Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pcp-5.2.2/qa/perfevent/mock_pfm.c
Examining data/pcp-5.2.2/qa/perfevent/mock_pfm.h
Examining data/pcp-5.2.2/qa/perfevent/mockperfinterface.c
Examining data/pcp-5.2.2/qa/perfevent/perf_event_test.c
Examining data/pcp-5.2.2/qa/perfevent/rapl_test.c
Examining data/pcp-5.2.2/qa/perfevent/threadtest.c
Examining data/pcp-5.2.2/qa/pmdas/bigun/bigun.c
Examining data/pcp-5.2.2/qa/pmdas/bigun/domain.h
Examining data/pcp-5.2.2/qa/pmdas/broken/broken_pmda.c
Examining data/pcp-5.2.2/qa/pmdas/broken/broken_pmda.v1.c
Examining data/pcp-5.2.2/qa/pmdas/broken/domain.h
Examining data/pcp-5.2.2/qa/pmdas/dynamic/domain.h
Examining data/pcp-5.2.2/qa/pmdas/dynamic/dynamic.c
Examining data/pcp-5.2.2/qa/pmdas/github-56/trivial.c
Examining data/pcp-5.2.2/qa/pmdas/schizo/domain.h
Examining data/pcp-5.2.2/qa/pmdas/schizo/schizo-A.c
Examining data/pcp-5.2.2/qa/pmdas/schizo/schizo-B.c
Examining data/pcp-5.2.2/qa/pmlogconv/libpcp.c
Examining data/pcp-5.2.2/qa/pmlogconv/logio.c
Examining data/pcp-5.2.2/qa/pmlogconv/pmlogconv.c
Examining data/pcp-5.2.2/qa/qt/qmc_context/qmc_context.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_desc/qmc_desc.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_dynamic/qmc_dynamic.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_event/qmc_event.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_format/qmc_format.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_hosts/qmc_hosts.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_indom/qmc_indom.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_metric/qmc_metric.cpp
Examining data/pcp-5.2.2/qa/qt/qmc_source/qmc_source.cpp
Examining data/pcp-5.2.2/qa/src/779246.c
Examining data/pcp-5.2.2/qa/src/addctxdm.c
Examining data/pcp-5.2.2/qa/src/addlabels.c
Examining data/pcp-5.2.2/qa/src/agenttimeout.c
Examining data/pcp-5.2.2/qa/src/aggrstore.c
Examining data/pcp-5.2.2/qa/src/anon-sa.c
Examining data/pcp-5.2.2/qa/src/arch_maxfd.c
Examining data/pcp-5.2.2/qa/src/archctl_segfault.c
Examining data/pcp-5.2.2/qa/src/archfetch.c
Examining data/pcp-5.2.2/qa/src/archinst.c
Examining data/pcp-5.2.2/qa/src/atomstr.c
Examining data/pcp-5.2.2/qa/src/badUnitsStr_r.c
Examining data/pcp-5.2.2/qa/src/badloglabel.c
Examining data/pcp-5.2.2/qa/src/badmmv.c
Examining data/pcp-5.2.2/qa/src/badpmcdpmid.c
Examining data/pcp-5.2.2/qa/src/badpmda.c
Examining data/pcp-5.2.2/qa/src/bcc_profile.c
Examining data/pcp-5.2.2/qa/src/chain.c
Examining data/pcp-5.2.2/qa/src/check_fault_injection.c
Examining data/pcp-5.2.2/qa/src/check_import.c
Examining data/pcp-5.2.2/qa/src/check_import_name.c
Examining data/pcp-5.2.2/qa/src/check_pmiend_fdleak.c
Examining data/pcp-5.2.2/qa/src/checkstructs.c
Examining data/pcp-5.2.2/qa/src/chk_memleak.c
Examining data/pcp-5.2.2/qa/src/chk_metric_types.c
Examining data/pcp-5.2.2/qa/src/chkacc1.c
Examining data/pcp-5.2.2/qa/src/chkacc2.c
Examining data/pcp-5.2.2/qa/src/chkacc3.c
Examining data/pcp-5.2.2/qa/src/chkacc4.c
Examining data/pcp-5.2.2/qa/src/chkconnect.c
Examining data/pcp-5.2.2/qa/src/chkctx2.c
Examining data/pcp-5.2.2/qa/src/chkhelp.c
Examining data/pcp-5.2.2/qa/src/chknumval.c
Examining data/pcp-5.2.2/qa/src/chkopenlog.c
Examining data/pcp-5.2.2/qa/src/chkoptfetch.c
Examining data/pcp-5.2.2/qa/src/chkputlogresult.c
Examining data/pcp-5.2.2/qa/src/chktrim.c
Examining data/pcp-5.2.2/qa/src/churnctx.c
Examining data/pcp-5.2.2/qa/src/clientid.c
Examining data/pcp-5.2.2/qa/src/clienttimeout.c
Examining data/pcp-5.2.2/qa/src/compare.c
Examining data/pcp-5.2.2/qa/src/context_fd_leak.c
Examining data/pcp-5.2.2/qa/src/context_test.c
Examining data/pcp-5.2.2/qa/src/countmark.c
Examining data/pcp-5.2.2/qa/src/crashpmcd.c
Examining data/pcp-5.2.2/qa/src/ctx_derive.c
Examining data/pcp-5.2.2/qa/src/debug.c
Examining data/pcp-5.2.2/qa/src/defctx.c
Examining data/pcp-5.2.2/qa/src/derived.c
Examining data/pcp-5.2.2/qa/src/descreqX2.c
Examining data/pcp-5.2.2/qa/src/disk_test.c
Examining data/pcp-5.2.2/qa/src/drain-server.c
Examining data/pcp-5.2.2/qa/src/dumb_pmda.c
Examining data/pcp-5.2.2/qa/src/endian.c
Examining data/pcp-5.2.2/qa/src/eofarch.c
Examining data/pcp-5.2.2/qa/src/eol.c
Examining data/pcp-5.2.2/qa/src/err.c
Examining data/pcp-5.2.2/qa/src/exectest.c
Examining data/pcp-5.2.2/qa/src/exercise.c
Examining data/pcp-5.2.2/qa/src/exercise_fault.c
Examining data/pcp-5.2.2/qa/src/exerlock.c
Examining data/pcp-5.2.2/qa/src/exertz.c
Examining data/pcp-5.2.2/qa/src/fetchgroup.c
Examining data/pcp-5.2.2/qa/src/fetchloop.c
Examining data/pcp-5.2.2/qa/src/fetchpdu.c
Examining data/pcp-5.2.2/qa/src/fetchrate.c
Examining data/pcp-5.2.2/qa/src/getconfig.c
Examining data/pcp-5.2.2/qa/src/getcontexthost.c
Examining data/pcp-5.2.2/qa/src/getdomainname.c
Examining data/pcp-5.2.2/qa/src/getoptions.c
Examining data/pcp-5.2.2/qa/src/getversion.c
Examining data/pcp-5.2.2/qa/src/github-50.c
Examining data/pcp-5.2.2/qa/src/grind_conv.c
Examining data/pcp-5.2.2/qa/src/grind_ctx.c
Examining data/pcp-5.2.2/qa/src/hanoi.c
Examining data/pcp-5.2.2/qa/src/hashwalk.c
Examining data/pcp-5.2.2/qa/src/hex2nbo.c
Examining data/pcp-5.2.2/qa/src/hp-mib.c
Examining data/pcp-5.2.2/qa/src/hrunpack.c
Examining data/pcp-5.2.2/qa/src/httpfetch.c
Examining data/pcp-5.2.2/qa/src/indom.c
Examining data/pcp-5.2.2/qa/src/indom2int.c
Examining data/pcp-5.2.2/qa/src/int2indom.c
Examining data/pcp-5.2.2/qa/src/int2pmid.c
Examining data/pcp-5.2.2/qa/src/interp0.c
Examining data/pcp-5.2.2/qa/src/interp1.c
Examining data/pcp-5.2.2/qa/src/interp2.c
Examining data/pcp-5.2.2/qa/src/interp3.c
Examining data/pcp-5.2.2/qa/src/interp4.c
Examining data/pcp-5.2.2/qa/src/interp_bug.c
Examining data/pcp-5.2.2/qa/src/interp_bug2.c
Examining data/pcp-5.2.2/qa/src/iohack.c
Examining data/pcp-5.2.2/qa/src/ipc.c
Examining data/pcp-5.2.2/qa/src/json_test.c
Examining data/pcp-5.2.2/qa/src/keycache.c
Examining data/pcp-5.2.2/qa/src/keycache2.c
Examining data/pcp-5.2.2/qa/src/killparent.c
Examining data/pcp-5.2.2/qa/src/labels.c
Examining data/pcp-5.2.2/qa/src/loadconfig2.c
Examining data/pcp-5.2.2/qa/src/loadderived.c
Examining data/pcp-5.2.2/qa/src/logcontrol.c
Examining data/pcp-5.2.2/qa/src/lookupnametest.c
Examining data/pcp-5.2.2/qa/src/mark-bug.c
Examining data/pcp-5.2.2/qa/src/matchInstanceName.c
Examining data/pcp-5.2.2/qa/src/mergelabels.c
Examining data/pcp-5.2.2/qa/src/mergelabelsets.c
Examining data/pcp-5.2.2/qa/src/mkfiles.c
Examining data/pcp-5.2.2/qa/src/mmv2_genstats.c
Examining data/pcp-5.2.2/qa/src/mmv2_instances.c
Examining data/pcp-5.2.2/qa/src/mmv2_nostats.c
Examining data/pcp-5.2.2/qa/src/mmv2_simple.c
Examining data/pcp-5.2.2/qa/src/mmv3_bad_labels.c
Examining data/pcp-5.2.2/qa/src/mmv3_genstats.c
Examining data/pcp-5.2.2/qa/src/mmv3_labels.c
Examining data/pcp-5.2.2/qa/src/mmv3_nostats.c
Examining data/pcp-5.2.2/qa/src/mmv3_simple.c
Examining data/pcp-5.2.2/qa/src/mmv_genstats.c
Examining data/pcp-5.2.2/qa/src/mmv_instances.c
Examining data/pcp-5.2.2/qa/src/mmv_noinit.c
Examining data/pcp-5.2.2/qa/src/mmv_nostats.c
Examining data/pcp-5.2.2/qa/src/mmv_ondisk.c
Examining data/pcp-5.2.2/qa/src/mmv_poke.c
Examining data/pcp-5.2.2/qa/src/mmv_simple.c
Examining data/pcp-5.2.2/qa/src/multictx.c
Examining data/pcp-5.2.2/qa/src/multifetch.c
Examining data/pcp-5.2.2/qa/src/multithread0.c
Examining data/pcp-5.2.2/qa/src/multithread1.c
Examining data/pcp-5.2.2/qa/src/multithread10.c
Examining data/pcp-5.2.2/qa/src/multithread11.c
Examining data/pcp-5.2.2/qa/src/multithread12.c
Examining data/pcp-5.2.2/qa/src/multithread13.c
Examining data/pcp-5.2.2/qa/src/multithread2.c
Examining data/pcp-5.2.2/qa/src/multithread3.c
Examining data/pcp-5.2.2/qa/src/multithread4.c
Examining data/pcp-5.2.2/qa/src/multithread5.c
Examining data/pcp-5.2.2/qa/src/multithread6.c
Examining data/pcp-5.2.2/qa/src/multithread7.c
Examining data/pcp-5.2.2/qa/src/multithread8.c
Examining data/pcp-5.2.2/qa/src/multithread9.c
Examining data/pcp-5.2.2/qa/src/nameall.c
Examining data/pcp-5.2.2/qa/src/nullinst.c
Examining data/pcp-5.2.2/qa/src/numberstr.c
Examining data/pcp-5.2.2/qa/src/nvidia-ml.c
Examining data/pcp-5.2.2/qa/src/obs.c
Examining data/pcp-5.2.2/qa/src/parsehostattrs.c
Examining data/pcp-5.2.2/qa/src/parsehostspec.c
Examining data/pcp-5.2.2/qa/src/parseinterval.c
Examining data/pcp-5.2.2/qa/src/parsemetricspec.c
Examining data/pcp-5.2.2/qa/src/pcp_lite_crash.c
Examining data/pcp-5.2.2/qa/src/pdu-server.c
Examining data/pcp-5.2.2/qa/src/pdubufbounds.c
Examining data/pcp-5.2.2/qa/src/pducheck.c
Examining data/pcp-5.2.2/qa/src/pducrash.c
Examining data/pcp-5.2.2/qa/src/permfetch.c
Examining data/pcp-5.2.2/qa/src/pmcdgone.c
Examining data/pcp-5.2.2/qa/src/pmconvscale.c
Examining data/pcp-5.2.2/qa/src/pmdacache.c
Examining data/pcp-5.2.2/qa/src/pmdaqueue.c
Examining data/pcp-5.2.2/qa/src/pmdashutdown.c
Examining data/pcp-5.2.2/qa/src/pmid2int.c
Examining data/pcp-5.2.2/qa/src/pmlcmacro.c
Examining data/pcp-5.2.2/qa/src/pmnsinarchives.c
Examining data/pcp-5.2.2/qa/src/pmnsunload.c
Examining data/pcp-5.2.2/qa/src/pmprintf.c
Examining data/pcp-5.2.2/qa/src/pmsocks_objstyle.c
Examining data/pcp-5.2.2/qa/src/pmsprintf.c
Examining data/pcp-5.2.2/qa/src/proc_test.c
Examining data/pcp-5.2.2/qa/src/profilecrash.c
Examining data/pcp-5.2.2/qa/src/progname.c
Examining data/pcp-5.2.2/qa/src/pthread_barrier.h
Examining data/pcp-5.2.2/qa/src/pv.c
Examining data/pcp-5.2.2/qa/src/qa_libpcp_compat.c
Examining data/pcp-5.2.2/qa/src/qa_msgctl_stat.c
Examining data/pcp-5.2.2/qa/src/qa_sem_msg_ctl.c
Examining data/pcp-5.2.2/qa/src/qa_semctl_stat.c
Examining data/pcp-5.2.2/qa/src/qa_shmctl.c
Examining data/pcp-5.2.2/qa/src/qa_shmctl_stat.c
Examining data/pcp-5.2.2/qa/src/qa_test.c
Examining data/pcp-5.2.2/qa/src/qa_timezone.c
Examining data/pcp-5.2.2/qa/src/read-bf.c
Examining data/pcp-5.2.2/qa/src/recon.c
Examining data/pcp-5.2.2/qa/src/record-setarg.c
Examining data/pcp-5.2.2/qa/src/record.c
Examining data/pcp-5.2.2/qa/src/rootclient.c
Examining data/pcp-5.2.2/qa/src/rtimetest.c
Examining data/pcp-5.2.2/qa/src/scale.c
Examining data/pcp-5.2.2/qa/src/scanmeta.c
Examining data/pcp-5.2.2/qa/src/semstr.c
Examining data/pcp-5.2.2/qa/src/sha1int2ext.c
Examining data/pcp-5.2.2/qa/src/slow_af.c
Examining data/pcp-5.2.2/qa/src/sortinst.c
Examining data/pcp-5.2.2/qa/src/spawn.c
Examining data/pcp-5.2.2/qa/src/statvfs.c
Examining data/pcp-5.2.2/qa/src/store.c
Examining data/pcp-5.2.2/qa/src/store_and_fetch.c
Examining data/pcp-5.2.2/qa/src/storepast.c
Examining data/pcp-5.2.2/qa/src/storepdu.c
Examining data/pcp-5.2.2/qa/src/storepmcd.c
Examining data/pcp-5.2.2/qa/src/stripmark.c
Examining data/pcp-5.2.2/qa/src/sum16.c
Examining data/pcp-5.2.2/qa/src/t_fetch.c
Examining data/pcp-5.2.2/qa/src/tabort.c
Examining data/pcp-5.2.2/qa/src/template.c
Examining data/pcp-5.2.2/qa/src/test_service_notify.c
Examining data/pcp-5.2.2/qa/src/timeshift.c
Examining data/pcp-5.2.2/qa/src/torture-eol.c
Examining data/pcp-5.2.2/qa/src/torture_api.c
Examining data/pcp-5.2.2/qa/src/torture_cache.c
Examining data/pcp-5.2.2/qa/src/torture_indom.c
Examining data/pcp-5.2.2/qa/src/torture_logmeta.c
Examining data/pcp-5.2.2/qa/src/torture_pmns.c
Examining data/pcp-5.2.2/qa/src/torture_trace.c
Examining data/pcp-5.2.2/qa/src/traverse_return_codes.c
Examining data/pcp-5.2.2/qa/src/tstate.c
Examining data/pcp-5.2.2/qa/src/tztest.c
Examining data/pcp-5.2.2/qa/src/units-parse.c
Examining data/pcp-5.2.2/qa/src/unpack.c
Examining data/pcp-5.2.2/qa/src/unpickargs.c
Examining data/pcp-5.2.2/qa/src/username.c
Examining data/pcp-5.2.2/qa/src/whichtimezone.c
Examining data/pcp-5.2.2/qa/src/wrap_int.c
Examining data/pcp-5.2.2/qa/src/write-bf.c
Examining data/pcp-5.2.2/qa/src/xarch.c
Examining data/pcp-5.2.2/qa/src/xlog.c
Examining data/pcp-5.2.2/qa/src/xmktime.c
Examining data/pcp-5.2.2/qa/src/xval.c
Examining data/pcp-5.2.2/qa/src/xxx.c
Examining data/pcp-5.2.2/src/autofsd-probe/autofsd-probe.c
Examining data/pcp-5.2.2/src/collectl2pcp/collectl2pcp.c
Examining data/pcp-5.2.2/src/collectl2pcp/cpu.c
Examining data/pcp-5.2.2/src/collectl2pcp/disk.c
Examining data/pcp-5.2.2/src/collectl2pcp/generic.c
Examining data/pcp-5.2.2/src/collectl2pcp/header.c
Examining data/pcp-5.2.2/src/collectl2pcp/load.c
Examining data/pcp-5.2.2/src/collectl2pcp/metrics.c
Examining data/pcp-5.2.2/src/collectl2pcp/metrics.h
Examining data/pcp-5.2.2/src/collectl2pcp/net.c
Examining data/pcp-5.2.2/src/collectl2pcp/pmdesc.c
Examining data/pcp-5.2.2/src/collectl2pcp/proc.c
Examining data/pcp-5.2.2/src/collectl2pcp/timestamp.c
Examining data/pcp-5.2.2/src/collectl2pcp/util.c
Examining data/pcp-5.2.2/src/dbpmda/src/dbpmda.c
Examining data/pcp-5.2.2/src/dbpmda/src/dbpmda.h
Examining data/pcp-5.2.2/src/dbpmda/src/dso.c
Examining data/pcp-5.2.2/src/dbpmda/src/lex.h
Examining data/pcp-5.2.2/src/dbpmda/src/pmda.c
Examining data/pcp-5.2.2/src/dbpmda/src/util.c
Examining data/pcp-5.2.2/src/external/crc16.c
Examining data/pcp-5.2.2/src/external/crc16.h
Examining data/pcp-5.2.2/src/external/dict.c
Examining data/pcp-5.2.2/src/external/dict.h
Examining data/pcp-5.2.2/src/external/http_parser.c
Examining data/pcp-5.2.2/src/external/http_parser.h
Examining data/pcp-5.2.2/src/external/ini.c
Examining data/pcp-5.2.2/src/external/ini.h
Examining data/pcp-5.2.2/src/external/jsmn.c
Examining data/pcp-5.2.2/src/external/jsmn.h
Examining data/pcp-5.2.2/src/external/jsonsl.c
Examining data/pcp-5.2.2/src/external/jsonsl.h
Examining data/pcp-5.2.2/src/external/lookup2.c
Examining data/pcp-5.2.2/src/external/sds.c
Examining data/pcp-5.2.2/src/external/sds.h
Examining data/pcp-5.2.2/src/external/sha1.c
Examining data/pcp-5.2.2/src/external/sha1.h
Examining data/pcp-5.2.2/src/external/sha256.c
Examining data/pcp-5.2.2/src/external/sha256.h
Examining data/pcp-5.2.2/src/external/siphash.c
Examining data/pcp-5.2.2/src/external/sort_r.h
Examining data/pcp-5.2.2/src/external/uv_callback.c
Examining data/pcp-5.2.2/src/external/uv_callback.h
Examining data/pcp-5.2.2/src/find-filter/find-filter.c
Examining data/pcp-5.2.2/src/include/pcp/config32.h
Examining data/pcp-5.2.2/src/include/pcp/config64.h
Examining data/pcp-5.2.2/src/include/pcp/deprecated.h
Examining data/pcp-5.2.2/src/include/pcp/fault.h
Examining data/pcp-5.2.2/src/include/pcp/impl.h
Examining data/pcp-5.2.2/src/include/pcp/import.h
Examining data/pcp-5.2.2/src/include/pcp/libpcp.h
Examining data/pcp-5.2.2/src/include/pcp/mmv_dev.h
Examining data/pcp-5.2.2/src/include/pcp/mmv_stats.h
Examining data/pcp-5.2.2/src/include/pcp/platform32.h
Examining data/pcp-5.2.2/src/include/pcp/platform64.h
Examining data/pcp-5.2.2/src/include/pcp/pmafm.h
Examining data/pcp-5.2.2/src/include/pcp/pmapi.h
Examining data/pcp-5.2.2/src/include/pcp/pmda.h
Examining data/pcp-5.2.2/src/include/pcp/pmdaroot.h
Examining data/pcp-5.2.2/src/include/pcp/pmdbg.h
Examining data/pcp-5.2.2/src/include/pcp/pmhttp.h
Examining data/pcp-5.2.2/src/include/pcp/pmjson.h
Examining data/pcp-5.2.2/src/include/pcp/pmtime.h
Examining data/pcp-5.2.2/src/include/pcp/pmwebapi.h
Examining data/pcp-5.2.2/src/include/pcp/trace.h
Examining data/pcp-5.2.2/src/include/pcp/trace_dev.h
Examining data/pcp-5.2.2/src/libpcp/src/AF.c
Examining data/pcp-5.2.2/src/libpcp/src/access.c
Examining data/pcp-5.2.2/src/libpcp/src/accounts.c
Examining data/pcp-5.2.2/src/libpcp/src/auxconnect.c
Examining data/pcp-5.2.2/src/libpcp/src/auxserver.c
Examining data/pcp-5.2.2/src/libpcp/src/avahi.c
Examining data/pcp-5.2.2/src/libpcp/src/avahi.h
Examining data/pcp-5.2.2/src/libpcp/src/compiler.h
Examining data/pcp-5.2.2/src/libpcp/src/config.c
Examining data/pcp-5.2.2/src/libpcp/src/connect.c
Examining data/pcp-5.2.2/src/libpcp/src/connectlocal.c
Examining data/pcp-5.2.2/src/libpcp/src/context.c
Examining data/pcp-5.2.2/src/libpcp/src/deprecated.c
Examining data/pcp-5.2.2/src/libpcp/src/derive.h
Examining data/pcp-5.2.2/src/libpcp/src/derive_fetch.c
Examining data/pcp-5.2.2/src/libpcp/src/desc.c
Examining data/pcp-5.2.2/src/libpcp/src/discovery.c
Examining data/pcp-5.2.2/src/libpcp/src/endian.c
Examining data/pcp-5.2.2/src/libpcp/src/err.c
Examining data/pcp-5.2.2/src/libpcp/src/events.c
Examining data/pcp-5.2.2/src/libpcp/src/exec.c
Examining data/pcp-5.2.2/src/libpcp/src/fault.c
Examining data/pcp-5.2.2/src/libpcp/src/fetch.c
Examining data/pcp-5.2.2/src/libpcp/src/fetchgroup.c
Examining data/pcp-5.2.2/src/libpcp/src/fetchlocal.c
Examining data/pcp-5.2.2/src/libpcp/src/freeresult.c
Examining data/pcp-5.2.2/src/libpcp/src/getopt.c
Examining data/pcp-5.2.2/src/libpcp/src/hash.c
Examining data/pcp-5.2.2/src/libpcp/src/help.c
Examining data/pcp-5.2.2/src/libpcp/src/instance.c
Examining data/pcp-5.2.2/src/libpcp/src/internal.h
Examining data/pcp-5.2.2/src/libpcp/src/interp.c
Examining data/pcp-5.2.2/src/libpcp/src/io.c
Examining data/pcp-5.2.2/src/libpcp/src/io_stdio.c
Examining data/pcp-5.2.2/src/libpcp/src/io_xz.c
Examining data/pcp-5.2.2/src/libpcp/src/ipc.c
Examining data/pcp-5.2.2/src/libpcp/src/labels.c
Examining data/pcp-5.2.2/src/libpcp/src/lock.c
Examining data/pcp-5.2.2/src/libpcp/src/logconnect.c
Examining data/pcp-5.2.2/src/libpcp/src/logcontrol.c
Examining data/pcp-5.2.2/src/libpcp/src/logmeta.c
Examining data/pcp-5.2.2/src/libpcp/src/logportmap.c
Examining data/pcp-5.2.2/src/libpcp/src/logutil.c
Examining data/pcp-5.2.2/src/libpcp/src/optfetch.c
Examining data/pcp-5.2.2/src/libpcp/src/p_attr.c
Examining data/pcp-5.2.2/src/libpcp/src/p_creds.c
Examining data/pcp-5.2.2/src/libpcp/src/p_desc.c
Examining data/pcp-5.2.2/src/libpcp/src/p_error.c
Examining data/pcp-5.2.2/src/libpcp/src/p_fetch.c
Examining data/pcp-5.2.2/src/libpcp/src/p_instance.c
Examining data/pcp-5.2.2/src/libpcp/src/p_label.c
Examining data/pcp-5.2.2/src/libpcp/src/p_lcontrol.c
Examining data/pcp-5.2.2/src/libpcp/src/p_lrequest.c
Examining data/pcp-5.2.2/src/libpcp/src/p_lstatus.c
Examining data/pcp-5.2.2/src/libpcp/src/p_pmns.c
Examining data/pcp-5.2.2/src/libpcp/src/p_profile.c
Examining data/pcp-5.2.2/src/libpcp/src/p_result.c
Examining data/pcp-5.2.2/src/libpcp/src/p_text.c
Examining data/pcp-5.2.2/src/libpcp/src/pdu.c
Examining data/pcp-5.2.2/src/libpcp/src/pdubuf.c
Examining data/pcp-5.2.2/src/libpcp/src/pmns.c
Examining data/pcp-5.2.2/src/libpcp/src/profile.c
Examining data/pcp-5.2.2/src/libpcp/src/rtime.c
Examining data/pcp-5.2.2/src/libpcp/src/secureconnect.c
Examining data/pcp-5.2.2/src/libpcp/src/secureserver.c
Examining data/pcp-5.2.2/src/libpcp/src/shellprobe.c
Examining data/pcp-5.2.2/src/libpcp/src/shellprobe.h
Examining data/pcp-5.2.2/src/libpcp/src/sortinst.c
Examining data/pcp-5.2.2/src/libpcp/src/spec.c
Examining data/pcp-5.2.2/src/libpcp/src/store.c
Examining data/pcp-5.2.2/src/libpcp/src/stuffvalue.c
Examining data/pcp-5.2.2/src/libpcp/src/subnetprobe.c
Examining data/pcp-5.2.2/src/libpcp/src/subnetprobe.h
Examining data/pcp-5.2.2/src/libpcp/src/tv.c
Examining data/pcp-5.2.2/src/libpcp/src/tz.c
Examining data/pcp-5.2.2/src/libpcp/src/units.c
Examining data/pcp-5.2.2/src/libpcp/src/util.c
Examining data/pcp-5.2.2/src/libpcp/src/win32.c
Examining data/pcp-5.2.2/src/libpcp_gui/src/record.c
Examining data/pcp-5.2.2/src/libpcp_gui/src/timeclient.c
Examining data/pcp-5.2.2/src/libpcp_gui/src/timestate.c
Examining data/pcp-5.2.2/src/libpcp_import/src/archive.c
Examining data/pcp-5.2.2/src/libpcp_import/src/import.c
Examining data/pcp-5.2.2/src/libpcp_import/src/private.h
Examining data/pcp-5.2.2/src/libpcp_import/src/stuff.c
Examining data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c
Examining data/pcp-5.2.2/src/libpcp_pmcd/src/client.c
Examining data/pcp-5.2.2/src/libpcp_pmcd/src/data.c
Examining data/pcp-5.2.2/src/libpcp_pmcd/src/trace.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/cache.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/callback.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/context.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/dynamic.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/events.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/help.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/libdefs.h
Examining data/pcp-5.2.2/src/libpcp_pmda/src/mainloop.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/open.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/queues.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/queues.h
Examining data/pcp-5.2.2/src/libpcp_pmda/src/root.c
Examining data/pcp-5.2.2/src/libpcp_pmda/src/tree.c
