTBASE_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk.c:399:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PCCTSAST_O, PCCTSAST_C);
data/pccts-1.33MR33/support/genmk/genmk.c:401:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(PCCTSAST_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk.c:403:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LIST_O, LIST_C);
data/pccts-1.33MR33/support/genmk/genmk.c:405:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(LIST_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk.c:407:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DLEXERBASE_O, DLEXERBASE_C);
data/pccts-1.33MR33/support/genmk/genmk.c:409:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(DLEXERBASE_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk.c:441:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( p->arg ) sprintf(buf, "%s ___", p->option);
data/pccts-1.33MR33/support/genmk/genmk.c:442:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(buf, p->option);
data/pccts-1.33MR33/support/genmk/genmk.c:1064:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", outdir, DirectorySymbol);
data/pccts-1.33MR33/support/genmk/genmk_old.c:208:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcat(cfiles," "), t);
data/pccts-1.33MR33/support/genmk/genmk_old.c:265:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ATOKENBUFFER_O, ATOKENBUFFER_C);
data/pccts-1.33MR33/support/genmk/genmk_old.c:267:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ATOKENBUFFER_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk_old.c:268:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(APARSER_O, APARSER_C);
data/pccts-1.33MR33/support/genmk/genmk_old.c:270:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(APARSER_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk_old.c:272:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ASTBASE_O, ASTBASE_C);
data/pccts-1.33MR33/support/genmk/genmk_old.c:274:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ASTBASE_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk_old.c:276:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PCCTSAST_O, PCCTSAST_C);
data/pccts-1.33MR33/support/genmk/genmk_old.c:278:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(PCCTSAST_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk_old.c:280:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LIST_O, LIST_C);
data/pccts-1.33MR33/support/genmk/genmk_old.c:282:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(LIST_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk_old.c:284:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DLEXERBASE_O, DLEXERBASE_C);
data/pccts-1.33MR33/support/genmk/genmk_old.c:286:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(DLEXERBASE_O, OBJ_FILE_SUFFIX);
data/pccts-1.33MR33/support/genmk/genmk_old.c:310:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if ( p->arg ) sprintf(buf, "%s ___", p->option);
data/pccts-1.33MR33/support/genmk/genmk_old.c:311:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(buf, p->option);
data/pccts-1.33MR33/support/genmk/genmk_old.c:760:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", outdir, DirectorySymbol);
data/pccts-1.33MR33/antlr/antlr.c:142:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(StripQuotes(fname), "r");
data/pccts-1.33MR33/antlr/antlr.c:406:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int go=1; char name[MaxRuleName+1];
data/pccts-1.33MR33/antlr/antlr.c:869:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(CurPredName,"#pred ");
data/pccts-1.33MR33/antlr/antlr.c:1556:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tnum = atoi(LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:2894:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(eh->signalname, "default");
data/pccts-1.33MR33/antlr/antlr.c:3162:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:3223:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v=atoi(LATEXT(1));
data/pccts-1.33MR33/antlr/antlr.c:3287:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v=atoi(LATEXT(1));
data/pccts-1.33MR33/antlr/fset.c:1041:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1072:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1120:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1140:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1158:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1231:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1251:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1303:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1349:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset.c:1378:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ftbl[i] );
data/pccts-1.33MR33/antlr/fset2.c:1473:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (i=1; i<=CLL_k; i++) free( (char *)ft[i] );
data/pccts-1.33MR33/antlr/gen.c:1819:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stringizeBuf[STRINGIZEBUFSIZE];
data/pccts-1.33MR33/antlr/gen.c:2292:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MaxRuleName+20]; /* MR23 */
data/pccts-1.33MR33/antlr/gen.c:2293:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bufErrSet[MaxRuleName+20]; /* MR23 */
data/pccts-1.33MR33/antlr/gen.c:2315:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MaxRuleName+20]; /* MR23 */
data/pccts-1.33MR33/antlr/gen.c:2316:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bufErrSet[MaxRuleName+20]; /* MR23 */
data/pccts-1.33MR33/antlr/gen.c:2334:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[sizeof("zzerr")+10];
data/pccts-1.33MR33/antlr/gen.c:2335:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bufErrSet[sizeof("zzerr")+10];
data/pccts-1.33MR33/antlr/gen.c:2338:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ( GenCC ) sprintf(buf, "err%d", n);
data/pccts-1.33MR33/antlr/gen.c:2339:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(buf, "zzerr%d", n);
data/pccts-1.33MR33/antlr/gen.c:2340:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ( GenCC ) sprintf(bufErrSet, "err%d", nErrSet);
data/pccts-1.33MR33/antlr/gen.c:2341:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(bufErrSet, "zzerr%d", nErrSet);
data/pccts-1.33MR33/antlr/gen.c:3379:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
/* MR6 */ output = fopen(OutMetaName(outname(FileStr[q->file])), "w");