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_actionlist.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_actionlist.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_app.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_bar.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_bar.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_colorlist.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_colorlist.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_colorpicker.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_colorpicker.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_console.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_console.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_fileiconprovider.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_fileiconprovider.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_gadget.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_gadget.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_label.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_label.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_led.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_led.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_legend.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_legend.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_line.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_line.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_recorddialog.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_recorddialog.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_statusbar.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_statusbar.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_timebutton.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_timebutton.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.h
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_viewcontrol.cpp
Examining data/pcp-5.2.2/src/libpcp_qed/src/qed_viewcontrol.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_context.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_context.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_desc.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_desc.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_group.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_group.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_indom.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_indom.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_source.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_source.h
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp
Examining data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_legend.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_legend.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_scale.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_scale.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_scale_draw.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_scale_draw.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_slider.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_abstract_slider.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_analog_clock.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_analog_clock.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_arrow_button.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_arrow_button.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_clipper.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_clipper.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_color_map.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_color_map.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_column_symbol.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_column_symbol.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_compass.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_compass.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_compass_rose.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_compass_rose.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_compat.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_counter.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_counter.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_curve_fitter.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_curve_fitter.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_dial.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_dial.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_dial_needle.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_dial_needle.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_double_range.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_double_range.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_dyngrid_layout.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_dyngrid_layout.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_event_pattern.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_event_pattern.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_global.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_graphic.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_graphic.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_interval.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_interval.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_interval_symbol.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_interval_symbol.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_knob.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_knob.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_legend.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_legend.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_legend_data.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_legend_data.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_legend_label.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_legend_label.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_magnifier.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_magnifier.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_math.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_math.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_matrix_raster_data.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_matrix_raster_data.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_null_paintdevice.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_null_paintdevice.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_painter.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_painter.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_painter_command.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_painter_command.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_panner.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_panner.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker_machine.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker_machine.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_pixel_matrix.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_pixel_matrix.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_axis.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_canvas.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_canvas.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_curve.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_curve.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_dict.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_dict.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_directpainter.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_directpainter.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_grid.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_grid.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_histogram.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_histogram.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_intervalcurve.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_intervalcurve.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_item.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_item.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_layout.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_layout.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_magnifier.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_magnifier.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_marker.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_marker.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_panner.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_panner.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_picker.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_picker.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_rasteritem.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_rasteritem.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_renderer.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_renderer.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_rescaler.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_rescaler.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_scaleitem.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_scaleitem.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_seriesitem.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_seriesitem.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_spectrocurve.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_spectrocurve.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_spectrogram.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_spectrogram.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_svgitem.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_svgitem.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_xml.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_zoomer.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_zoomer.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_3d.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_3d.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_data.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_data.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_mapper.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_mapper.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_polar.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_polar.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_raster_data.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_raster_data.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_round_scale_draw.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_round_scale_draw.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_sampling_thread.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_sampling_thread.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_div.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_div.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_draw.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_draw.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_engine.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_engine.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_map.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_map.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_widget.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_scale_widget.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_series_data.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_series_data.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_series_store.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_slider.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_slider.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_spline.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_spline.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_symbol.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_symbol.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_system_clock.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_system_clock.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_text.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_text.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_text_engine.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_text_engine.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_text_label.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_text_label.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_thermo.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_thermo.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_transform.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_transform.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_wheel.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_wheel.h
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_widget_overlay.cpp
Examining data/pcp-5.2.2/src/libpcp_qwt/src/qwt_widget_overlay.h
Examining data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c
Examining data/pcp-5.2.2/src/libpcp_trace/src/hash.c
Examining data/pcp-5.2.2/src/libpcp_trace/src/hash.h
Examining data/pcp-5.2.2/src/libpcp_trace/src/p_ack.c
Examining data/pcp-5.2.2/src/libpcp_trace/src/p_data.c
Examining data/pcp-5.2.2/src/libpcp_trace/src/pdu.c
Examining data/pcp-5.2.2/src/libpcp_trace/src/pdubuf.c
Examining data/pcp-5.2.2/src/libpcp_trace/src/trace.c
Examining data/pcp-5.2.2/src/libpcp_web/src/batons.c
Examining data/pcp-5.2.2/src/libpcp_web/src/batons.h
Examining data/pcp-5.2.2/src/libpcp_web/src/config.c
Examining data/pcp-5.2.2/src/libpcp_web/src/discover.c
Examining data/pcp-5.2.2/src/libpcp_web/src/discover.h
Examining data/pcp-5.2.2/src/libpcp_web/src/encoding.c
Examining data/pcp-5.2.2/src/libpcp_web/src/encoding.h
Examining data/pcp-5.2.2/src/libpcp_web/src/http_client.c
Examining data/pcp-5.2.2/src/libpcp_web/src/http_client.h
Examining data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c
Examining data/pcp-5.2.2/src/libpcp_web/src/libuv.c
Examining data/pcp-5.2.2/src/libpcp_web/src/libuv.h
Examining data/pcp-5.2.2/src/libpcp_web/src/load.c
Examining data/pcp-5.2.2/src/libpcp_web/src/load.h
Examining data/pcp-5.2.2/src/libpcp_web/src/maps.c
Examining data/pcp-5.2.2/src/libpcp_web/src/maps.h
Examining data/pcp-5.2.2/src/libpcp_web/src/net.c
Examining data/pcp-5.2.2/src/libpcp_web/src/net.h
Examining data/pcp-5.2.2/src/libpcp_web/src/nodiscover.c
Examining data/pcp-5.2.2/src/libpcp_web/src/nowebgroup.c
Examining data/pcp-5.2.2/src/libpcp_web/src/private.h
Examining data/pcp-5.2.2/src/libpcp_web/src/query.c
Examining data/pcp-5.2.2/src/libpcp_web/src/query.h
Examining data/pcp-5.2.2/src/libpcp_web/src/redis.c
Examining data/pcp-5.2.2/src/libpcp_web/src/redis.h
Examining data/pcp-5.2.2/src/libpcp_web/src/schema.c
Examining data/pcp-5.2.2/src/libpcp_web/src/schema.h
Examining data/pcp-5.2.2/src/libpcp_web/src/sdsalloc.h
Examining data/pcp-5.2.2/src/libpcp_web/src/search.c
Examining data/pcp-5.2.2/src/libpcp_web/src/search.h
Examining data/pcp-5.2.2/src/libpcp_web/src/slots.c
Examining data/pcp-5.2.2/src/libpcp_web/src/slots.h
Examining data/pcp-5.2.2/src/libpcp_web/src/ssl.c
Examining data/pcp-5.2.2/src/libpcp_web/src/util.c
Examining data/pcp-5.2.2/src/libpcp_web/src/util.h
Examining data/pcp-5.2.2/src/libpcp_web/src/webgroup.c
Examining data/pcp-5.2.2/src/libpcp_web/src/zmalloc.h
Examining data/pcp-5.2.2/src/newhelp/chkhelp.c
Examining data/pcp-5.2.2/src/newhelp/newhelp.c
Examining data/pcp-5.2.2/src/pcp/atop/atop.c
Examining data/pcp-5.2.2/src/pcp/atop/atop.h
Examining data/pcp-5.2.2/src/pcp/atop/atopsar.c
Examining data/pcp-5.2.2/src/pcp/atop/deviate.c
Examining data/pcp-5.2.2/src/pcp/atop/gpucom.c
Examining data/pcp-5.2.2/src/pcp/atop/gpucom.h
Examining data/pcp-5.2.2/src/pcp/atop/ifprop.c
Examining data/pcp-5.2.2/src/pcp/atop/ifprop.h
Examining data/pcp-5.2.2/src/pcp/atop/modules.c
Examining data/pcp-5.2.2/src/pcp/atop/netstats.h
Examining data/pcp-5.2.2/src/pcp/atop/parseable.c
Examining data/pcp-5.2.2/src/pcp/atop/parseable.h
Examining data/pcp-5.2.2/src/pcp/atop/photoproc.c
Examining data/pcp-5.2.2/src/pcp/atop/photoproc.h
Examining data/pcp-5.2.2/src/pcp/atop/photosyst.c
Examining data/pcp-5.2.2/src/pcp/atop/photosyst.h
Examining data/pcp-5.2.2/src/pcp/atop/procdbase.c
Examining data/pcp-5.2.2/src/pcp/atop/showgeneric.c
Examining data/pcp-5.2.2/src/pcp/atop/showgeneric.h
Examining data/pcp-5.2.2/src/pcp/atop/showlinux.c
Examining data/pcp-5.2.2/src/pcp/atop/showlinux.h
Examining data/pcp-5.2.2/src/pcp/atop/showprocs.c
Examining data/pcp-5.2.2/src/pcp/atop/showsys.c
Examining data/pcp-5.2.2/src/pcp/atop/various.c
Examining data/pcp-5.2.2/src/pcp/atop/version.c
Examining data/pcp-5.2.2/src/perl/PMDA/cvalue.c
Examining data/pcp-5.2.2/src/perl/PMDA/local.c
Examining data/pcp-5.2.2/src/perl/PMDA/local.h
Examining data/pcp-5.2.2/src/pmcd/src/agent.c
Examining data/pcp-5.2.2/src/pmcd/src/client.c
Examining data/pcp-5.2.2/src/pmcd/src/client.h
Examining data/pcp-5.2.2/src/pmcd/src/config.c
Examining data/pcp-5.2.2/src/pmcd/src/dofetch.c
Examining data/pcp-5.2.2/src/pmcd/src/dopdus.c
Examining data/pcp-5.2.2/src/pmcd/src/dostore.c
Examining data/pcp-5.2.2/src/pmcd/src/pmcd.c
Examining data/pcp-5.2.2/src/pmcd/src/pmcd.h
Examining data/pcp-5.2.2/src/pmcd_wait/pmcd_wait.c
Examining data/pcp-5.2.2/src/pmchart/aboutdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/aboutdialog.h
Examining data/pcp-5.2.2/src/pmchart/chart.cpp
Examining data/pcp-5.2.2/src/pmchart/chart.h
Examining data/pcp-5.2.2/src/pmchart/chartdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/chartdialog.h
Examining data/pcp-5.2.2/src/pmchart/colorbutton.cpp
Examining data/pcp-5.2.2/src/pmchart/colorbutton.h
Examining data/pcp-5.2.2/src/pmchart/colorscheme.cpp
Examining data/pcp-5.2.2/src/pmchart/colorscheme.h
Examining data/pcp-5.2.2/src/pmchart/exportdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/exportdialog.h
Examining data/pcp-5.2.2/src/pmchart/gadget.cpp
Examining data/pcp-5.2.2/src/pmchart/gadget.h
Examining data/pcp-5.2.2/src/pmchart/groupcontrol.cpp
Examining data/pcp-5.2.2/src/pmchart/groupcontrol.h
Examining data/pcp-5.2.2/src/pmchart/hostdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/hostdialog.h
Examining data/pcp-5.2.2/src/pmchart/infodialog.cpp
Examining data/pcp-5.2.2/src/pmchart/infodialog.h
Examining data/pcp-5.2.2/src/pmchart/main.cpp
Examining data/pcp-5.2.2/src/pmchart/main.h
Examining data/pcp-5.2.2/src/pmchart/metricdetails.cpp
Examining data/pcp-5.2.2/src/pmchart/metricdetails.h
Examining data/pcp-5.2.2/src/pmchart/namespace.cpp
Examining data/pcp-5.2.2/src/pmchart/namespace.h
Examining data/pcp-5.2.2/src/pmchart/openviewdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/openviewdialog.h
Examining data/pcp-5.2.2/src/pmchart/pmchart.cpp
Examining data/pcp-5.2.2/src/pmchart/pmchart.h
Examining data/pcp-5.2.2/src/pmchart/recorddialog.cpp
Examining data/pcp-5.2.2/src/pmchart/recorddialog.h
Examining data/pcp-5.2.2/src/pmchart/samplesdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/samplesdialog.h
Examining data/pcp-5.2.2/src/pmchart/sampling.cpp
Examining data/pcp-5.2.2/src/pmchart/sampling.h
Examining data/pcp-5.2.2/src/pmchart/saveviewdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/saveviewdialog.h
Examining data/pcp-5.2.2/src/pmchart/searchdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/searchdialog.h
Examining data/pcp-5.2.2/src/pmchart/seealsodialog.cpp
Examining data/pcp-5.2.2/src/pmchart/seealsodialog.h
Examining data/pcp-5.2.2/src/pmchart/settingsdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/settingsdialog.h
Examining data/pcp-5.2.2/src/pmchart/statusbar.cpp
Examining data/pcp-5.2.2/src/pmchart/statusbar.h
Examining data/pcp-5.2.2/src/pmchart/tab.cpp
Examining data/pcp-5.2.2/src/pmchart/tab.h
Examining data/pcp-5.2.2/src/pmchart/tabdialog.cpp
Examining data/pcp-5.2.2/src/pmchart/tabdialog.h
Examining data/pcp-5.2.2/src/pmchart/tabwidget.cpp
Examining data/pcp-5.2.2/src/pmchart/tabwidget.h
Examining data/pcp-5.2.2/src/pmchart/timeaxis.cpp
Examining data/pcp-5.2.2/src/pmchart/timeaxis.h
Examining data/pcp-5.2.2/src/pmchart/timecontrol.cpp
Examining data/pcp-5.2.2/src/pmchart/timecontrol.h
Examining data/pcp-5.2.2/src/pmchart/tracing.cpp
Examining data/pcp-5.2.2/src/pmchart/tracing.h
Examining data/pcp-5.2.2/src/pmchart/view.cpp
Examining data/pcp-5.2.2/src/pmclient/pmclient.c
Examining data/pcp-5.2.2/src/pmclient/pmclient_fg.c
Examining data/pcp-5.2.2/src/pmconfig/pmconfig.c
Examining data/pcp-5.2.2/src/pmcpp/pmcpp.c
Examining data/pcp-5.2.2/src/pmdas/aix/aix.c
Examining data/pcp-5.2.2/src/pmdas/aix/common.h
Examining data/pcp-5.2.2/src/pmdas/aix/cpu.c
Examining data/pcp-5.2.2/src/pmdas/aix/cpu_total.c
Examining data/pcp-5.2.2/src/pmdas/aix/data.c
Examining data/pcp-5.2.2/src/pmdas/aix/disk.c
Examining data/pcp-5.2.2/src/pmdas/aix/disk_total.c
Examining data/pcp-5.2.2/src/pmdas/aix/netif.c
Examining data/pcp-5.2.2/src/pmdas/apache/apache.c
Examining data/pcp-5.2.2/src/pmdas/bash/bash.c
Examining data/pcp-5.2.2/src/pmdas/bash/event.c
Examining data/pcp-5.2.2/src/pmdas/bash/event.h
Examining data/pcp-5.2.2/src/pmdas/bash/util.c
Examining data/pcp-5.2.2/src/pmdas/cifs/pmda.c
Examining data/pcp-5.2.2/src/pmdas/cifs/pmdacifs.h
Examining data/pcp-5.2.2/src/pmdas/cifs/stats.c
Examining data/pcp-5.2.2/src/pmdas/cifs/stats.h
Examining data/pcp-5.2.2/src/pmdas/cisco/cisco.c
Examining data/pcp-5.2.2/src/pmdas/cisco/cisco.h
Examining data/pcp-5.2.2/src/pmdas/cisco/interface.c
Examining data/pcp-5.2.2/src/pmdas/cisco/pmda.c
Examining data/pcp-5.2.2/src/pmdas/cisco/probe.c
Examining data/pcp-5.2.2/src/pmdas/cisco/telnet.c
Examining data/pcp-5.2.2/src/pmdas/darwin/darwin.h
Examining data/pcp-5.2.2/src/pmdas/darwin/disk.c
Examining data/pcp-5.2.2/src/pmdas/darwin/disk.h
Examining data/pcp-5.2.2/src/pmdas/darwin/kernel.c
Examining data/pcp-5.2.2/src/pmdas/darwin/network.c
Examining data/pcp-5.2.2/src/pmdas/darwin/network.h
Examining data/pcp-5.2.2/src/pmdas/darwin/pmda.c
Examining data/pcp-5.2.2/src/pmdas/dm/dmcache.c
Examining data/pcp-5.2.2/src/pmdas/dm/dmcache.h
Examining data/pcp-5.2.2/src/pmdas/dm/dmstats.c
Examining data/pcp-5.2.2/src/pmdas/dm/dmstats.h
Examining data/pcp-5.2.2/src/pmdas/dm/dmthin.c
Examining data/pcp-5.2.2/src/pmdas/dm/dmthin.h
Examining data/pcp-5.2.2/src/pmdas/dm/indom.h
Examining data/pcp-5.2.2/src/pmdas/dm/pmda.c
Examining data/pcp-5.2.2/src/pmdas/dm/vdo.c
Examining data/pcp-5.2.2/src/pmdas/dm/vdo.h
Examining data/pcp-5.2.2/src/pmdas/docker/docker.c
Examining data/pcp-5.2.2/src/pmdas/etw/event.c
Examining data/pcp-5.2.2/src/pmdas/etw/event.h
Examining data/pcp-5.2.2/src/pmdas/etw/pmda.c
Examining data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c
Examining data/pcp-5.2.2/src/pmdas/etw/tdhlist.c
Examining data/pcp-5.2.2/src/pmdas/etw/util.c
Examining data/pcp-5.2.2/src/pmdas/etw/util.h
Examining data/pcp-5.2.2/src/pmdas/freebsd/disk.c
Examining data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c
Examining data/pcp-5.2.2/src/pmdas/freebsd/freebsd.h
Examining data/pcp-5.2.2/src/pmdas/freebsd/netif.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/control.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/control.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/ftrace.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/glocks.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/glocks.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/glstats.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/glstats.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/latency.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/latency.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/pmda.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/pmdagfs2.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/sbstats.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/sbstats.h
Examining data/pcp-5.2.2/src/pmdas/gfs2/worst_glock.c
Examining data/pcp-5.2.2/src/pmdas/gfs2/worst_glock.h
Examining data/pcp-5.2.2/src/pmdas/infiniband/ib.c
Examining data/pcp-5.2.2/src/pmdas/infiniband/ibpmda.h
Examining data/pcp-5.2.2/src/pmdas/infiniband/pmda.c
Examining data/pcp-5.2.2/src/pmdas/jbd2/convert.h
Examining data/pcp-5.2.2/src/pmdas/jbd2/pmda.c
Examining data/pcp-5.2.2/src/pmdas/jbd2/proc_jbd2.c
Examining data/pcp-5.2.2/src/pmdas/jbd2/proc_jbd2.h
Examining data/pcp-5.2.2/src/pmdas/json/acme_json.c
Examining data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c
Examining data/pcp-5.2.2/src/pmdas/kvm/kvmstat.h
Examining data/pcp-5.2.2/src/pmdas/linux/convert.h
Examining data/pcp-5.2.2/src/pmdas/linux/filesys.c
Examining data/pcp-5.2.2/src/pmdas/linux/filesys.h
Examining data/pcp-5.2.2/src/pmdas/linux/getinfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/getinfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/interrupts.c
Examining data/pcp-5.2.2/src/pmdas/linux/interrupts.h
Examining data/pcp-5.2.2/src/pmdas/linux/ipc.c
Examining data/pcp-5.2.2/src/pmdas/linux/ipc.h
Examining data/pcp-5.2.2/src/pmdas/linux/ksm.c
Examining data/pcp-5.2.2/src/pmdas/linux/ksm.h
Examining data/pcp-5.2.2/src/pmdas/linux/linux.h
Examining data/pcp-5.2.2/src/pmdas/linux/linux_table.c
Examining data/pcp-5.2.2/src/pmdas/linux/linux_table.h
Examining data/pcp-5.2.2/src/pmdas/linux/login.c
Examining data/pcp-5.2.2/src/pmdas/linux/login.h
Examining data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c
Examining data/pcp-5.2.2/src/pmdas/linux/namespaces.c
Examining data/pcp-5.2.2/src/pmdas/linux/namespaces.h
Examining data/pcp-5.2.2/src/pmdas/linux/numa_meminfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/numa_meminfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/pmda.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_fs_nfsd.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_fs_nfsd.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_loadavg.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_loadavg.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_locks.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_locks.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_meminfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_meminfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_netstat.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_netstat.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_raw.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_raw.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_rpc.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_rpc.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp6.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp6.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_tcp.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_tcp.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_udp.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_udp.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_unix.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_net_unix.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_partitions.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_pressure.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_pressure.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_scsi.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_scsi.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_stat.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_stat.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_sys_fs.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_sys_fs.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_sys_kernel.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_sys_kernel.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_tty.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_tty.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_uptime.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_uptime.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_vmstat.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_vmstat.h
Examining data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c
Examining data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.h
Examining data/pcp-5.2.2/src/pmdas/linux/swapdev.c
Examining data/pcp-5.2.2/src/pmdas/linux/swapdev.h
Examining data/pcp-5.2.2/src/pmdas/linux/sysfs_kernel.c
Examining data/pcp-5.2.2/src/pmdas/linux/sysfs_kernel.h
Examining data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c
Examining data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/acct.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/acct.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/clusters.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/config.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/config.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/contexts.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/contexts.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/error.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/gram_node.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/gram_node.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/help_text.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/hotproc.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/hotproc.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/indom.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/proc_dynamic.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/proc_dynamic.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.h
Examining data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.c
Examining data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.h
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/clusters.h
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.h
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/indom.h
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/pmda.c
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c
Examining data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.h
Examining data/pcp-5.2.2/src/pmdas/logger/event.c
Examining data/pcp-5.2.2/src/pmdas/logger/event.h
Examining data/pcp-5.2.2/src/pmdas/logger/logger.c
Examining data/pcp-5.2.2/src/pmdas/logger/util.c
Examining data/pcp-5.2.2/src/pmdas/logger/util.h
Examining data/pcp-5.2.2/src/pmdas/lustrecomm/file_indexed.c
Examining data/pcp-5.2.2/src/pmdas/lustrecomm/file_single.c
Examining data/pcp-5.2.2/src/pmdas/lustrecomm/libreadfiles.h
Examining data/pcp-5.2.2/src/pmdas/lustrecomm/lustrecomm.c
Examining data/pcp-5.2.2/src/pmdas/lustrecomm/refresh_file.c
Examining data/pcp-5.2.2/src/pmdas/lustrecomm/timespec_routines.c
Examining data/pcp-5.2.2/src/pmdas/mailq/mailq.c
Examining data/pcp-5.2.2/src/pmdas/mmv/acme.c
Examining data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c
Examining data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c
Examining data/pcp-5.2.2/src/pmdas/mounts/mounts.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/disk.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/filesys.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/netbsd.h
Examining data/pcp-5.2.2/src/pmdas/netbsd/netif.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/percpu.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/swap.c
Examining data/pcp-5.2.2/src/pmdas/netbsd/vm_uvmexp.c
Examining data/pcp-5.2.2/src/pmdas/nvidia/localnvml.c
Examining data/pcp-5.2.2/src/pmdas/nvidia/localnvml.h
Examining data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/disk.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/filesys.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/netif.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/openbsd.h
Examining data/pcp-5.2.2/src/pmdas/openbsd/percpu.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/swap.c
Examining data/pcp-5.2.2/src/pmdas/openbsd/vm_uvmexp.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/architecture.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/architecture.h
Examining data/pcp-5.2.2/src/pmdas/perfevent/configparser.h
Examining data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/parse_events.h
Examining data/pcp-5.2.2/src/pmdas/perfevent/perfalloc.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.h
Examining data/pcp-5.2.2/src/pmdas/perfevent/perflock.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/perflock.h
Examining data/pcp-5.2.2/src/pmdas/perfevent/perfmanager.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/perfmanager.h
Examining data/pcp-5.2.2/src/pmdas/perfevent/pmda.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c
Examining data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.h
Examining data/pcp-5.2.2/src/pmdas/pipe/event.c
Examining data/pcp-5.2.2/src/pmdas/pipe/event.h
Examining data/pcp-5.2.2/src/pmdas/pipe/pipe.c
Examining data/pcp-5.2.2/src/pmdas/pipe/util.c
Examining data/pcp-5.2.2/src/pmdas/pipe/util.h
Examining data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c
Examining data/pcp-5.2.2/src/pmdas/podman/context.c
Examining data/pcp-5.2.2/src/pmdas/podman/pmda.c
Examining data/pcp-5.2.2/src/pmdas/podman/podman.h
Examining data/pcp-5.2.2/src/pmdas/podman/varlink.c
Examining data/pcp-5.2.2/src/pmdas/process/process.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/dsread.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/dsread.h
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/ds2480.h
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/ds2480ut.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/linuxlnk.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/mlan.h
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/mlanllu.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/mlannetu.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/mlansesu.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/mlan/mlantrnu.c
Examining data/pcp-5.2.2/src/pmdas/roomtemp/roomtemp.c
Examining data/pcp-5.2.2/src/pmdas/root/agent.c
Examining data/pcp-5.2.2/src/pmdas/root/docker.c
Examining data/pcp-5.2.2/src/pmdas/root/docker.h
Examining data/pcp-5.2.2/src/pmdas/root/lxc.c
Examining data/pcp-5.2.2/src/pmdas/root/lxc.h
Examining data/pcp-5.2.2/src/pmdas/root/podman.c
Examining data/pcp-5.2.2/src/pmdas/root/podman.h
Examining data/pcp-5.2.2/src/pmdas/root/root.c
Examining data/pcp-5.2.2/src/pmdas/root/root.h
Examining data/pcp-5.2.2/src/pmdas/rpm/rpm.c
Examining data/pcp-5.2.2/src/pmdas/rpm/rpm.h
Examining data/pcp-5.2.2/src/pmdas/rpm/timer.c
Examining data/pcp-5.2.2/src/pmdas/rpm/timer.h
Examining data/pcp-5.2.2/src/pmdas/sample/domain.h
Examining data/pcp-5.2.2/src/pmdas/sample/src/events.c
Examining data/pcp-5.2.2/src/pmdas/sample/src/events.h
Examining data/pcp-5.2.2/src/pmdas/sample/src/percontext.c
Examining data/pcp-5.2.2/src/pmdas/sample/src/percontext.h
Examining data/pcp-5.2.2/src/pmdas/sample/src/pmda.c
Examining data/pcp-5.2.2/src/pmdas/sample/src/sample.c
Examining data/pcp-5.2.2/src/pmdas/sendmail/sendmail.c
Examining data/pcp-5.2.2/src/pmdas/shping/pmda.c
Examining data/pcp-5.2.2/src/pmdas/shping/shping.c
Examining data/pcp-5.2.2/src/pmdas/shping/shping.h
Examining data/pcp-5.2.2/src/pmdas/simple/simple.c
Examining data/pcp-5.2.2/src/pmdas/smart/pmda.c
Examining data/pcp-5.2.2/src/pmdas/smart/pmdasmart.h
Examining data/pcp-5.2.2/src/pmdas/smart/smart_stats.c
Examining data/pcp-5.2.2/src/pmdas/smart/smart_stats.h
Examining data/pcp-5.2.2/src/pmdas/solaris/arcstats.c
Examining data/pcp-5.2.2/src/pmdas/solaris/clusters.h
Examining data/pcp-5.2.2/src/pmdas/solaris/common.h
Examining data/pcp-5.2.2/src/pmdas/solaris/data.c
Examining data/pcp-5.2.2/src/pmdas/solaris/disk.c
Examining data/pcp-5.2.2/src/pmdas/solaris/kvm.c
Examining data/pcp-5.2.2/src/pmdas/solaris/netlink.c
Examining data/pcp-5.2.2/src/pmdas/solaris/netmib2.c
Examining data/pcp-5.2.2/src/pmdas/solaris/netmib2.h
Examining data/pcp-5.2.2/src/pmdas/solaris/solaris.c
Examining data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c
Examining data/pcp-5.2.2/src/pmdas/solaris/vnops.c
Examining data/pcp-5.2.2/src/pmdas/solaris/zfs.c
Examining data/pcp-5.2.2/src/pmdas/solaris/zpool.c
Examining data/pcp-5.2.2/src/pmdas/solaris/zpool_perdisk.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-counter.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-counter.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-duration-exact.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-duration-exact.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-duration-hdr.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-duration-hdr.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-duration.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-duration.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-gauge.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-gauge.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-stats.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-stats.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregators.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/aggregators.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/config-reader.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/config-reader.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/dict-callbacks.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/dict-callbacks.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/network-listener.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/network-listener.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parser-ragel.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parsers.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/parsers.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/pmdastatsd.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/pmdastatsd.h
Examining data/pcp-5.2.2/src/pmdas/statsd/src/utils.c
Examining data/pcp-5.2.2/src/pmdas/statsd/src/utils.h
Examining data/pcp-5.2.2/src/pmdas/summary/mainloop.c
Examining data/pcp-5.2.2/src/pmdas/summary/pmda.c
Examining data/pcp-5.2.2/src/pmdas/summary/summary.c
Examining data/pcp-5.2.2/src/pmdas/summary/summary.h
Examining data/pcp-5.2.2/src/pmdas/systemd/systemd.c
Examining data/pcp-5.2.2/src/pmdas/trace/app1.c
Examining data/pcp-5.2.2/src/pmdas/trace/app2.c
Examining data/pcp-5.2.2/src/pmdas/trace/app3.c
Examining data/pcp-5.2.2/src/pmdas/trace/src/client.c
Examining data/pcp-5.2.2/src/pmdas/trace/src/client.h
Examining data/pcp-5.2.2/src/pmdas/trace/src/comms.c
Examining data/pcp-5.2.2/src/pmdas/trace/src/comms.h
Examining data/pcp-5.2.2/src/pmdas/trace/src/data.c
Examining data/pcp-5.2.2/src/pmdas/trace/src/data.h
Examining data/pcp-5.2.2/src/pmdas/trace/src/pmda.c
Examining data/pcp-5.2.2/src/pmdas/trace/src/trace.c
Examining data/pcp-5.2.2/src/pmdas/trace/stub.c
Examining data/pcp-5.2.2/src/pmdas/trivial/trivial.c
Examining data/pcp-5.2.2/src/pmdas/txmon/txmon.c
Examining data/pcp-5.2.2/src/pmdas/txmon/txmon.h
Examining data/pcp-5.2.2/src/pmdas/txmon/txrecord.c
Examining data/pcp-5.2.2/src/pmdas/weblog/check_match.c
Examining data/pcp-5.2.2/src/pmdas/weblog/pmda.c
Examining data/pcp-5.2.2/src/pmdas/weblog/sproc.c
Examining data/pcp-5.2.2/src/pmdas/weblog/weblog.c
Examining data/pcp-5.2.2/src/pmdas/weblog/weblog.h
Examining data/pcp-5.2.2/src/pmdas/windows/error.c
Examining data/pcp-5.2.2/src/pmdas/windows/fetch.c
Examining data/pcp-5.2.2/src/pmdas/windows/helptext.c
Examining data/pcp-5.2.2/src/pmdas/windows/hypnotoad.h
Examining data/pcp-5.2.2/src/pmdas/windows/instance.c
Examining data/pcp-5.2.2/src/pmdas/windows/open.c
Examining data/pcp-5.2.2/src/pmdas/windows/pdhlist.c
Examining data/pcp-5.2.2/src/pmdas/windows/pmda.c
Examining data/pcp-5.2.2/src/pmdate/pmdate.c
Examining data/pcp-5.2.2/src/pmdbg/pmdbg.c
Examining data/pcp-5.2.2/src/pmdumplog/pmdumplog.c
Examining data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp
Examining data/pcp-5.2.2/src/pmerr/pmerr.c
Examining data/pcp-5.2.2/src/pmfind/nosource.c
Examining data/pcp-5.2.2/src/pmfind/pmfind.c
Examining data/pcp-5.2.2/src/pmfind/source.c
Examining data/pcp-5.2.2/src/pmfind/source.h
Examining data/pcp-5.2.2/src/pmgadgets/global.h
Examining data/pcp-5.2.2/src/pmgadgets/main.cpp
Examining data/pcp-5.2.2/src/pmgadgets/parse.cpp
Examining data/pcp-5.2.2/src/pmgadgets/pmgadgets.cpp
Examining data/pcp-5.2.2/src/pmgadgets/pmgadgets.h
Examining data/pcp-5.2.2/src/pmgadgets/tokens.h