data/pccts-1.33MR33/antlr/gen.c:4357:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/gen.c:4368:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "err%d", n);
data/pccts-1.33MR33/antlr/gen.c:4370:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "zzerr%d", n);
data/pccts-1.33MR33/antlr/globals.c:313:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *FileStr[MaxNumFiles];/* Ptr to array of file names on command-line */
data/pccts-1.33MR33/antlr/globals.c:395:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Parser_h_Name[MaxFileName+1] = "";
data/pccts-1.33MR33/antlr/globals.c:396:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Parser_c_Name[MaxFileName+1] = "";
data/pccts-1.33MR33/antlr/globals.c:397:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MRinfoFile_Name[MaxFileName+1] = ""; /* MR10 */
data/pccts-1.33MR33/antlr/globals.c:404:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CurrentClassName[MaxRuleName]="";
data/pccts-1.33MR33/antlr/lex.c:53:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *dlgFile = fopen(OutMetaName(DlgFileName), "w");
data/pccts-1.33MR33/antlr/lex.c:232:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dirSym[2] = DirectorySymbol;
data/pccts-1.33MR33/antlr/lex.c:259:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
DefFile = fopen(OutMetaName(DefFileName), "w");
data/pccts-1.33MR33/antlr/lex.c:360:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(OutMetaName(RemapFileName), "w");
data/pccts-1.33MR33/antlr/main.c:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Fn_in_Fl[MaxFLArea] = "";
data/pccts-1.33MR33/antlr/main.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char one_fn[MaxFileName];
data/pccts-1.33MR33/antlr/main.c:147:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fl = fopen(t, "r")) == NULL)
data/pccts-1.33MR33/antlr/main.c:180:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
LL_k = atoi(t);
data/pccts-1.33MR33/antlr/main.c:196:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CLL_k = atoi(t);
data/pccts-1.33MR33/antlr/main.c:212:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TabWidth = atoi(t); /* MR6 */
data/pccts-1.33MR33/antlr/main.c:231:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MR_AmbAidDepth = atoi(t); /* MR11 */
data/pccts-1.33MR33/antlr/main.c:243:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TnodesReportThreshold = atoi(t); /* MR11 */
data/pccts-1.33MR33/antlr/main.c:487:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TreeResourceLimit = atoi(t);
data/pccts-1.33MR33/antlr/main.c:734:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (MR_AmbAidRule != NULL) MR_AmbAidLine=atoi(MR_AmbAidRule);
data/pccts-1.33MR33/antlr/main.c:783:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(OutMetaName(stdpccts), "w");
data/pccts-1.33MR33/antlr/main.c:814:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ErrFile = fopen(OutMetaName(ErrFileName), "w");
data/pccts-1.33MR33/antlr/main.c:828:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(Parser_h_Name, ".h");
data/pccts-1.33MR33/antlr/main.c:832:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Parser_h = fopen(OutMetaName(Parser_h_Name), "w");
data/pccts-1.33MR33/antlr/main.c:837:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Parser_c = fopen(OutMetaName(Parser_c_Name), "w");
data/pccts-1.33MR33/antlr/main.c:1094:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(FileStr[CurFile], "r");
data/pccts-1.33MR33/antlr/main.c:1152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MaxFileName+1];
data/pccts-1.33MR33/antlr/main.c:1226:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[250]; /* DANGEROUS as hell !!!!!! */
data/pccts-1.33MR33/antlr/main.c:1242:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[250]; /* DANGEROUS as hell !!!!!! */
data/pccts-1.33MR33/antlr/main.c:1258:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[250]; /* DANGEROUS as hell !!!!!! */
data/pccts-1.33MR33/antlr/main.c:1298:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char imag_name[20];
data/pccts-1.33MR33/antlr/main.c:1309:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imag_name,"UnknownToken#%d",token); /* MR13 */
data/pccts-1.33MR33/antlr/main.c:1512:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MaxFileName+1];
data/pccts-1.33MR33/antlr/main.c:1544:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MaxFileName+1];
data/pccts-1.33MR33/antlr/main.c:1721:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/main.c:1741:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/main.c:1743:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_blk%d_alt%d", blockid, altnum);
data/pccts-1.33MR33/antlr/misc.c:99:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
lclass[i].exprs = (char **)
data/pccts-1.33MR33/antlr/misc.c:100:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
realloc((char *)lclass[i].exprs, tsize*sizeof(char *));
data/pccts-1.33MR33/antlr/misc.c:693:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char key[MaxRuleName+2+2+1]; /* MR10 */
data/pccts-1.33MR33/antlr/misc.c:943:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free( (char *)Cycles[k] );
data/pccts-1.33MR33/antlr/misc.c:1679:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char strBetweenWorkArea[MAX_STR_BETWEEN_WORK_AREA];
data/pccts-1.33MR33/antlr/mrhoist.c:2204:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ruleNameStatic1[ruleNameMax];
data/pccts-1.33MR33/antlr/mrhoist.c:2205:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ruleNameStatic2[ruleNameMax+10];
data/pccts-1.33MR33/antlr/pred.c:86:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(p+strlen("LT("));
data/pccts-1.33MR33/antlr/pred.c:103:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(p);
data/pccts-1.33MR33/antlr/scan.c:238:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zzline = atoi(zzbegexpr+5) - 1; zzline++; zzmore();
data/pccts-1.33MR33/antlr/scan.c:552:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift0[257] = {
data/pccts-1.33MR33/antlr/scan.c:625:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift1[257] = {
data/pccts-1.33MR33/antlr/scan.c:698:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift2[257] = {
data/pccts-1.33MR33/antlr/scan.c:764:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift3[257] = {
data/pccts-1.33MR33/antlr/scan.c:827:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift4[257] = {