Examining data/pcp-5.2.2/src/pmgetopt/pmgetopt.c
Examining data/pcp-5.2.2/src/pmhostname/pmhostname.c
Examining data/pcp-5.2.2/src/pmie/src/andor.c
Examining data/pcp-5.2.2/src/pmie/src/andor.h
Examining data/pcp-5.2.2/src/pmie/src/dstruct.c
Examining data/pcp-5.2.2/src/pmie/src/dstruct.h
Examining data/pcp-5.2.2/src/pmie/src/eval.c
Examining data/pcp-5.2.2/src/pmie/src/eval.h
Examining data/pcp-5.2.2/src/pmie/src/fun.h
Examining data/pcp-5.2.2/src/pmie/src/lexicon.c
Examining data/pcp-5.2.2/src/pmie/src/lexicon.h
Examining data/pcp-5.2.2/src/pmie/src/logger.h
Examining data/pcp-5.2.2/src/pmie/src/match_inst.c
Examining data/pcp-5.2.2/src/pmie/src/pmie.c
Examining data/pcp-5.2.2/src/pmie/src/pmie_dump_stats.c
Examining data/pcp-5.2.2/src/pmie/src/pragmatics.c
Examining data/pcp-5.2.2/src/pmie/src/pragmatics.h
Examining data/pcp-5.2.2/src/pmie/src/show.c
Examining data/pcp-5.2.2/src/pmie/src/show.h
Examining data/pcp-5.2.2/src/pmie/src/stats.h
Examining data/pcp-5.2.2/src/pmie/src/stomp.c
Examining data/pcp-5.2.2/src/pmie/src/stomp.h
Examining data/pcp-5.2.2/src/pmie/src/symbol.c
Examining data/pcp-5.2.2/src/pmie/src/symbol.h
Examining data/pcp-5.2.2/src/pmie/src/syntax.c
Examining data/pcp-5.2.2/src/pmie/src/syntax.h
Examining data/pcp-5.2.2/src/pmie/src/systemlog.c
Examining data/pcp-5.2.2/src/pmie/src/systemlog.h
Examining data/pcp-5.2.2/src/pmieconf/io.c
Examining data/pcp-5.2.2/src/pmieconf/pmieconf.c
Examining data/pcp-5.2.2/src/pmieconf/rate-syscalls.c
Examining data/pcp-5.2.2/src/pmieconf/rules.c
Examining data/pcp-5.2.2/src/pmieconf/rules.h
Examining data/pcp-5.2.2/src/pmiestatus/pmiestatus.c
Examining data/pcp-5.2.2/src/pminfo/pminfo.c
Examining data/pcp-5.2.2/src/pmjson/pmjson.c
Examining data/pcp-5.2.2/src/pmlc/actions.c
Examining data/pcp-5.2.2/src/pmlc/pmlc.c
Examining data/pcp-5.2.2/src/pmlc/pmlc.h
Examining data/pcp-5.2.2/src/pmlc/util.c
Examining data/pcp-5.2.2/src/pmlock/pmlock.c
Examining data/pcp-5.2.2/src/pmlogcheck/logcheck.h
Examining data/pcp-5.2.2/src/pmlogcheck/pass0.c
Examining data/pcp-5.2.2/src/pmlogcheck/pass1.c
Examining data/pcp-5.2.2/src/pmlogcheck/pass2.c
Examining data/pcp-5.2.2/src/pmlogcheck/pass3.c
Examining data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c
Examining data/pcp-5.2.2/src/pmlogconf/pmlogconf.c
Examining data/pcp-5.2.2/src/pmlogconf/pmlogconf.h
Examining data/pcp-5.2.2/src/pmlogconf/pmrepconf.c
Examining data/pcp-5.2.2/src/pmlogconf/util.c
Examining data/pcp-5.2.2/src/pmlogconf/util.h
Examining data/pcp-5.2.2/src/pmlogextract/error.c
Examining data/pcp-5.2.2/src/pmlogextract/logger.h
Examining data/pcp-5.2.2/src/pmlogextract/logio.c
Examining data/pcp-5.2.2/src/pmlogextract/metriclist.c
Examining data/pcp-5.2.2/src/pmlogextract/pmlogextract.c
Examining data/pcp-5.2.2/src/pmlogger/src/callback.c
Examining data/pcp-5.2.2/src/pmlogger/src/checks.c
Examining data/pcp-5.2.2/src/pmlogger/src/dopdu.c
Examining data/pcp-5.2.2/src/pmlogger/src/error.c
Examining data/pcp-5.2.2/src/pmlogger/src/events.c
Examining data/pcp-5.2.2/src/pmlogger/src/fetch.c
Examining data/pcp-5.2.2/src/pmlogger/src/logger.h
Examining data/pcp-5.2.2/src/pmlogger/src/logue.c
Examining data/pcp-5.2.2/src/pmlogger/src/pmlogger.c
Examining data/pcp-5.2.2/src/pmlogger/src/ports.c
Examining data/pcp-5.2.2/src/pmlogger/src/rewrite.c
Examining data/pcp-5.2.2/src/pmlogger/src/util.c
Examining data/pcp-5.2.2/src/pmloglabel/pmloglabel.c
Examining data/pcp-5.2.2/src/pmlogmv/pmlogmv.c
Examining data/pcp-5.2.2/src/pmlogpaste/pmlogpaste.c
Examining data/pcp-5.2.2/src/pmlogreduce/dometric.c
Examining data/pcp-5.2.2/src/pmlogreduce/indom.c
Examining data/pcp-5.2.2/src/pmlogreduce/logio.c
Examining data/pcp-5.2.2/src/pmlogreduce/pmlogreduce.c
Examining data/pcp-5.2.2/src/pmlogreduce/pmlogreduce.h
Examining data/pcp-5.2.2/src/pmlogreduce/rewrite.c
Examining data/pcp-5.2.2/src/pmlogreduce/scan.c
Examining data/pcp-5.2.2/src/pmlogrewrite/indom.c
Examining data/pcp-5.2.2/src/pmlogrewrite/label.c
Examining data/pcp-5.2.2/src/pmlogrewrite/logger.h
Examining data/pcp-5.2.2/src/pmlogrewrite/logio.c
Examining data/pcp-5.2.2/src/pmlogrewrite/metric.c
Examining data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c
Examining data/pcp-5.2.2/src/pmlogrewrite/result.c
Examining data/pcp-5.2.2/src/pmlogrewrite/text.c
Examining data/pcp-5.2.2/src/pmlogrewrite/util.c
Examining data/pcp-5.2.2/src/pmlogsize/data.c
Examining data/pcp-5.2.2/src/pmlogsize/index.c
Examining data/pcp-5.2.2/src/pmlogsize/logsize.h
Examining data/pcp-5.2.2/src/pmlogsize/meta.c
Examining data/pcp-5.2.2/src/pmlogsize/pmlogsize.c
Examining data/pcp-5.2.2/src/pmlogsummary/pmlogsummary.c
Examining data/pcp-5.2.2/src/pmns/pmnsdel.c
Examining data/pcp-5.2.2/src/pmns/pmnsmerge.c
Examining data/pcp-5.2.2/src/pmns/pmnsutil.c
Examining data/pcp-5.2.2/src/pmns/pmnsutil.h
Examining data/pcp-5.2.2/src/pmpost/pmpost.c
Examining data/pcp-5.2.2/src/pmprobe/pmprobe.c
Examining data/pcp-5.2.2/src/pmproxy/src/deprecated.c
Examining data/pcp-5.2.2/src/pmproxy/src/http.c
Examining data/pcp-5.2.2/src/pmproxy/src/http.h
Examining data/pcp-5.2.2/src/pmproxy/src/openmetrics.c
Examining data/pcp-5.2.2/src/pmproxy/src/openmetrics.h
Examining data/pcp-5.2.2/src/pmproxy/src/pcp.c
Examining data/pcp-5.2.2/src/pmproxy/src/pcp.h
Examining data/pcp-5.2.2/src/pmproxy/src/pmproxy.c
Examining data/pcp-5.2.2/src/pmproxy/src/pmproxy.h
Examining data/pcp-5.2.2/src/pmproxy/src/redis.c
Examining data/pcp-5.2.2/src/pmproxy/src/search.c
Examining data/pcp-5.2.2/src/pmproxy/src/secure.c
Examining data/pcp-5.2.2/src/pmproxy/src/series.c
Examining data/pcp-5.2.2/src/pmproxy/src/server.c
Examining data/pcp-5.2.2/src/pmproxy/src/server.h
Examining data/pcp-5.2.2/src/pmproxy/src/webapi.c
Examining data/pcp-5.2.2/src/pmpython/pmpython.c
Examining data/pcp-5.2.2/src/pmquery/main.cpp
Examining data/pcp-5.2.2/src/pmquery/pmquery.cpp
Examining data/pcp-5.2.2/src/pmquery/pmquery.h
Examining data/pcp-5.2.2/src/pmsearch/pmsearch.c
Examining data/pcp-5.2.2/src/pmseries/pmseries.c
Examining data/pcp-5.2.2/src/pmsleep/pmsleep.c
Examining data/pcp-5.2.2/src/pmstat/pmstat.c
Examining data/pcp-5.2.2/src/pmstore/pmstore.c
Examining data/pcp-5.2.2/src/pmtime/aboutdialog.cpp
Examining data/pcp-5.2.2/src/pmtime/aboutdialog.h
Examining data/pcp-5.2.2/src/pmtime/console.cpp
Examining data/pcp-5.2.2/src/pmtime/console.h
Examining data/pcp-5.2.2/src/pmtime/main.cpp
Examining data/pcp-5.2.2/src/pmtime/pmtime.cpp
Examining data/pcp-5.2.2/src/pmtime/pmtime.h
Examining data/pcp-5.2.2/src/pmtime/pmtimearch.cpp
Examining data/pcp-5.2.2/src/pmtime/pmtimearch.h
Examining data/pcp-5.2.2/src/pmtime/pmtimelive.cpp
Examining data/pcp-5.2.2/src/pmtime/pmtimelive.h
Examining data/pcp-5.2.2/src/pmtime/seealsodialog.cpp
Examining data/pcp-5.2.2/src/pmtime/seealsodialog.h
Examining data/pcp-5.2.2/src/pmtime/showboundsdialog.cpp
Examining data/pcp-5.2.2/src/pmtime/showboundsdialog.h
Examining data/pcp-5.2.2/src/pmtime/timelord.cpp
Examining data/pcp-5.2.2/src/pmtime/timelord.h
Examining data/pcp-5.2.2/src/pmtime/timezone.h
Examining data/pcp-5.2.2/src/pmtrace/pmtrace.c
Examining data/pcp-5.2.2/src/pmval/event.c
Examining data/pcp-5.2.2/src/pmval/pmval.c
Examining data/pcp-5.2.2/src/pmval/pmval.h
Examining data/pcp-5.2.2/src/pmview/barmod.cpp
Examining data/pcp-5.2.2/src/pmview/barmod.h
Examining data/pcp-5.2.2/src/pmview/barobj.cpp
Examining data/pcp-5.2.2/src/pmview/barobj.h
Examining data/pcp-5.2.2/src/pmview/baseobj.cpp
Examining data/pcp-5.2.2/src/pmview/baseobj.h
Examining data/pcp-5.2.2/src/pmview/colorlist.cpp
Examining data/pcp-5.2.2/src/pmview/colorlist.h
Examining data/pcp-5.2.2/src/pmview/colormod.cpp
Examining data/pcp-5.2.2/src/pmview/colormod.h
Examining data/pcp-5.2.2/src/pmview/colorscale.cpp
Examining data/pcp-5.2.2/src/pmview/colorscale.h
Examining data/pcp-5.2.2/src/pmview/colorscalemod.cpp
Examining data/pcp-5.2.2/src/pmview/colorscalemod.h
Examining data/pcp-5.2.2/src/pmview/defaultobj.cpp
Examining data/pcp-5.2.2/src/pmview/defaultobj.h
Examining data/pcp-5.2.2/src/pmview/error.cpp
Examining data/pcp-5.2.2/src/pmview/gridobj.cpp
Examining data/pcp-5.2.2/src/pmview/gridobj.h
Examining data/pcp-5.2.2/src/pmview/labelobj.cpp
Examining data/pcp-5.2.2/src/pmview/labelobj.h
Examining data/pcp-5.2.2/src/pmview/launch.cpp
Examining data/pcp-5.2.2/src/pmview/launch.h
Examining data/pcp-5.2.2/src/pmview/link.cpp
Examining data/pcp-5.2.2/src/pmview/link.h
Examining data/pcp-5.2.2/src/pmview/main.cpp
Examining data/pcp-5.2.2/src/pmview/main.h
Examining data/pcp-5.2.2/src/pmview/metriclist.cpp
Examining data/pcp-5.2.2/src/pmview/metriclist.h
Examining data/pcp-5.2.2/src/pmview/modlist.cpp
Examining data/pcp-5.2.2/src/pmview/modlist.h
Examining data/pcp-5.2.2/src/pmview/modobj.h
Examining data/pcp-5.2.2/src/pmview/modulate.cpp
Examining data/pcp-5.2.2/src/pmview/modulate.h
Examining data/pcp-5.2.2/src/pmview/pcpcolor.cpp
Examining data/pcp-5.2.2/src/pmview/pcpcolor.h
Examining data/pcp-5.2.2/src/pmview/pipeobj.cpp
Examining data/pcp-5.2.2/src/pmview/pipeobj.h
Examining data/pcp-5.2.2/src/pmview/pmview.cpp
Examining data/pcp-5.2.2/src/pmview/pmview.h
Examining data/pcp-5.2.2/src/pmview/scalemod.cpp
Examining data/pcp-5.2.2/src/pmview/scalemod.h
Examining data/pcp-5.2.2/src/pmview/scenefileobj.cpp
Examining data/pcp-5.2.2/src/pmview/scenefileobj.h
Examining data/pcp-5.2.2/src/pmview/scenegroup.cpp
Examining data/pcp-5.2.2/src/pmview/scenegroup.h
Examining data/pcp-5.2.2/src/pmview/stackmod.cpp
Examining data/pcp-5.2.2/src/pmview/stackmod.h
Examining data/pcp-5.2.2/src/pmview/stackobj.cpp
Examining data/pcp-5.2.2/src/pmview/stackobj.h
Examining data/pcp-5.2.2/src/pmview/text.cpp
Examining data/pcp-5.2.2/src/pmview/text.h
Examining data/pcp-5.2.2/src/pmview/togglemod.cpp
Examining data/pcp-5.2.2/src/pmview/togglemod.h
Examining data/pcp-5.2.2/src/pmview/viewobj.cpp
Examining data/pcp-5.2.2/src/pmview/viewobj.h
Examining data/pcp-5.2.2/src/pmview/xing.cpp
Examining data/pcp-5.2.2/src/pmview/xing.h
Examining data/pcp-5.2.2/src/pmview/yscalemod.cpp
Examining data/pcp-5.2.2/src/pmview/yscalemod.h
Examining data/pcp-5.2.2/src/procmemstat/procmemstat.c
Examining data/pcp-5.2.2/src/python/mmv.c
Examining data/pcp-5.2.2/src/python/pmapi.c
Examining data/pcp-5.2.2/src/python/pmda.c
Examining data/pcp-5.2.2/src/python/pmgui.c
Examining data/pcp-5.2.2/src/python/pmi.c
Examining data/pcp-5.2.2/src/telnet-probe/telnet-probe.c
Examining data/pcp-5.2.2/src/win32ctl/eventlog/pcp-eventlog.c
Examining data/pcp-5.2.2/src/win32ctl/include/_mingw_unicode.h
Examining data/pcp-5.2.2/src/win32ctl/include/evntcons.h
Examining data/pcp-5.2.2/src/win32ctl/include/evntprov.h
Examining data/pcp-5.2.2/src/win32ctl/include/evntrace.h
Examining data/pcp-5.2.2/src/win32ctl/include/pdh.h
Examining data/pcp-5.2.2/src/win32ctl/include/pdhmsg.h
Examining data/pcp-5.2.2/src/win32ctl/include/pshpack8.h
Examining data/pcp-5.2.2/src/win32ctl/include/tdh.h
Examining data/pcp-5.2.2/src/win32ctl/include/tdhmsg.h
Examining data/pcp-5.2.2/src/win32ctl/include/winevt.h
Examining data/pcp-5.2.2/src/win32ctl/include/winmeta.h
Examining data/pcp-5.2.2/src/win32ctl/include/winperf.h
Examining data/pcp-5.2.2/src/win32ctl/include/wmistr.h
Examining data/pcp-5.2.2/src/win32ctl/services/pcp-services.c
Examining data/pcp-5.2.2/src/win32ctl/setevent/pcp-setevent.c
Examining data/pcp-5.2.2/src/zabbix-agent/src/module.h
Examining data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c
FINAL RESULTS:
data/pcp-5.2.2/src/libpcp/src/auxserver.c:309:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void)chmod(pidpath, S_IRUSR | S_IRGRP | S_IROTH);
data/pcp-5.2.2/src/libpcp/src/auxserver.c:586:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
sts = chmod(address, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
data/pcp-5.2.2/src/libpcp/src/win32.c:656:1: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
readlink(const char *path, char *buf, size_t bufsiz)
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:189:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
sts = chmod(sockname, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:194:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
sts = chown(sockname, pw->pw_uid, pw->pw_gid);
data/pcp-5.2.2/src/libpcp_web/src/discover.c:618:6: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(buf, flags_str[i].name, sizeof(buf)-1);
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:434:18: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((size = readlink(path, name, sizeof(name))) < 0)
data/pcp-5.2.2/src/pmlogger/src/ports.c:58:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
plen = readlink(linkfile, pbuf, (size_t)MAXPATHLEN);
data/pcp-5.2.2/src/pmlogger/src/ports.c:334:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
sts = chmod(socketPath, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
data/pcp-5.2.2/src/pmlogger/src/ports.c:575:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(ctlfile, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
data/pcp-5.2.2/src/pmlogger/src/ports.c:694:16: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((pidlen = readlink(linkSocketPath, pidfile, sizeof(pidfile))) > 0) {
data/pcp-5.2.2/src/pmns/pmnsdel.c:198:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(outfname, sbuf.st_mode & ~S_IFMT);
data/pcp-5.2.2/src/pmns/pmnsdel.c:200:6: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(outfname, sbuf.st_uid, sbuf.st_gid) < 0)
data/pcp-5.2.2/src/pmpost/pmpost.c:56:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if ((sts = chown(path, 0, gid)) < 0)
data/pcp-5.2.2/qa/pmdas/github-56/trivial.c:49:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf[0], metric);
data/pcp-5.2.2/qa/pmlogconv/pmlogconv.c:250:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logctl.l_label.ill_hostname, inarch.label.ll_hostname);
data/pcp-5.2.2/qa/pmlogconv/pmlogconv.c:251:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logctl.l_label.ill_tz, inarch.label.ll_tz);
data/pcp-5.2.2/qa/qt/qmc_desc/qmc_desc.cpp:76:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("pminfo -d hinv.ncpu") < 0) {
data/pcp-5.2.2/qa/qt/qmc_dynamic/qmc_dynamic.cpp:24:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "pmstore %s %s > /dev/null\n", name, inst);
data/pcp-5.2.2/qa/qt/qmc_dynamic/qmc_dynamic.cpp:26:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) < 0) {
data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp:478:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "pmstore %s %s > /dev/null\n", name, inst);
data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp:480:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) < 0) {
data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp:485:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("pminfo -f dynamic") < 0) {
data/pcp-5.2.2/qa/src/badmmv.c:214:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(insts->external, name);
data/pcp-5.2.2/qa/src/badmmv.c:315:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(metric->name, name);
data/pcp-5.2.2/qa/src/chkopenlog.c:28:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("ls -l /tmp/chk.fout");
data/pcp-5.2.2/qa/src/clientid.c:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, TAG);
data/pcp-5.2.2/qa/src/clientid.c:74:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cp, argv[a]);
data/pcp-5.2.2/qa/src/clientid.c:80:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("pminfo -f pmcd.client.whoami");
data/pcp-5.2.2/qa/src/context_fd_leak.c:102:12: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = execvp(childArgv[0], childArgv);
data/pcp-5.2.2/qa/src/mkfiles.c:49:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, argv[1]);
data/pcp-5.2.2/qa/src/pdu-server.c:706:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "%s: MYPID %" FMT_PID, pmGetProgname(), mypid);
data/pcp-5.2.2/qa/src/pdu-server.c:712:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, fmt, mypid);
data/pcp-5.2.2/qa/src/pmcdgone.c:47:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; ( ls -l $PCP_TMP_DIR/pmlogger/primary; cat $PCP_TMP_DIR/pmlogger/primary ) | sed -e 's/^/+ /' >&2");
data/pcp-5.2.2/qa/src/pmcdgone.c:347:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("systemctl stop pmcd");
data/pcp-5.2.2/qa/src/pmcdgone.c:349:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; $PCP_RC_DIR/pmcd stop");
data/pcp-5.2.2/qa/src/pmcdgone.c:389:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("systemctl stop pmlogger");
data/pcp-5.2.2/qa/src/pmcdgone.c:391:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; $PCP_RC_DIR/pmlogger stop");
data/pcp-5.2.2/qa/src/pmcdgone.c:394:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("systemctl restart pmcd");
data/pcp-5.2.2/qa/src/pmcdgone.c:396:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; path_opt=''; if [ $PCP_PLATFORM = linux ]; then path_opt=pmlogger/; fi; pmafm $PCP_LOG_DIR/$path_opt`hostname`/Latest remove 2>/dev/null | sh");
data/pcp-5.2.2/qa/src/pmcdgone.c:399:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; $PCP_RC_DIR/pmcd restart");
data/pcp-5.2.2/qa/src/pmcdgone.c:405:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(path, X_OK) == 0) {
data/pcp-5.2.2/qa/src/pmcdgone.c:406:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; [ -x $PCP_BINADM_DIR/pmcd_wait ] && $PCP_BINADM_DIR/pmcd_wait");
data/pcp-5.2.2/qa/src/pmcdgone.c:412:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("systemctl restart pmlogger");
data/pcp-5.2.2/qa/src/pmcdgone.c:414:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; $PCP_RC_DIR/pmlogger restart");
data/pcp-5.2.2/qa/src/pmcdgone.c:418:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("systemctl status pmlogger.service");
data/pcp-5.2.2/qa/src/pmcdgone.c:419:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("journalctl -xe");
data/pcp-5.2.2/qa/src/pmcdgone.c:423:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(". $PCP_DIR/etc/pcp.env; ( cat common.check; echo _wait_for_pmlogger -P $PCP_LOG_DIR/pmlogger/`hostname`/pmlogger.log ) | sh");
data/pcp-5.2.2/qa/src/pmconvscale.c:75:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(olds, pmUnitsStr(&oldunits));
data/pcp-5.2.2/qa/src/pmconvscale.c:76:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(news, pmUnitsStr(&units));
data/pcp-5.2.2/qa/src/pmconvscale.c:91:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(olds, pmUnitsStr(&oldunits));
data/pcp-5.2.2/qa/src/pmconvscale.c:92:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(news, pmUnitsStr(&units));
data/pcp-5.2.2/qa/src/pmconvscale.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(olds, pmUnitsStr(&oldunits));
data/pcp-5.2.2/qa/src/pmconvscale.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(news, pmUnitsStr(&units));
data/pcp-5.2.2/qa/src/proc_test.c:230:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(procfs, R_OK) != 0) {
data/pcp-5.2.2/qa/src/proc_test.c:369:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(all_names[i], proc_fmt, &inst) != 1) {
data/pcp-5.2.2/qa/src/proc_test.c:407:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(all_names[i], proc_fmt, &x);
data/pcp-5.2.2/qa/src/pv.c:79:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_int64x, ll);
data/pcp-5.2.2/qa/src/pv.c:89:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_int64x, ull);
data/pcp-5.2.2/qa/src/qa_libpcp_compat.c:131:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system("cat " TMP ".log");
data/pcp-5.2.2/qa/src/qa_libpcp_compat.c:215:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "add,30,%s/sample/pmda_sample.%s,sample_init", pcp_pmdas_dir, dso_suffix);
data/pcp-5.2.2/qa/src/storepmcd.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmvb->vbuf, name);
data/pcp-5.2.2/qa/src/torture-eol.c:115:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(host, W_OK) == 0) {
data/pcp-5.2.2/qa/src/torture-eol.c:126:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, W_OK) == 0) {
data/pcp-5.2.2/qa/src/torture_cache.c:174:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:201:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:209:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:217:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:231:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:240:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:249:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/torture_cache.c:258:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = system(cmd);
data/pcp-5.2.2/qa/src/xval.c:38:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%" FMT_INT64, av.ll);
data/pcp-5.2.2/qa/src/xval.c:42:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("%" FMT_UINT64, av.ull);
data/pcp-5.2.2/qa/src/xval.c:157:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(argv[0], fmt_int64x, &llv);
data/pcp-5.2.2/qa/src/xval.c:159:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("\nValue: %" FMT_INT64, llv);
data/pcp-5.2.2/qa/src/xval.c:161:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_int64x, llv);
data/pcp-5.2.2/qa/src/xval.c:165:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("\nValue: %" FMT_UINT64, llv);
data/pcp-5.2.2/qa/src/xval.c:167:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_int64x, llv);
data/pcp-5.2.2/src/collectl2pcp/header.c:78:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, f->fields[2]);
data/pcp-5.2.2/src/collectl2pcp/header.c:83:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, f->fields[i]);
data/pcp-5.2.2/src/collectl2pcp/header.c:89:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, f->fields[++i]);
data/pcp-5.2.2/src/collectl2pcp/header.c:92:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, f->fields[i]);
data/pcp-5.2.2/src/collectl2pcp/proc.c:240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, f->fields[2]);
data/pcp-5.2.2/src/collectl2pcp/proc.c:243:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, f->fields[i]);
data/pcp-5.2.2/src/dbpmda/src/pmda.c:926:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atom.cp, param.name);
data/pcp-5.2.2/src/dbpmda/src/util.c:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, s1);
data/pcp-5.2.2/src/dbpmda/src/util.c:136:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, s2);
data/pcp-5.2.2/src/dbpmda/src/util.c:238:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmd) != 0)
data/pcp-5.2.2/src/external/dict.c:1139:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(msg ": %ld items in %lld ms\n", count, elapsed); \
data/pcp-5.2.2/src/external/jsonsl.c:935:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(my_copy, path);
data/pcp-5.2.2/src/external/jsonsl.c:973:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->orig, path);
data/pcp-5.2.2/src/external/sds.c:535:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, buflen, fmt, cpy);
data/pcp-5.2.2/src/external/sds.h:233:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/pcp-5.2.2/src/include/pcp/pmapi.h:760:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define __PM_PRINTFLIKE(idx,cnt) __attribute__ ((format (printf, idx,cnt)))
data/pcp-5.2.2/src/include/pcp/pmapi.h:1158:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access; /* Access controls */
data/pcp-5.2.2/src/libpcp/src/access.c:1366:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (pmDebugOptions.access) {
data/pcp-5.2.2/src/libpcp/src/access.c:1379:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (pmDebugOptions.access) {
data/pcp-5.2.2/src/libpcp/src/access.c:1413:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (pmDebugOptions.access) {
data/pcp-5.2.2/src/libpcp/src/access.c:1429:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (pmDebugOptions.access) {
data/pcp-5.2.2/src/libpcp/src/access.c:1459:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (pmDebugOptions.access) {
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:318:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr->sockaddr.local.sun_path, cp);
data/pcp-5.2.2/src/libpcp/src/auxserver.c:305:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(pidfile, "%" FMT_PID, (pid_t)getpid());
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1295:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(msg, sizeof(msg), "READY=1\nMAINPID=%" FMT_PID, pid);
data/pcp-5.2.2/src/libpcp/src/config.c:280:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/etc/pcp.conf", R_OK) == -1) {
data/pcp-5.2.2/src/libpcp/src/config.c:282:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/usr/local/etc/pcp.conf", R_OK) == 0)
data/pcp-5.2.2/src/libpcp/src/config.c:475:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access("/proc/net/if_inet6", F_OK) == 0 ? enabled() : disabled();
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:249:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access(name, F_OK) == 0) ? name : NULL;
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:598:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PRINTF_P_PFX "%p [%d] domain=%d name=%s init=%s handle=" PRINTF_P_PFX "%p\n",
data/pcp-5.2.2/src/libpcp/src/context.c:668:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list + *listsize, dirname);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1847:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, " ll=%"PRIi64, cp->mlist[m].expr->data.info->ivlist[k].value.ll);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1849:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, " ul=%"PRIu64, cp->mlist[m].expr->data.info->ivlist[k].value.ull);
data/pcp-5.2.2/src/libpcp/src/events.c:93:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, " = %"PRIi64, atom.ll);
data/pcp-5.2.2/src/libpcp/src/events.c:97:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, " = %"PRIu64, atom.ull);
data/pcp-5.2.2/src/libpcp/src/exec.c:309:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(path, (char * const *)ep->argv);
data/pcp-5.2.2/src/libpcp/src/exec.c:330:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "__pmProcessExec: pid=%" FMT_PID " wait_pid=%" FMT_PID , pid, wait_pid);
data/pcp-5.2.2/src/libpcp/src/exec.c:408:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "__pmProcessExec: pid=%" FMT_PID " wait_pid=%" FMT_PID , pid, wait_pid);
data/pcp-5.2.2/src/libpcp/src/exec.c:587:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(path, (char * const *)ep->argv);
data/pcp-5.2.2/src/libpcp/src/exec.c:797:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "__pmProcessPipeClose: pid=%" FMT_PID " wait_pid=%" FMT_PID , pid, wait_pid);
data/pcp-5.2.2/src/libpcp/src/getopt.c:357:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(*archives, arg);
data/pcp-5.2.2/src/libpcp/src/getopt.c:390:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dir, F_OK) == 0) {
data/pcp-5.2.2/src/libpcp/src/instance.c:394:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, nametmp[i]);
data/pcp-5.2.2/src/libpcp/src/interp.c:330:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, " v=%"PRIi64, tmp);
data/pcp-5.2.2/src/libpcp/src/interp.c:335:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, " v=%"PRIu64, tmp);
data/pcp-5.2.2/src/libpcp/src/io.c:336:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
sts = access(tmpname, R_OK);
data/pcp-5.2.2/src/libpcp/src/io.c:384:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, F_OK) != 0 && errno == ENOENT)
data/pcp-5.2.2/src/libpcp/src/io.c:425:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(path, amode);
data/pcp-5.2.2/src/libpcp/src/io_xz.c:100:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1844:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, nlist[i]);
data/pcp-5.2.2/src/libpcp/src/logportmap.c:189:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, dir);
data/pcp-5.2.2/src/libpcp/src/logportmap.c:201:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, fname);
data/pcp-5.2.2/src/libpcp/src/logutil.c:446:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, R_OK) != -1) {
data/pcp-5.2.2/src/libpcp/src/logutil.c:551:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lcp->l_label.ill_tz, tz ? tz : "");
data/pcp-5.2.2/src/libpcp/src/logutil.c:853:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(name, R_OK) == 0 ||
data/pcp-5.2.2/src/libpcp/src/p_label.c:80:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, __pmLabelTypeString(flags));
data/pcp-5.2.2/src/libpcp/src/pmns.c:635:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(linebuf, "# %d \"%s", &lineno, fname) != 2) {
data/pcp-5.2.2/src/libpcp/src/pmns.c:787:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, np->name);
data/pcp-5.2.2/src/libpcp/src/pmns.c:792:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, base);
data/pcp-5.2.2/src/libpcp/src/pmns.c:794:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, np->name);
data/pcp-5.2.2/src/libpcp/src/pmns.c:1233:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, R_OK) == -1) {
data/pcp-5.2.2/src/libpcp/src/pmns.c:1304:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->name, tokbuf);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2110:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, (*offspring)[j]);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2118:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, x_offspring[i]);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2355:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result[i], tnp->name);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2733:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sp, tmp[i]);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sp, tmp[0]);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2866:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, enfants[j]);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2868:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, name);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2870:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, enfants[j]);
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:251:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(nssdb_path, R_OK|X_OK) != 0 && __pmMakePath(nssdb_path, 0700) < 0)
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:781:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)(*secret)->data, password);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:331:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK|X_OK) < 0) {
data/pcp-5.2.2/src/libpcp/src/tz.c:188:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, wildabbr);
data/pcp-5.2.2/src/libpcp/src/tz.c:210:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tzbuf, wildabbr);
data/pcp-5.2.2/src/libpcp/src/tz.c:332:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tzbuffer, tb);
data/pcp-5.2.2/src/libpcp/src/tz.c:367:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(envtz, zone[curzone]);
data/pcp-5.2.2/src/libpcp/src/tz.c:405:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(envtz, tz);
data/pcp-5.2.2/src/libpcp/src/tz.c:499:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ap);
data/pcp-5.2.2/src/libpcp/src/tz.c:521:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ap);
data/pcp-5.2.2/src/libpcp/src/util.c:166:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(syslogmsg, sizeof(syslogmsg), message, arg);
data/pcp-5.2.2/src/libpcp/src/util.c:671:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(finalString, item);
data/pcp-5.2.2/src/libpcp/src/util.c:978:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, "%*"PRIi64, minwidth, a.ll);
data/pcp-5.2.2/src/libpcp/src/util.c:982:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, "%*"PRIu64, minwidth, a.ull);
data/pcp-5.2.2/src/libpcp/src/util.c:1029:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, "%*"PRIu64, minwidth, tmp);
data/pcp-5.2.2/src/libpcp/src/util.c:1618:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, X_OK) < 0)
data/pcp-5.2.2/src/libpcp/src/util.c:1650:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, arg);
data/pcp-5.2.2/src/libpcp/src/util.c:1664:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(&msgbuf[msgsize], avail, fmt, arg);
data/pcp-5.2.2/src/libpcp/src/util.c:1676:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, arg);
data/pcp-5.2.2/src/libpcp/src/util.c:1817:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(str, size, fmt, arg);
data/pcp-5.2.2/src/libpcp/src/util.c:1927:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmvb->vbuf, host);
data/pcp-5.2.2/src/libpcp/src/util.c:1931:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pmvb->vbuf, ipaddr);
data/pcp-5.2.2/src/libpcp/src/util.c:1935:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pmvb->vbuf, id);
data/pcp-5.2.2/src/libpcp/src/util.c:1965:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(clientID, argv[a]);
data/pcp-5.2.2/src/libpcp/src/util.c:2031:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
sts = access(dir, R_OK|W_OK|X_OK);
data/pcp-5.2.2/src/libpcp/src/util.c:2549:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access(proc_buf, F_OK) == 0);
data/pcp-5.2.2/src/libpcp/src/util.c:2679:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/pcp-5.2.2/src/libpcp/src/win32.c:210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&cmdline[sz], command);
data/pcp-5.2.2/src/libpcp/src/win32.c:451:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&cmdline[sz], command);
data/pcp-5.2.2/src/libpcp/src/win32.c:535:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "__pmProcessWait: pid=%" FMT_PID " exit status=%" FMT_UINT64, pid, (__uint64_t)status);
data/pcp-5.2.2/src/libpcp/src/win32.c:794:1: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(int priority, const char *format, ...)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:85:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(folio, F_OK) == 0) {
data/pcp-5.2.2/src/libpcp_gui/src/record.c:110:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(foliopath, folio);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:121:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tbuf, dir);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:135:9: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (mktemp(tbuf) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:301:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tbuf, dir);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:304:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tbuf, base);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:307:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tbuf, host);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:310:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tbuf, F_OK) == 0) {
data/pcp-5.2.2/src/libpcp_gui/src/record.c:314:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, host);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:317:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tbuf, F_OK) != 0) {
data/pcp-5.2.2/src/libpcp_gui/src/record.c:337:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp->base, base);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:344:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, host);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:348:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp->logfile, rp->base);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:353:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp->config, rp->base);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:361:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp->public.logfile, dir);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:372:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rp->public.logfile, rp->logfile);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:602:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(loggerpath, rp->argv);
data/pcp-5.2.2/src/libpcp_gui/src/timestate.c:164:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmtime->data, tz);
data/pcp-5.2.2/src/libpcp_gui/src/timestate.c:165:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmtime->data + tzlen, tz_label);
data/pcp-5.2.2/src/libpcp_import/src/archive.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lcp->l_label.ill_tz, __pmTimezone_r(tzbuf, sizeof(tzbuf)));
data/pcp-5.2.2/src/libpcp_import/src/archive.c:55:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lcp->l_label.ill_tz, current->timezone);
data/pcp-5.2.2/src/libpcp_import/src/import.c:380:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np, old_current->indom[i].name[j]);
data/pcp-5.2.2/src/libpcp_import/src/import.c:697:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&idp->namebuf[idp->namebuflen], instance);
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:944:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
sts = vsnprintf(buf, sizeof(buf), fmt, arg);
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:974:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
sts = vsnprintf(buf, sizeof(buf), fmt, arg);
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:241:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(myaddr.sun_path, sockname);
data/pcp-5.2.2/src/libpcp_pmda/src/queues.c:268:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!clientq->access) {
data/pcp-5.2.2/src/libpcp_pmda/src/queues.h:159:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access; /* is access restricted/permitted */
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:130:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, node->name);
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:206:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, node->name);
data/pcp-5.2.2/src/libpcp_qed/src/qed_console.cpp:58:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
sts = vsnprintf(buffer+offset, sizeof(buffer)-offset, fmt, ap);
data/pcp-5.2.2/src/libpcp_qed/src/qed_console.cpp:93:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
sts = vsnprintf(buffer+offset, sizeof(buffer)-offset, fmt, ap);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:215:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, " command: %s", q);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:233:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, " source: %s", q);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:251:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, " state: %s", q);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:269:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, " mode: %s", q);
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker.cpp:509:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
label.sprintf( "%d", pos.y() );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker.cpp:512:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
label.sprintf( "%d", pos.x() );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_picker.cpp:515:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
label.sprintf( "%d, %d", pos.x(), pos.y() );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_picker.cpp:217:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf( "%.4f", pos.y() );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_picker.cpp:220:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf( "%.4f", pos.x() );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_picker.cpp:223:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf( "%.4f, %.4f", pos.x(), pos.y() );
data/pcp-5.2.2/src/libpcp_trace/src/p_data.c:113:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, tag);
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:714:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostname, sptr);
data/pcp-5.2.2/src/libpcp_web/src/discover.c:399:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/pcp-5.2.2/src/libpcp_web/src/query.c:2551:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sts = sscanf(str, "%" PRId64, &oval->ll);
data/pcp-5.2.2/src/libpcp_web/src/query.c:2554:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sts = sscanf(str, "%" PRIu64, &oval->ull);
data/pcp-5.2.2/src/libpcp_web/src/schema.c:1942:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(logdir, F_OK) == 0) {
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:175:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
pmWebAccess access;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:225:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.password = cp->password;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:226:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.username = cp->username;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:227:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.realm = cp->realm;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:229:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