data/pccts-1.33MR33/antlr/scan.c:891:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift5[257] = {
data/pccts-1.33MR33/antlr/scan.c:940:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift6[257] = {
data/pccts-1.33MR33/antlr/scan.c:989:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift7[257] = {
data/pccts-1.33MR33/antlr/scan.c:1038:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift8[257] = {
data/pccts-1.33MR33/antlr/scan.c:1101:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift9[257] = {
data/pccts-1.33MR33/antlr/scan.c:1283:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/scan.c:1287:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_orel(atoi(zzbegexpr+1), &attribsRefdFromAction);
data/pccts-1.33MR33/antlr/scan.c:1305:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/scan.c:1310:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_orel(atoi(zzbegexpr+1), &attribsRefdFromAction);
data/pccts-1.33MR33/antlr/scan.c:1328:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/scan.c:1329:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char i[20], j[20];
data/pccts-1.33MR33/antlr/scan.c:1361:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buf[300]; LabelEntry *el;
data/pccts-1.33MR33/antlr/scan.c:1439:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/scan.c:1446:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_orel(atoi(zzbegexpr+1), &AST_nodes_refd_in_actions);
data/pccts-1.33MR33/antlr/scan.c:1456:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zzline = atoi(zzbegexpr+5) - 1; zzline++; zzmore();
data/pccts-1.33MR33/antlr/scan.c:1486:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/antlr/scan.c:1672:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift10[257] = {
data/pccts-1.33MR33/antlr/scan.c:1839:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift11[257] = {
data/pccts-1.33MR33/dlg/dlg_a.c:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theClassName[100]; /* MR11 */
data/pccts-1.33MR33/dlg/dlg_a.c:320:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift0[257] = {
data/pccts-1.33MR33/dlg/dlg_a.c:424:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift1[257] = {
data/pccts-1.33MR33/dlg/dlg_a.c:481:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift2[257] = {
data/pccts-1.33MR33/dlg/dlg_a.c:531:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift3[257] = {
data/pccts-1.33MR33/dlg/main.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file_str[2] = {NULL, NULL};
data/pccts-1.33MR33/dlg/output.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *mode_name[MAX_MODES];
data/pccts-1.33MR33/dlg/output.c:103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typevar[DIF_SIZE] = { t0, t1, t2, t3};
data/pccts-1.33MR33/dlg/output.c:110:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typevar[DIF_SIZE] = { t0, t1, t2, t3};
data/pccts-1.33MR33/dlg/output.c:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/dlg/output.c:712:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200];
data/pccts-1.33MR33/dlg/support.c:111:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(name, "r");
data/pccts-1.33MR33/dlg/support.c:140:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(OutMetaName(name), "w");
data/pccts-1.33MR33/dlg/support.c:216:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MaxFileName+1];
data/pccts-1.33MR33/h/AParser.cpp:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2000]; /* MR20 Was "static" */
data/pccts-1.33MR33/h/AParser.cpp:254:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "The minimum number of tokens you requested that the\nANTLRTokenBuffer buffer is not enough to satisfy your\nLT(%d) request; increase 'k' argument to constructor for ANTLRTokenBuffer\n", i);
data/pccts-1.33MR33/h/AParser.h:151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eMsgBuffer[500];
data/pccts-1.33MR33/h/AToken.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char object[200];
data/pccts-1.33MR33/h/AToken.h:135:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if ( t==1 ) sprintf(object,"tok_EOF");
data/pccts-1.33MR33/h/AToken.h:147:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(object,"tok_blank");
data/pccts-1.33MR33/h/ATokenBuffer.cpp:44:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char test[1000];
data/pccts-1.33MR33/h/DLexer.h:58:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)ebuf,"Invalid automaton mode = %d ",m);
data/pccts-1.33MR33/h/PBlackBox.h:104:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname, "r");
data/pccts-1.33MR33/h/PCCTSAST.cpp:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[100];
data/pccts-1.33MR33/h/PCCTSAST.cpp:581:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
label = atoi(parser->lexer->text);
data/pccts-1.33MR33/h/PCCTSAST.cpp:593:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ScanAST *p = new_scanast(atoi(parser->lexer->text));
data/pccts-1.33MR33/h/PCCTSAST.cpp:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[100]; /* MR23 Remove static */
data/pccts-1.33MR33/h/PCCTSAST.cpp:662:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ebuf, "invalid char in scan: '%c'", scanner->c);
data/pccts-1.33MR33/h/PCCTSAST.h:52:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[StringScanMaxText];
data/pccts-1.33MR33/h/antlr.h:225:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textLA[LL_K][ZZLEXBUFSIZE];
data/pccts-1.33MR33/h/antlr.h:230:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[ZZLEXBUFSIZE];
data/pccts-1.33MR33/h/antlr.h:423:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{static char zztoktext[ZZLEXBUFSIZE]; \
data/pccts-1.33MR33/h/antlr.h:426:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{static char zztoktext[ZZLEXBUFSIZE]; \
data/pccts-1.33MR33/h/antlr.h:429:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{static char zztoktext[ZZLEXBUFSIZE]; \
data/pccts-1.33MR33/h/charbuf.h:41:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char text[D_TextSize]; } Attrib;
data/pccts-1.33MR33/h/dlgauto.h:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zzebuf[70];
data/pccts-1.33MR33/h/dlgauto.h:267:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zzebuf,"Invalid automaton mode = %d ",m);
data/pccts-1.33MR33/h/err.h:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[LL_K*ZZLEXBUFSIZE+1];