sp->callbacks.on_check(cp->origin, &access, status, message, arg)) {
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:305:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
pmWebAccess access;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:325:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.username = cp->username;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:326:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.password = cp->password;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:327:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access.realm = cp->realm;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:329:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
sp->callbacks.on_check(*id, &access, status, message, arg) < 0)
data/pcp-5.2.2/src/pcp/atop/atopsar.c:388:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(datemsg, convdate(curtime, datebuf, sizeof(datebuf)-1));
data/pcp-5.2.2/src/pcp/atop/atopsar.c:403:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLSETHEAD);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:410:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLRESET);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:452:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(datemsg, convdate(curtime, datebuf, sizeof(datebuf)-1));
data/pcp-5.2.2/src/pcp/atop/atopsar.c:468:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLSETHEAD);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:475:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLRESET);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:515:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLSETHEAD);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:522:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLRESET);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:608:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(datemsg, convdate(curtime, datebuf, sizeof(datebuf)-1));
data/pcp-5.2.2/src/pcp/atop/atopsar.c:648:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLSETHEAD);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:656:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLRESET);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:958:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLSETHIGH);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:965:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLSETMED);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:981:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(COLRESET);
data/pcp-5.2.2/src/pcp/atop/deviate.c:291:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devstat->gen.cmdline, prestat.gen.cmdline);
data/pcp-5.2.2/src/pcp/atop/deviate.c:790:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifprop.name, cur->intf.intf[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:816:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pre->intf.intf[i].name, cur->intf.intf[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:858:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->intf.intf[i].name, cur->intf.intf[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:941:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->dsk.dsk[i].name, cur->dsk.dsk[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1004:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->dsk.mdd[i].name, cur->dsk.mdd[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1067:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->dsk.lvm[i].name, cur->dsk.lvm[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1178:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->nfs.nfsmounts.nfsmnt[i].mountdev,
data/pcp-5.2.2/src/pcp/atop/deviate.c:1271:56: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dev->cfs.cont[i].system = subcount(cur->cfs.cont[i].system,
data/pcp-5.2.2/src/pcp/atop/deviate.c:1272:56: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pre->cfs.cont[j].system);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1297:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->gpu.gpu[i].type, cur->gpu.gpu[i].type);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1298:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->gpu.gpu[i].busid, cur->gpu.gpu[i].busid);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1343:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->ifb.ifb[i].ibname, cur->ifb.ifb[i].ibname);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1629:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tot->intf.intf[i].name, new->intf.intf[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1675:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tot->dsk.dsk[i].name, new->dsk.dsk[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1699:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tot->dsk.lvm[i].name, new->dsk.lvm[i].name);
data/pcp-5.2.2/src/pcp/atop/deviate.c:1723:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tot->dsk.mdd[i].name, new->dsk.mdd[i].name);
data/pcp-5.2.2/src/pcp/atop/modules.c:186:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(api->gen.name, insts[i]);
data/pcp-5.2.2/src/pcp/atop/photosyst.h:252:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
count_t system; /* */
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2102:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curprogs->gen.name, (*curprocs)->gen.name);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2149:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curconts->gen.container,
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2433:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2833:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:511:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, pairs);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:588:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, pairs);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1712:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sstat->cfs.cont[extra.index].system ||
data/pcp-5.2.2/src/pcp/atop/various.c:602:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, errormsg, args);
data/pcp-5.2.2/src/pcp/atop/various.c:622:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, errormsg, args);
data/pcp-5.2.2/src/pcp/atop/various.c:1262:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, R_OK) == 0)
data/pcp-5.2.2/src/pcp/atop/various.c:1269:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK) == 0)
data/pcp-5.2.2/src/pmcd/src/config.c:1633:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, aPtr->ipc.socket.name);
data/pcp-5.2.2/src/pmcd/src/config.c:1793:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/pcp-5.2.2/src/pmcd/src/dopdus.c:970:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(travNL_ptr, name);
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1148:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, (*names)[ii]);
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1153:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, offspring[k-i]);
data/pcp-5.2.2/src/pmcd/src/pmcd.c:535:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/pcp-5.2.2/src/pmcd/src/pmcd.c:677:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (pmDebugOptions.access) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:1053:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "\npmcd: PID = %" FMT_PID, pmcd_pid);
data/pcp-5.2.2/src/pmchart/view.cpp:275:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_fname, path);
data/pcp-5.2.2/src/pmchart/view.cpp:282:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_fname, path);
data/pcp-5.2.2/src/pmchart/view.cpp:921:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pms.inst[0], w);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:139:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, arg);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:611:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(cmd, "r");
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:347:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*d%*s %s %*s", fsname);
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:361:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fs->name, fsname);
data/pcp-5.2.2/src/pmdas/cifs/stats.c:154:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*d%*s %s %s", cifs_name, cifs_connected);
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:248:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(intf[n].interface, q);
data/pcp-5.2.2/src/pmdas/dm/dmcache.c:130:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(token, " %"SCNu64" %"SCNu64" cache %"SCNu32" %"SCNu64"/%"SCNu64" %"SCNu32" %"SCNu64"/%"SCNu64" %"SCNu32" %"SCNu32" %"SCNu32" %"SCNu32" %"SCNu32" %"SCNu32" %"SCNu64" %"SCNu32" %s %*d",
data/pcp-5.2.2/src/pmdas/dm/dmstats.c:450:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pw->dev, names->name);
data/pcp-5.2.2/src/pmdas/dm/dmstats.c:525:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s:%" FMT_UINT64 ":%" FMT_UINT64 "%s", names->name, region_id, bound_width, suffix);
data/pcp-5.2.2/src/pmdas/dm/dmstats.c:538:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pw->dev, names->name);
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:135:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(token, " %"SCNu64" %"SCNu64" thin-pool %"SCNu64" %"SCNu64"/%"SCNu64" %"SCNu64"/%"SCNu64" %s %s %s %s",
data/pcp-5.2.2/src/pmdas/dm/pmda.c:1061:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/dev/mapper/control", R_OK) == 0)
data/pcp-5.2.2/src/pmdas/dm/pmda.c:1086:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/dev/mapper/control", R_OK) == 0)
data/pcp-5.2.2/src/pmdas/dm/vdo.c:220:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access(buffer, F_OK) != -1);
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:903:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:194:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(data, "gfs2_block_alloc: %"SCNu32",%"SCNu32" %s", &major, &minor, data);
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:202:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(data, "gfs2_rs: %"SCNu32",%"SCNu32" %s", &major, &minor, data);
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:249:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:278:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:301:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:330:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:369:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:439:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:457:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:472:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:483:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:502:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:517:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ftrace_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/glocks.c:72:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "G: s:%s n:%*u/%*x f:%s t:%*s",
data/pcp-5.2.2/src/pmdas/gfs2/glocks.c:120:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, " H: s:%s f:%s e:%*s",
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:239:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(latency_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:295:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(latency_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:345:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(latency_data.data,
data/pcp-5.2.2/src/pmdas/gfs2/worst_glock.c:263:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(*buffer,
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:274:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lp->ca_name, port->ca_name);
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:346:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confpath, cp);
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:347:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(confpath, F_OK) == 0) {
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:354:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(confpath, X_OK)) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:551:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(p, "tracefs=%s", path) == 1) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:552:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tracefs, path);
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:555:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(p, "debugfs=%s", path) == 1) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:556:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(debugfs, path);
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:559:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(p, "lockdown=%s", path) == 1) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:560:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lockdown, path);
data/pcp-5.2.2/src/pmdas/linux/pmda.c:6256:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
linux_access_t access;
data/pcp-5.2.2/src/pmdas/linux/pmda.c:6277:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return &ctxtab[ctx].access;
data/pcp-5.2.2/src/pmdas/linux/pmda.c:6496:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != NULL && (access->uid == 0 && access->uid_flag)) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:6570:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != NULL && (access->uid == 0 && access->uid_flag)) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:8894:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ctxtab[ctx].access.uid_flag = 1;
data/pcp-5.2.2/src/pmdas/linux/pmda.c:8895:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ctxtab[ctx].access.uid = id = atoi(value);
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:22:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
char type[16], access[16], buf[256];
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:33:57: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((sts = sscanf(buf, "%*d: %15s %*s %15s %*d", type, access)) != 2)
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:49:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (strncmp(access, "READ", sizeof("READ")-1) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:51:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (strncmp(access, "WRITE", sizeof("WRITE")-1) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:53:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (strncmp(access, "RW", sizeof("RW")-1) == 0) {
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:200:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dirname(path), F_OK) != 0)
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:214:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:216:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access(dirname(path), F_OK) != 0)
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.c:268:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(indices[j], fields[i].field, &inst) != 1)
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:31:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:35:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d %s %d %s %d %s %d %s %d",
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:45:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:51:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:56:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:61:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:29:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:34:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:39:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:44:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:48:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %s %d %s %d", fmt, fmt,
data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c:75:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
i = sscanf(buf, fmt, &snp->processed, &snp->dropped, &snp->time_squeeze,
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:216:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(linux_mdadm, R_OK) != 0)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:222:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(pfp = popen(mdadm, "r")))
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:328:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/dev/xscsi", R_OK) != 0)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:331:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(pfp = popen("find /dev/xscsi -name disc -o -name part[0-9]*", "r")))
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:538:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf(buf, "%d %d %s", &devmaj, &devmin, name)) != 3)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:549:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(buf, "%u %u %s %llu %llu %llu %u %llu %llu %llu %u "
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:568:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%u %u %s %u %u %u %u\n",
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:602:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((n = sscanf(buf, "%d %d %llu %s", &devmaj, &devmin, &nop, name)) != 4)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:612:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf,
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:931:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:935:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:939:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:944:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux/proc_pressure.c:48:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
return fscanf(fp, fmt, &pp->avg[0], &pp->avg[1], &pp->avg[2],
data/pcp-5.2.2/src/pmdas/linux/proc_scsi.c:63:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(sp, "Type: %s", type) == 1)
data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.c:88:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf(buf, "%s %lu %lu", name,
data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.c:101:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf(buf, "%s %lu %lu %u %u %u %u", name,
data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.c:121:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf(buf, "%s %lu %lu %u %u %u : %*s %*s %*s %*s : %*s %u %u", name,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:259:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf((const char *)bufindex[0], ALLCPU_FMT,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:315:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(bufindex[n], PERCPU_FMT, &i,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:351:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], PAGE_FMT,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:356:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], SWAP_FMT,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:361:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], INTR_FMT, &proc_stat->intr);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:365:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], CTXT_FMT, &proc_stat->ctxt);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:369:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], BTIME_FMT, &proc_stat->btime);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:373:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], PROCESSES_FMT, &proc_stat->processes);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:377:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], RUNNING_FMT, &proc_stat->procs_running);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:381:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf((const char *)bufindex[i], BLOCKED_FMT, &proc_stat->procs_blocked);
data/pcp-5.2.2/src/pmdas/linux/proc_tty.c:48:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(u+5, "%s", uart);
data/pcp-5.2.2/src/pmdas/linux/proc_vmstat.c:402:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
_pm_have_proc_vmstat = (access(buf, R_OK) == 0);
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c:76:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "Node %d, zone %s", &node, zonetype) != 2)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:150:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%u %u %s %u", &major, &minor, namebuf, &unused) != 4)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:198:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%s %u %u %u", &name[0],
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:307:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
cgroup1_mount_subsys(char *buffer, int length, const char *system, const char *suffix)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:323:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (strcmp(system, cgroup_find_subsys(subsys, fs)) != 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:395:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out, s);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:398:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(opts, s);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:622:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
count = fscanf(fp, fmt, &pp->avg10sec, &pp->avg1min, &pp->avg5min,
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:749:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
{ "system", &cpuacct.cputime.system },
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:760:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buffer, "%s %llu\n", &name[0], &value) < 2)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:865:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
{ "system_usec", &cputime.system },
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:878:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buffer, "%s %llu\n", &name[0], &value) < 2)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:902:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
{ "system_usec", &cpustat.cputime.system },
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:918:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buffer, "%s %llu\n", &name[0], &value) < 2)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1051:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buffer, "%s %llu\n", &name[0], &value) < 2)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1261:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf(buffer, "%u:%u %s %llu\n", &major, &minor, &op[0], &value);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1572:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1578:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1584:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file, R_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1590:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file, R_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1596:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file, R_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1602:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file, R_OK) == 0)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.h:39:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
__uint64_t system;
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:58:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = fscanf(file, "%s %s %d %s %s", unused, device, &maj, range, unused);
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:2582:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
atom->ull = cpuacct->cputime.system;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3227:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
atom->ull = cgroup->cputime.system;
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:341:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statsname, devname);
data/pcp-5.2.2/src/pmdas/logger/util.c:132:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ("/bin/sh", "sh", "-c", cmd, (char *)NULL);
data/pcp-5.2.2/src/pmdas/lustrecomm/file_indexed.c:57:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( cp, f_s->datap );
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:367:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" = %" PRIi64, vals[i].value.ll);
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:370:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(" = %" PRIu64, vals[i].value.ull);
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:588:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, bits);
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:629:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, mp->name);
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:683:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, buf);
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:267:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mounts[mount_number].i_name, mount_name);
data/pcp-5.2.2/src/pmdas/perfevent/perfalloc.c:121:13: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[optind], &argv[optind]);
data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c:134:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(result,"%*s%*s%s",vendor);
data/pcp-5.2.2/src/pmdas/pipe/util.c:105:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", cmd, (char *)NULL);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1132:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(servicelist, PM_SERVER_SERVICE_SPEC);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&servicelist[offset], services[i]);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1147:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(servicelist, PM_SERVER_SERVICE_SPEC);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1778:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
atom.cp = strcpy(ctim, ctime(&client[j].start));
data/pcp-5.2.2/src/pmdas/podman/varlink.c:167:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, temp);
data/pcp-5.2.2/src/pmdas/process/process.c:182:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(processes[process_number].i_name, process_name);
data/pcp-5.2.2/src/pmdas/root/agent.c:134:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(transfer_final[0], transfer_final);
data/pcp-5.2.2/src/pmdas/sample/src/pmda.c:69:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("/tmp/sample.unavail", F_OK) == 0)
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:734:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(fspec, "%d %s", &newinst, newname) != 2)
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1434:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, pfx);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1436:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, dynamic_ones[i].name);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1548:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chn[nmatch-1], dynamic_ones[i].name);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1565:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, chn[j]);
data/pcp-5.2.2/src/pmdas/shping/shping.c:161:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, sizeof(buffer), format, arglist);
data/pcp-5.2.2/src/pmdas/shping/shping.c:270:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sts = execv("/bin/sh", argv);
data/pcp-5.2.2/src/pmdas/smart/pmda.c:1136:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((pf = popen(smart_setup_lsblk, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/smart/pmda.c:1140:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%s", dev_name);
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:273:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((pf = popen(buffer, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:294:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*s%*s%*s %s", capacity);
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:301:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*s%*s %s", capacity);
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:314:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*s %*s %*s %*s %*s %s", device_info->health);
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:340:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((pf = popen(buffer, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:393:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((pf = popen(buffer, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:413:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*s%*s%*s %s", units);
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:420:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%*s%*s%*S %s", units);
data/pcp-5.2.2/src/pmdas/solaris/disk.c:92:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modname, ksp->ks_name);
data/pcp-5.2.2/src/pmdas/solaris/vnops.c:93:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mp->mountpoint, m.mnt_mountp);
data/pcp-5.2.2/src/pmdas/statsd/src/config-reader.c:112:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == -1) {
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:147:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "FAIL: " RESET "Metric name doesn't match! %s =/= %s \n", (*datagram)->name, name);
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:151:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "FAIL: " RESET "Tags don't match! %s =/= %s \n", (*datagram)->tags, tags);
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:155:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "FAIL: " RESET "Value doesn't match! %f =/= %f \n", (*datagram)->value, value);
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:159:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "FAIL: " RESET "Type doesn't match! %s =/= %s \n", metric_enum_to_str((*datagram)->type), metric_enum_to_str(type));
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:163:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "FAIL: " RESET "Sign doesn't match %s =/= %s \n", sign_enum_to_str((*datagram)->explicit_sign), sign_enum_to_str(explicit_sign));
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h:30:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define SUITE_HEADER(format, ...) fprintf(stdout, CYN format RESET "\n", ## __VA_ARGS__);
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h:33:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, MAG "CASE: %s " RESET "\n", string); \
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h:40:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "ERROR: " RESET "Should have failed parsing. \n"); \
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h:47:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, YEL name RESET "\n"); \
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h:59:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, GRN "TEST PASSED. " RESET "0 errors.\n"); \
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.h:62:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, RED "TEST FAILED. " RESET "%ld errors.\n", error_count); \
data/pcp-5.2.2/src/pmdas/summary/pmda.c:84:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, argv[i]);
data/pcp-5.2.2/src/pmdas/summary/pmda.c:136:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(commandArgv[0], commandArgv);
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:165:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, sizeof(buffer), format, arglist);
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:883:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
server->access.filePtr = -1;
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:952:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
server->access.format = n;
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:953:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
server->access.fileName = strdup(buf2);
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:956:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
tmpFp = fopen(server->access.fileName, "r");
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:960:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
server->access.filePtr = -1;
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:1018:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
server->access.format,
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:1019:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
server->access.fileName,
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:1177:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
openLogFile(&(wl_servers[n].access));
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1603:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
openLogFile(&(server->access));
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1664:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessFile = &(server->access);
data/pcp-5.2.2/src/pmdas/weblog/weblog.h:78:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
FileInfo access;
data/pcp-5.2.2/src/pmdas/windows/open.c:101:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, suff);
data/pcp-5.2.2/src/pmdate/pmdate.c:46:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage);
data/pcp-5.2.2/src/pmdate/pmdate.c:51:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage);
data/pcp-5.2.2/src/pmdate/pmdate.c:94:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage);
data/pcp-5.2.2/src/pmdbg/pmdbg.c:89:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, "Option", "Meaning");
data/pcp-5.2.2/src/pmdbg/pmdbg.c:92:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, debug_map[i].name, debug_map[i].text);
data/pcp-5.2.2/src/pmdbg/pmdbg.c:100:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_old, name, debug_map[i].bit, debug_map[i].text);
data/pcp-5.2.2/src/pmdbg/pmdbg.c:135:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_old, name, debug_map[i].bit, debug_map[i].text);
data/pcp-5.2.2/src/pmdumplog/pmdumplog.c:875:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("Dump ... record len: %d @ offset: %" FMT_UINT64, len, (__uint64_t)(ftell(f) - sizeof(len)));
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:1215:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer+1, (const char *)metric->stringValue(i).toLatin1());
data/pcp-5.2.2/src/pmie/src/lexicon.c:215:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name, name);
data/pcp-5.2.2/src/pmie/src/lexicon.c:254:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lin->name, name);
data/pcp-5.2.2/src/pmie/src/lexicon.c:605:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(yylval.s, &token[0]);
data/pcp-5.2.2/src/pmie/src/pmie.c:209:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (fname && access(fname, F_OK) != 0) {
data/pcp-5.2.2/src/pmie/src/pmie.c:221:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(config, F_OK) != 0) {
data/pcp-5.2.2/src/pmie/src/pmie.c:844:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(intro, PCP_VERSION, menu, prompt);
data/pcp-5.2.2/src/pmie/src/show.c:125:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dog, string1);
data/pcp-5.2.2/src/pmie/src/show.c:354:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dog, (char *)x->smpls[0].ptr);
data/pcp-5.2.2/src/pmie/src/show.c:388:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dog, *cp);
data/pcp-5.2.2/src/pmie/src/symbol.c:176:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, name);
data/pcp-5.2.2/src/pmie/src/syntax.c:825:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)x->ring, s);
data/pcp-5.2.2/src/pmie/src/systemlog.c:177:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&((char *)new->ring)[sizeof(int)], tag);
data/pcp-5.2.2/src/pmieconf/io.c:190:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, format, args);
data/pcp-5.2.2/src/pmieconf/io.c:193:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, format, args);
data/pcp-5.2.2/src/pmieconf/io.c:226:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, format, args);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:272:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastgroup, rulelist[i].self.name);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:423:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inbuf[1], previous);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:444:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(previous, inbuf[1]);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:468:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inbuf[1], previous);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:486:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(previous, inbuf[1]);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:531:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inbuf[1], previous);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:552:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(previous, inbuf[1]);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:576:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inbuf[1], previous);
data/pcp-5.2.2/src/pmieconf/pmieconf.c:598:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(previous, inbuf[1]);
data/pcp-5.2.2/src/pmieconf/rules.c:207:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
s = strcpy(token, rulename); /* reuse the token buffer */
data/pcp-5.2.2/src/pmieconf/rules.c:721:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
atom->help = strcpy(s, value);
data/pcp-5.2.2/src/pmieconf/rules.c:753:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
atom->data = strcpy(s, value);
data/pcp-5.2.2/src/pmieconf/rules.c:760:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
atom->ddata = strcpy(s, value);
data/pcp-5.2.2/src/pmieconf/rules.c:1040:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*attr, token);
data/pcp-5.2.2/src/pmieconf/rules.c:1062:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*value, token);
data/pcp-5.2.2/src/pmieconf/rules.c:1130:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*name, token);
data/pcp-5.2.2/src/pmieconf/rules.c:1166:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rule->predicate = strcpy(s, value);
data/pcp-5.2.2/src/pmieconf/rules.c:1172:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rule->enumerate = strcpy(s, value);
data/pcp-5.2.2/src/pmieconf/rules.c:1834:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) < 0) {
data/pcp-5.2.2/src/pmieconf/rules.c:1851:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, fname);
data/pcp-5.2.2/src/pmieconf/rules.c:1873:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, END_STRING);
data/pcp-5.2.2/src/pmieconf/rules.c:1982:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
save_area = strcpy(save_area, str);
data/pcp-5.2.2/src/pmieconf/rules.c:1984:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
save_area = strcat(save_area, str);
data/pcp-5.2.2/src/pmieconf/rules.c:2005:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(buf, "// %u %s\n", &version, token) == 2) {
data/pcp-5.2.2/src/pmieconf/rules.c:2080:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rule, token);
data/pcp-5.2.2/src/pmieconf/rules.c:2090:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attrib, token);
data/pcp-5.2.2/src/pmieconf/rules.c:2107:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, token);
data/pcp-5.2.2/src/pmieconf/rules.c:2188:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(p, F_OK) < 0) {
data/pcp-5.2.2/src/pmieconf/rules.c:2228:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmiefile, in_pmie);
data/pcp-5.2.2/src/pmieconf/rules.c:2250:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmiefile, in_pmie);
data/pcp-5.2.2/src/pmieconf/rules.c:2259:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rulepath, p);
data/pcp-5.2.2/src/pmieconf/rules.c:2324:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(proc, F_OK) < 0)
data/pcp-5.2.2/src/pmlc/pmlc.c:222:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(title, PCP_VERSION, menu);
data/pcp-5.2.2/src/pmlock/pmlock.c:38:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(p, W_OK) == -1)
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:225:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(archpathname, F_OK) == 0)
data/pcp-5.2.2/src/pmlogconf/util.c:320:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