data/pccts-1.33MR33/h/err.h:167:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[ZZLEXBUFSIZE+1];
data/pccts-1.33MR33/h/err.h:823:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(LA(1)==zzEOF_TOKEN)?"<eof>":(char *)LATEXT(1),
data/pccts-1.33MR33/h/err.h:869:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(LA(1)==zzEOF_TOKEN)?"<eof>":(char *)LATEXT(1),
data/pccts-1.33MR33/h/err.h:921:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zzmbuf[70];
data/pccts-1.33MR33/h/err.h:932:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zzmbuf, "Mode stack overflow ");
data/pccts-1.33MR33/h/err.h:948:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(zzmbuf, "Mode stack underflow ");
data/pccts-1.33MR33/h/err.h:967:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(modeStack, zzmstk, sizeof(zzmstk));
data/pccts-1.33MR33/h/int.h:35:35: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define zzcr_attr(a,tok,t) *(a) = atol(t);
data/pccts-1.33MR33/sorcerer/cpp.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CPPParser_h_Name[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/cpp.c:40:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(CPPParser_h_Name, ".h");
data/pccts-1.33MR33/sorcerer/cpp.c:41:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Parser_h = fopen(OutMetaName(CPPParser_h_Name), "w");
data/pccts-1.33MR33/sorcerer/cpp.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CPPParser_C_Name[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/cpp.c:121:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Parser_c = fopen(OutMetaName(CPPParser_C_Name), "w");
data/pccts-1.33MR33/sorcerer/err.c:28:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int token; char text[MaxAtom+1], label[MaxRuleName+1]; \
data/pccts-1.33MR33/sorcerer/gen.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CPPParser_h_Name[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/gen.c:131:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(CPPParser_h_Name, ".h");
data/pccts-1.33MR33/sorcerer/gen.c:298:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(OutMetaName(outname(FileStr[t->file])), "w");
data/pccts-1.33MR33/sorcerer/gen.c:1204:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(def_token_file, "w");
data/pccts-1.33MR33/sorcerer/globals.c:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *FileStr[MaxNumFiles];/* Ptr to array of file names on command-line */
data/pccts-1.33MR33/sorcerer/globals.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translator[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/globals.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokdefs_file[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/globals.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CurRefVarType[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/globals.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CurRefVarLabel[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/globals.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CurClassName[MaxAtom+1]="";
data/pccts-1.33MR33/sorcerer/lib/astlib.c:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[StringScanMaxText];
data/pccts-1.33MR33/sorcerer/lib/astlib.c:716:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ebuf[100];
data/pccts-1.33MR33/sorcerer/lib/astlib.c:727:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
label = atoi(parser->lexer->text);
data/pccts-1.33MR33/sorcerer/lib/astlib.c:739:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ScanAST *p = new_scanast(atoi(parser->lexer->text));
data/pccts-1.33MR33/sorcerer/lib/astlib.c:806:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ebuf[100];
data/pccts-1.33MR33/sorcerer/lib/astlib.c:830:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ebuf, "invalid char in ast_scan: '%c'", scanner->c);
data/pccts-1.33MR33/sorcerer/main.c:351:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ProtoFILE = fopen(OutMetaName(GenProtoFile), "w");
data/pccts-1.33MR33/sorcerer/main.c:376:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MaxRuleName+1];
data/pccts-1.33MR33/sorcerer/main.c:403:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(FileStr[CurFile], "r");
data/pccts-1.33MR33/sorcerer/main.c:491:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[250]; /* DANGEROUS as hell !!!!!! */
data/pccts-1.33MR33/sorcerer/main.c:506:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[250]; /* DANGEROUS as hell !!!!!! */
data/pccts-1.33MR33/sorcerer/main.c:679:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/main.c:689:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(buf, ".c");
data/pccts-1.33MR33/sorcerer/main.c:731:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MaxFileName+1];
data/pccts-1.33MR33/sorcerer/main.c:996:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char id[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/main.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MaxRuleName+1];
data/pccts-1.33MR33/sorcerer/main.c:1069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char duh[MaxRuleName+1];
data/pccts-1.33MR33/sorcerer/main.c:1070:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char call[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/main.c:1104:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(duh, "%d", q->token_type);
data/pccts-1.33MR33/sorcerer/scan.c:27:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int token; char text[MaxAtom+1], label[MaxRuleName+1]; \
data/pccts-1.33MR33/sorcerer/scan.c:87:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char func_call_str[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/scan.c:325:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift0[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:391:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift1[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:457:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift2[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:523:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift3[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:586:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift4[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:635:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift5[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:684:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift6[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:747:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift7[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:797:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift8[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:909:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/pccts-1.33MR33/sorcerer/scan.c:918:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "(*_result)");
data/pccts-1.33MR33/sorcerer/scan.c:1127:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift9[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:1190:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift10[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:1239:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift11[257] = {
data/pccts-1.33MR33/sorcerer/scan.c:1398:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shift12[257] = {
data/pccts-1.33MR33/sorcerer/sor.c:28:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int token; char text[MaxAtom+1], label[MaxRuleName+1]; \
data/pccts-1.33MR33/sorcerer/sor.c:376:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(tokdefs_file, "r");
data/pccts-1.33MR33/sorcerer/sor.c:1640:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->token_type = atoi(zzaArg(zztasp2,3 ).text);
data/pccts-1.33MR33/sorcerer/sor.c:1719:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v=atoi(zzaArg(zztasp2,2 ).text);
data/pccts-1.33MR33/sorcerer/sor.c:1818:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v=atoi(zzaArg(zztasp4,2 ).text);
data/pccts-1.33MR33/sorcerer/sor.h:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decl[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/sor.h:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/sor.h:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init[MaxAtom+1];
data/pccts-1.33MR33/sorcerer/stdpccts.h:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int token; char text[MaxAtom+1], label[MaxRuleName+1]; \
data/pccts-1.33MR33/sorcerer/test/test6.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[50];
data/pccts-1.33MR33/sorcerer/test/test7/stdpccts.h:16:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define AST_FIELDS char text[AtomSize+1]; int token;
data/pccts-1.33MR33/sorcerer/testcpp/test4/AST.h:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[AtomSize+1];
data/pccts-1.33MR33/support/DECmms/genmms.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ATOKENBUFFER_O[100];
data/pccts-1.33MR33/support/DECmms/genmms.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char APARSER_O[100];
data/pccts-1.33MR33/support/DECmms/genmms.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ASTBASE_O[100];
data/pccts-1.33MR33/support/DECmms/genmms.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PCCTSAST_O[100];
data/pccts-1.33MR33/support/DECmms/genmms.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LIST_O[100];
data/pccts-1.33MR33/support/DECmms/genmms.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DLEXERBASE_O[100];
data/pccts-1.33MR33/support/DECmms/genmms.c:265:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000+1];
data/pccts-1.33MR33/support/DECmms/genmms.c:745:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200+1];
data/pccts-1.33MR33/support/genmk/genmk.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ATOKENBUFFER_O[100];
data/pccts-1.33MR33/support/genmk/genmk.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char APARSER_O[100];
data/pccts-1.33MR33/support/genmk/genmk.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ASTBASE_O[100];
data/pccts-1.33MR33/support/genmk/genmk.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PCCTSAST_O[100];
data/pccts-1.33MR33/support/genmk/genmk.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LIST_O[100];
data/pccts-1.33MR33/support/genmk/genmk.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DLEXERBASE_O[100];
data/pccts-1.33MR33/support/genmk/genmk.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cfiles[MAX_CFILES];
data/pccts-1.33MR33/support/genmk/genmk.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sfiles[MAX_SORS][MAX_SFILES],*sclasses[MAX_SORS];
data/pccts-1.33MR33/support/genmk/genmk.c:435:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000+1];
data/pccts-1.33MR33/support/genmk/genmk.c:1061:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200+1];
data/pccts-1.33MR33/support/genmk/genmk_old.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ATOKENBUFFER_O[100];
data/pccts-1.33MR33/support/genmk/genmk_old.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char APARSER_O[100];
data/pccts-1.33MR33/support/genmk/genmk_old.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ASTBASE_O[100];
data/pccts-1.33MR33/support/genmk/genmk_old.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PCCTSAST_O[100];
data/pccts-1.33MR33/support/genmk/genmk_old.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LIST_O[100];
data/pccts-1.33MR33/support/genmk/genmk_old.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DLEXERBASE_O[100];
data/pccts-1.33MR33/support/genmk/genmk_old.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfiles[1600]="";
data/pccts-1.33MR33/support/genmk/genmk_old.c:304:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000+1];
data/pccts-1.33MR33/support/genmk/genmk_old.c:757:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200+1];
data/pccts-1.33MR33/support/rexpr/rexpr.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[257]; /* alloc space for string of char in [] */
data/pccts-1.33MR33/support/rexpr/rexpr.c:335:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char set[256]; /* no duplicates */
data/pccts-1.33MR33/support/set/set.c:521:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str_tmp[StrSize+1];
data/pccts-1.33MR33/antlr/antlr.c:86:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HdrAction = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:100:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FirstAction = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:414:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if(go) strncpy(name,LATEXT(1),MaxRuleName);
data/pccts-1.33MR33/antlr/antlr.c:421:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if(go) strncpy(name,LATEXT(1),MaxRuleName);
data/pccts-1.33MR33/antlr/antlr.c:447:31: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
/* MR10 */ strncat(ClassDeclStuff," ",MaxClassDeclStuff);
data/pccts-1.33MR33/antlr/antlr.c:448:31: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
/* MR10 */ strncat(ClassDeclStuff,LATEXT(1),MaxClassDeclStuff);
data/pccts-1.33MR33/antlr/antlr.c:457:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* MR22 */ BaseClassName=(char *)calloc(strlen(LATEXT(1))+1,sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:568:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdecl = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:590:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:689:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:750:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:784:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* MR1 */ a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:820:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* MR1 */ a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:868:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CurPredName=(char *)calloc(1,strlen(name) + 10);
data/pccts-1.33MR33/antlr/antlr.c:1602:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:2359:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:2427:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:2514:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* MR21 */ pFirstSetSymbol = (char *) calloc(strlen(LATEXT(1))+1,
data/pccts-1.33MR33/antlr/antlr.c:2527:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* MR21 */ pFirstSetSymbol = (char *) calloc(strlen(LATEXT(1))+1,
data/pccts-1.33MR33/antlr/antlr.c:2630:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *)calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:2846:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p)-1] = '\0'; /* kill trailing space */
data/pccts-1.33MR33/antlr/antlr.c:2887:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *a = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:2892:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eh->signalname = (char *) calloc(strlen("default")+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:2994:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_retv->signalname = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:3004:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_retv->signalname = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:3024:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_retv->action = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/antlr.c:3562:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(egroup) > (size_t)0 ) fprintf(stderr, " in %s", egroup);
data/pccts-1.33MR33/antlr/build.c:61:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *q = (char *) malloc( strlen(parm) + 1 );
data/pccts-1.33MR33/antlr/build.c:103:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a->action = (char *) malloc( strlen(action)+1 );
data/pccts-1.33MR33/antlr/build.c:117:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t=key=(char *)calloc(1,strlen(a->action)+1);
data/pccts-1.33MR33/antlr/build.c:138:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* MR12c */ strEnd=strStart+strlen(strStart)-1;
data/pccts-1.33MR33/antlr/gen.c:4527:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prevFileNameMS=(char *)calloc(1,strlen(fileName)+1);
data/pccts-1.33MR33/antlr/lex.c:203:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q->expr[ strlen(q->expr) ] = '"';
data/pccts-1.33MR33/antlr/lex.c:874:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[ strlen(s)-1 ] = '\0'; /* remove last quote */
data/pccts-1.33MR33/antlr/main.c:156:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnl = strlen(one_fn);
data/pccts-1.33MR33/antlr/main.c:1161:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
require(strlen(buf) + 2 < (size_t)MaxFileName, "outname: filename too big");
data/pccts-1.33MR33/antlr/main.c:1529:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newname[strlen(newname)-1] != *dir_sym) {
data/pccts-1.33MR33/antlr/main.c:1706:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->action = (char *) calloc(strlen(LATEXT(1))+1, sizeof(char));
data/pccts-1.33MR33/antlr/main.c:1744:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *)malloc(strlen(buf)+1);
data/pccts-1.33MR33/antlr/misc.c:698:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (i=strlen(rule)) > MaxRuleName ) /* MR10 */
data/pccts-1.33MR33/antlr/mrhoist.c:2216:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ruleNameStatic1,n->rname,ruleNameMax);
data/pccts-1.33MR33/antlr/pred.c:86:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = atoi(p+strlen("LT("));
data/pccts-1.33MR33/antlr/pred.c:89:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("LT(");
data/pccts-1.33MR33/antlr/pred.c:102:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("LATEXT(");
data/pccts-1.33MR33/antlr/scan.c:1220:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("consumeUntil(")));
data/pccts-1.33MR33/antlr/scan.c:1285:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(zzbegexpr)>(size_t)85 )
data/pccts-1.33MR33/antlr/scan.c:1307:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(zzbegexpr)>(size_t)85 )
data/pccts-1.33MR33/antlr/scan.c:1309:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zzbegexpr[strlen(zzbegexpr)-1] = ' ';
data/pccts-1.33MR33/antlr/scan.c:1332:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(zzbegexpr)>(size_t)85) fatal("$i.j attrib ref too big");
data/pccts-1.33MR33/antlr/scan.c:1370:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
require (strlen(zzbegexpr)<=(size_t)285,
data/pccts-1.33MR33/antlr/scan.c:1440:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(zzbegexpr)>(size_t)85 )
data/pccts-1.33MR33/dlg/dlg_p.c:957:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(egroup) > (size_t)0 ) fprintf(stderr, " in %s", egroup);
data/pccts-1.33MR33/dlg/output.c:138:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *)malloc(strlen(s)+1);
data/pccts-1.33MR33/dlg/support.c:233:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newname[strlen(newname)-1] != *dir_sym)
data/pccts-1.33MR33/h/AParser.cpp:457:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(egroup) > 0 ) /* MR23 */ printMessage(stderr, " in %s", egroup);
data/pccts-1.33MR33/h/AParser.cpp:556:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ( i>1 ) strcat(zzFAILtext, " ");
data/pccts-1.33MR33/h/AToken.h:195:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int getLength() const { return strlen(getText()); } // MR11
data/pccts-1.33MR33/h/AToken.h:203:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_text = new ANTLRChar[strlen(s)+1];
data/pccts-1.33MR33/h/AToken.h:209:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(_text,"");
data/pccts-1.33MR33/h/AToken.h:268:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int getLength() const { return strlen(getText()); } // MR11
data/pccts-1.33MR33/h/AToken.h:276:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_text = new ANTLRChar[strlen(s)+1];
data/pccts-1.33MR33/h/AToken.h:282:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(_text,"");
data/pccts-1.33MR33/h/BufFileInput.cpp:63:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc( input );
data/pccts-1.33MR33/h/BufFileInput.cpp:77:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen( s );
data/pccts-1.33MR33/h/BufFileInput.cpp:83:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc( input );
data/pccts-1.33MR33/h/DLexerBase.h:73:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=getc(input);
data/pccts-1.33MR33/h/charbuf.h:43:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define zzcr_attr(a,tok,t) strncpy((a)->text, t, D_TextSize-1); \
data/pccts-1.33MR33/h/charptr.c:55:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*a = (char *) malloc(strlen(text)+1); /* MR6 */
data/pccts-1.33MR33/h/dlgauto.h:81:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define ZZGETC_STREAM {zzchar = getc(zzstream_in); zzclass = ZZSHIFT(zzchar);}
data/pccts-1.33MR33/h/err.h:194:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ( i>1 ) strcat(text, " ");
data/pccts-1.33MR33/h/err.h:442:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(egroup) > 0 ) fprintf(stderr, " in %s", egroup);
data/pccts-1.33MR33/h/err.h:638:23: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{NLA = zzEOF_TOKEN; strcpy(NLATEXT, "");}
data/pccts-1.33MR33/h/err.h:716:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( (zzinf_text_buffer_index+strlen(NLATEXT)+1) >= zzinf_text_buffer_size )
data/pccts-1.33MR33/h/err.h:731:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zzinf_text_buffer_index += strlen(NLATEXT)+1;
data/pccts-1.33MR33/h/err.h:752:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zzinf_text_buffer_index += strlen(&zzinf_text_buffer[zzinf_text_buffer_index])+1;
data/pccts-1.33MR33/sorcerer/err.c:39:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{(node)->token=_tok; strncpy((node)->text, _text,MaxAtom);}
data/pccts-1.33MR33/sorcerer/lib/sorcerer.c:59:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( !root ) t->ast_right(_parser->write) = t->ast_right(_parser->read);
data/pccts-1.33MR33/sorcerer/lib/sorcerer.c:60:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t->ast_down(_parser->write) = t->ast_down(_parser->read);
data/pccts-1.33MR33/sorcerer/lib/sorcerer.c:61:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( t->ast_down(_parser->read)!=NULL )
data/pccts-1.33MR33/sorcerer/lib/sorcerer.c:62:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_copy_wildcard(_parser, t->ast_down(_parser->read), 0);
data/pccts-1.33MR33/sorcerer/lib/sorcerer.c:65:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = t->ast_right(_parser->read);
data/pccts-1.33MR33/sorcerer/main.c:687:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
require(strlen(buf) + 2 < (size_t)MaxFileName, "outname: filename too big");
data/pccts-1.33MR33/sorcerer/main.c:748:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newname[strlen(newname)-1] != *dir_sym)
data/pccts-1.33MR33/sorcerer/main.c:879:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &s[strlen(s)-1]; /* start at end of string and work back */
data/pccts-1.33MR33/sorcerer/main.c:907:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *) malloc(strlen(s)+1);
data/pccts-1.33MR33/sorcerer/main.c:997:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = &(decl[strlen(decl)-1]);
data/pccts-1.33MR33/sorcerer/main.c:1000:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
require(strlen(decl)>(size_t)0, "id_in_decl: empty decl");
data/pccts-1.33MR33/sorcerer/main.c:1009:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(id, start, end-start);
data/pccts-1.33MR33/sorcerer/main.c:1028:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &s[strlen(s)-1]; /* start at end of string and work back */
data/pccts-1.33MR33/sorcerer/main.c:1077:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &call[strlen(prefix)];
data/pccts-1.33MR33/sorcerer/main.c:1093:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tname, b, e-b+1);
data/pccts-1.33MR33/sorcerer/main.c:1106:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(duh);
data/pccts-1.33MR33/sorcerer/scan.c:38:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{(node)->token=_tok; strncpy((node)->text, _text,MaxAtom);}
data/pccts-1.33MR33/sorcerer/scan.c:789:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zzbegexpr[strlen(zzbegexpr)-1] = '\0';
data/pccts-1.33MR33/sorcerer/sor.c:39:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{(node)->token=_tok; strncpy((node)->text, _text,MaxAtom);}
data/pccts-1.33MR33/sorcerer/sor.c:372:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tokdefs_file[strlen(tokdefs_file)-1] = '\0';
data/pccts-1.33MR33/sorcerer/sor.c:414:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(CurClassName,LATEXT(1),MaxAtom);
data/pccts-1.33MR33/sorcerer/sor.c:421:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(CurClassName,LATEXT(1),MaxAtom);
data/pccts-1.33MR33/sorcerer/sor.c:1895:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(egroup) > (size_t)0 ) fprintf(stderr, " in %s", egroup);
data/pccts-1.33MR33/sorcerer/stdpccts.h:41:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{(node)->token=_tok; strncpy((node)->text, _text,MaxAtom);}
data/pccts-1.33MR33/support/DECmms/genmms.c:227:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATOKENBUFFER_O[strlen(ATOKENBUFFER_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:227:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATOKENBUFFER_O[strlen(ATOKENBUFFER_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:230:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
APARSER_O[strlen(APARSER_O)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:230:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
APARSER_O[strlen(APARSER_O)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:234:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASTBASE_O[strlen(ASTBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:234:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASTBASE_O[strlen(ASTBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:238:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PCCTSAST_O[strlen(PCCTSAST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:238:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PCCTSAST_O[strlen(PCCTSAST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:242:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LIST_O[strlen(LIST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:242:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LIST_O[strlen(LIST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:246:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DLEXERBASE_O[strlen(DLEXERBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:246:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DLEXERBASE_O[strlen(DLEXERBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/DECmms/genmms.c:648:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = &(*files)[strlen(*files)-1];
data/pccts-1.33MR33/support/genmk/genmk.c:389:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATOKENBUFFER_O[strlen(ATOKENBUFFER_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:389:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATOKENBUFFER_O[strlen(ATOKENBUFFER_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:392:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
APARSER_O[strlen(APARSER_O)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:392:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
APARSER_O[strlen(APARSER_O)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:396:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASTBASE_O[strlen(ASTBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:396:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASTBASE_O[strlen(ASTBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:400:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PCCTSAST_O[strlen(PCCTSAST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:400:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PCCTSAST_O[strlen(PCCTSAST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:404:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LIST_O[strlen(LIST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:404:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LIST_O[strlen(LIST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:408:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DLEXERBASE_O[strlen(DLEXERBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:408:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DLEXERBASE_O[strlen(DLEXERBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk.c:944:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = &(*files)[strlen(*files)-1];
data/pccts-1.33MR33/support/genmk/genmk_old.c:208:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(strcat(cfiles," "), t);
data/pccts-1.33MR33/support/genmk/genmk_old.c:266:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATOKENBUFFER_O[strlen(ATOKENBUFFER_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:266:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATOKENBUFFER_O[strlen(ATOKENBUFFER_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:269:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
APARSER_O[strlen(APARSER_O)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:269:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
APARSER_O[strlen(APARSER_O)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:273:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASTBASE_O[strlen(ASTBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:273:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASTBASE_O[strlen(ASTBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:277:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PCCTSAST_O[strlen(PCCTSAST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:277:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PCCTSAST_O[strlen(PCCTSAST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:281:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LIST_O[strlen(LIST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:281:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LIST_O[strlen(LIST_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:285:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DLEXERBASE_O[strlen(DLEXERBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:285:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DLEXERBASE_O[strlen(DLEXERBASE_C)-strlen(CPP_FILE_SUFFIX)] = '\0';
data/pccts-1.33MR33/support/genmk/genmk_old.c:658:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = &(*files)[strlen(*files)-1];
data/pccts-1.33MR33/support/set/set.c:557:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_new(a, strlen(s));
data/pccts-1.33MR33/testcpp/2/MyLexer.cpp:23:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pccts-1.33MR33/testcpp/2/MyLexer.cpp:39:34: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( c==' ' || c=='\n' ) c=getchar();
data/pccts-1.33MR33/testcpp/2/MyLexer.cpp:47:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pccts-1.33MR33/testcpp/2/MyLexer.cpp:61:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pccts-1.33MR33/testcpp/3/MyLexer.cpp:23:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pccts-1.33MR33/testcpp/3/MyLexer.cpp:39:34: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( c==' ' || c=='\n' ) c=getchar();
data/pccts-1.33MR33/testcpp/3/MyLexer.cpp:47:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pccts-1.33MR33/testcpp/3/MyLexer.cpp:61:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
ANALYSIS SUMMARY:
Hits = 642
Lines analyzed = 62677 in approximately 1.83 seconds (34343 lines/second)
Physical Source Lines of Code (SLOC) = 49301
Hits@level = [0] 2056 [1] 149 [2] 243 [3] 0 [4] 250 [5] 0
Hits@level+ = [0+] 2698 [1+] 642 [2+] 493 [3+] 250 [4+] 250 [5+] 0
Hits/KSLOC@level+ = [0+] 54.7251 [1+] 13.022 [2+] 9.9998 [3+] 5.07089 [4+] 5.07089 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.