s = strcat(s, tail);
data/pcp-5.2.2/src/pmlogconf/util.c:321:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return strcat(s, input);
data/pcp-5.2.2/src/pmlogextract/pmlogextract.c:505:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lp->ill_tz, f_iap->label.ll_tz);
data/pcp-5.2.2/src/pmlogextract/pmlogextract.c:515:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lp->ill_tz, l_iap->label.ll_tz);
data/pcp-5.2.2/src/pmlogger/src/callback.c:524:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data, tp->t_namelist[i]);
data/pcp-5.2.2/src/pmlogger/src/logue.c:233:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(instname[0], path);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:132:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv_saved[0], argv_saved);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:348:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*bp, p);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:350:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(&(*bp)[nchar-1], p);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:792:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(opts.optarg, F_OK) == 0)
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:803:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(configfile, F_OK) != 0) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1244:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logctl.l_label.ill_tz, resp->vset[0]->vlist[0].value.pval->vbuf);
data/pcp-5.2.2/src/pmlogger/src/ports.c:564:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctlfile, path);
data/pcp-5.2.2/src/pmlogger/src/ports.c:652:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!pmlogger_reexec && access(linkfile, F_OK) == 0) {
data/pcp-5.2.2/src/pmlogger/src/ports.c:729:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(linkSocketPath, F_OK) == 0) {
data/pcp-5.2.2/src/pmlogger/src/ports.c:862:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pmlc_host, hostName);
data/pcp-5.2.2/src/pmlogmv/pmlogmv.c:141:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(src, F_OK) == 0) {
data/pcp-5.2.2/src/pmlogmv/pmlogmv.c:154:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dst, F_OK) == 0) {
data/pcp-5.2.2/src/pmlogmv/pmlogmv.c:213:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(src, F_OK) == 0) {
data/pcp-5.2.2/src/pmlogrewrite/indom.c:252:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, &strbuf[ntohl(ip[i])]);
data/pcp-5.2.2/src/pmlogrewrite/indom.c:415:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, inamelist[j]);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1623:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bak_base, s);
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:219:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(argv[opts.optind], F_OK) == 0 &&
data/pcp-5.2.2/src/pmlogsummary/pmlogsummary.c:154:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, arg);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:188:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p->name);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:190:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, path);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:192:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, p->name);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:267:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access(argv[argc-1], F_OK) == 0) {
data/pcp-5.2.2/src/pmns/pmnsutil.c:47:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newpath, q->name);
data/pcp-5.2.2/src/pmns/pmnsutil.c:49:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newpath, path);
data/pcp-5.2.2/src/pmns/pmnsutil.c:51:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newpath, q->name);
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:67:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:365:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pbuf, sizeof(pbuf), ".%" FMT_PID, (pid_t)getpid());
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:370:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newlogfile, pbuf);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:442:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "pmproxy: PID = %" FMT_PID, mainpid);
data/pcp-5.2.2/src/pmproxy/src/webapi.c:572:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
on_pmwebapi_check(sds context, pmWebAccess *access,
data/pcp-5.2.2/src/pmpython/pmpython.c:51:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/pcp-5.2.2/src/pmseries/pmseries.c:1072:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (query[0] == pmPathSeparator() || access(query, F_OK) == 0) {
data/pcp-5.2.2/src/pmtime/console.cpp:42:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/pcp-5.2.2/src/pmtime/console.cpp:64:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/pcp-5.2.2/src/pmtrace/pmtrace.c:182:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((c = system(api.arg.command)) < 0) {
data/pcp-5.2.2/src/pmval/pmval.c:536:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, minwidth, v);
data/pcp-5.2.2/src/pmview/main.cpp:83:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
pos += vsnprintf(theBuffer + pos, theBufferLen - pos, msg, arg);
data/pcp-5.2.2/src/pmview/scenefileobj.h:33:42: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
void setSceneFileName(char *fname) { strcpy(_sceneFileName, fname); };
data/pcp-5.2.2/src/python/pmda.c:960:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(help, R_OK) != 0) {
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:72:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(s);
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:124:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(default_basedirs[i], R_OK) == 0) {
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:129:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!basedir || access(basedir, R_OK) != 0)
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:73:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ZBX_PCP_DERIVED_CONFIG, F_OK ) != -1)
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:178:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(metric, ZBX_PCP_METRIC_PREFIX);
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:179:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(metric, name);
data/pcp-5.2.2/qa/pmlogconv/pmlogconv.c:183:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:n:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_context/qmc_context.cpp:21:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_desc/qmc_desc.cpp:22:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_dynamic/qmc_dynamic.cpp:89:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_event/qmc_event.cpp:25:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp:536:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_hosts/qmc_hosts.cpp:44:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_indom/qmc_indom.cpp:25:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_metric/qmc_metric.cpp:42:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/qt/qmc_source/qmc_source.cpp:21:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/779246.c:83:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:")) != EOF) {
data/pcp-5.2.2/qa/src/addlabels.c:29:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/agenttimeout.c:32:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/aggrstore.c:29:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:")) != EOF) {
data/pcp-5.2.2/qa/src/arch_maxfd.c:43:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/archfetch.c:33:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:O:s:zZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/archinst.c:98:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:c:D:fh:l:n:s:t:VzZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/atomstr.c:30:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/badloglabel.c:19:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/badpmda.c:24:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:p:s:?")) != EOF) {
data/pcp-5.2.2/qa/src/check_fault_injection.c:23:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/check_import.c:36:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/chk_memleak.c:34:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Li:h:a:D:n:tv")) != EOF) {
data/pcp-5.2.2/qa/src/chk_metric_types.c:36:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:c:D:h:l:Ln:s:t:U:VzZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/chkacc1.c:25:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "46D:?")) != EOF) {
data/pcp-5.2.2/qa/src/chkacc2.c:29:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "46D:?")) != EOF) {
data/pcp-5.2.2/qa/src/chkacc3.c:34:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((copt = getopt(argc, argv, "46D:?")) != EOF) {
data/pcp-5.2.2/qa/src/chkacc4.c:109:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:u:g:?")) != EOF) {
data/pcp-5.2.2/qa/src/chkconnect.c:31:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:i:n:")) != EOF) {
data/pcp-5.2.2/qa/src/chkconnect.c:109:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
numpmid = 1 + lrand48() % 12;
data/pcp-5.2.2/qa/src/chkconnect.c:132:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
numpmid = 1 + lrand48() % 12;
data/pcp-5.2.2/qa/src/chkconnect.c:152:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
numpmid = 1 + lrand48() % 12;
data/pcp-5.2.2/qa/src/chkctx2.c:48:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:Ln:")) != EOF) {
data/pcp-5.2.2/qa/src/chknumval.c:41:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:K:Ln:")) != EOF) {
data/pcp-5.2.2/qa/src/chkoptfetch.c:84:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/chkputlogresult.c:44:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "bD::?")) != EOF) {
data/pcp-5.2.2/qa/src/chktrim.c:36:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:Ln:")) != EOF) {
data/pcp-5.2.2/qa/src/churnctx.c:124:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:A:c:C:D:df:h:i:l:Ln:O:s:S:t:T:U:vzZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/clientid.c:26:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:l")) != EOF) {
data/pcp-5.2.2/qa/src/clienttimeout.c:25:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:CpPsSr:D:")) != EOF) {
data/pcp-5.2.2/qa/src/compare.c:25:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "s:t:")) != EOF)
data/pcp-5.2.2/qa/src/context_test.c:76:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:i:h:n:")) != EOF) {
data/pcp-5.2.2/qa/src/debug.c:23:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/defctx.c:32:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:n:s:")) != EOF) {
data/pcp-5.2.2/qa/src/descreqX2.c:30:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/disk_test.c:35:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/drain-server.c:30:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:hp:?")) != EOF) {
data/pcp-5.2.2/qa/src/eofarch.c:34:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:v")) != EOF) {
data/pcp-5.2.2/qa/src/eol.c:40:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:s:?")) != EOF) {
data/pcp-5.2.2/qa/src/err.c:21:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/exectest.c:48:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:pP:?")) != EOF) {
data/pcp-5.2.2/qa/src/exercise.c:105:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:i:l:n:")) != EOF) {
data/pcp-5.2.2/qa/src/exercise_fault.c:49:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/exertz.c:40:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:c:D:f:h:ln:s:t:Vz:Z:?")) != EOF) {
data/pcp-5.2.2/qa/src/fetchloop.c:83:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:D:h:Ln:s:t:v?")) != EOF) {
data/pcp-5.2.2/qa/src/fetchpdu.c:29:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:n:")) != EOF) {
data/pcp-5.2.2/qa/src/fetchrate.c:27:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:Ln:i:")) != EOF) {
data/pcp-5.2.2/qa/src/getconfig.c:23:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:o")) != EOF) {
data/pcp-5.2.2/qa/src/getcontexthost.c:26:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:L?")) != EOF) {
data/pcp-5.2.2/qa/src/getoptions.c:15:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("PMAPI_VERSION")) != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:25:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_MULTI") != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:27:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_POSIX") != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:29:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_MIXED") != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:31:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_ENV_ONLY") != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:33:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_LONG_ONLY") != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:35:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_BOUNDARIES") != NULL)
data/pcp-5.2.2/qa/src/getoptions.c:37:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PM_OPTFLAG_STDOUT_TZ") != NULL)
data/pcp-5.2.2/qa/src/getversion.c:20:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/github-50.c:29:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:Lx?")) != EOF) {
data/pcp-5.2.2/qa/src/grind_conv.c:37:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/grind_ctx.c:78:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:c:C:D:h:Ln:s:")) != EOF) {
data/pcp-5.2.2/qa/src/hp-mib.c:81:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:n:")) != EOF) {
data/pcp-5.2.2/qa/src/hrunpack.c:262:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/httpfetch.c:24:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:A:D:t:vV:?")) != EOF) {
data/pcp-5.2.2/qa/src/interp0.c:41:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:s:t:?")) != EOF) {
data/pcp-5.2.2/qa/src/interp1.c:41:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:dn:s:t:?")) != EOF) {
data/pcp-5.2.2/qa/src/interp2.c:64:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:?")) != EOF) {
data/pcp-5.2.2/qa/src/interp3.c:107:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:Tt:v")) != EOF) {
data/pcp-5.2.2/qa/src/interp4.c:104:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:Tt:v")) != EOF) {
data/pcp-5.2.2/qa/src/interp_bug.c:66:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:c:D:fl:n:s:t:VzZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/interp_bug2.c:64:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:c:D:fl:n:s:t:VzZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/ipc.c:104:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:l:n:i:")) != EOF) {
data/pcp-5.2.2/qa/src/json_test.c:219:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/keycache.c:139:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:dklv")) != EOF) {
data/pcp-5.2.2/qa/src/keycache2.c:57:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:k")) != EOF) {
data/pcp-5.2.2/qa/src/loadconfig2.c:26:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:D:?")) != EOF) {
data/pcp-5.2.2/qa/src/loadderived.c:18:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/logcontrol.c:42:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:i:n:P:p:r:")) != EOF) {
data/pcp-5.2.2/qa/src/lookupnametest.c:30:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:Ln:x?")) != EOF) {
data/pcp-5.2.2/qa/src/mark-bug.c:54:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:A:c:D:h:l:Ln:O:s:S:t:T:U:VzZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/mergelabels.c:23:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/mergelabelsets.c:123:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/mmv_poke.c:60:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "f:p:")) != EOF) {
data/pcp-5.2.2/qa/src/multictx.c:91:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:Ls:?")) != EOF) {
data/pcp-5.2.2/qa/src/multifetch.c:35:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:l:n:s:t:T:?")) != EOF) {
data/pcp-5.2.2/qa/src/multithread11.c:106:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:i:?")) != EOF) {
data/pcp-5.2.2/qa/src/multithread12.c:403:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:b:B:c:C:d:D:")) != EOF) {
data/pcp-5.2.2/qa/src/multithread13.c:117:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(lctx); /* different per thread, but deterministic */
data/pcp-5.2.2/qa/src/multithread13.c:137:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
state = random() % 2;
data/pcp-5.2.2/qa/src/multithread13.c:143:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
inst[0] = ((random() % 9) + 1) * 100;
data/pcp-5.2.2/qa/src/multithread13.c:145:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
inst[1] = ((random() % 9) + 1) * 100;
data/pcp-5.2.2/qa/src/multithread13.c:148:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
inst[2] = ((random() % 9) + 1) * 100;
data/pcp-5.2.2/qa/src/multithread4.c:115:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/multithread5.c:190:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/multithread6.c:216:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/multithread7.c:259:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/multithread8.c:202:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/multithread9.c:321:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/nameall.c:57:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:N:n:s:v")) != EOF) {
data/pcp-5.2.2/qa/src/nullinst.c:68:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:n:")) != EOF) {
data/pcp-5.2.2/qa/src/pcp_lite_crash.c:27:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:Ln:")) != EOF) {
data/pcp-5.2.2/qa/src/pdu-server.c:634:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:p:rZ:?")) != EOF) {
data/pcp-5.2.2/qa/src/pducheck.c:1644:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "cD:i:Np:v:?")) != EOF) {
data/pcp-5.2.2/qa/src/pducrash.c:1396:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/permfetch.c:51:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:n:V?")) != EOF) {
data/pcp-5.2.2/qa/src/pmcdgone.c:261:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:s")) != EOF) {
data/pcp-5.2.2/qa/src/pmdacache.c:14:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Cc:D:dh:LSs:")) != EOF) {
data/pcp-5.2.2/qa/src/pmdaqueue.c:100:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "A:a:C:c:D:E:e:F:f:q:s:S:")) != EOF) {
data/pcp-5.2.2/qa/src/pmnsinarchives.c:25:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/pmnsunload.c:48:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "Li:h:a:D:n:tv")) != EOF) {
data/pcp-5.2.2/qa/src/pmsocks_objstyle.c:38:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:?")) != EOF) {
data/pcp-5.2.2/qa/src/proc_test.c:101:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:n:i:t:v")) != EOF) {
data/pcp-5.2.2/qa/src/profilecrash.c:192:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
state = random() % 2;
data/pcp-5.2.2/qa/src/profilecrash.c:200:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
inst[i] = random() % ninst;
data/pcp-5.2.2/qa/src/profilecrash.c:415:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sloplen += random() % 40;
data/pcp-5.2.2/qa/src/qa_timezone.c:23:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tz = getenv("PCPQA_TZ");
data/pcp-5.2.2/qa/src/recon.c:44:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/record.c:57:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/rtimetest.c:73:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/rtimetest.c:108:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tz = getenv("TZ");
data/pcp-5.2.2/qa/src/scale.c:43:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:v")) != EOF) {
data/pcp-5.2.2/qa/src/scanmeta.c:377:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "aD:hilmwWzZ:")) != EOF) {
data/pcp-5.2.2/qa/src/semstr.c:23:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/slow_af.c:99:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/sortinst.c:112:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "iv?")) != EOF) {
data/pcp-5.2.2/qa/src/store.c:88:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:Ln:")) != EOF) {
data/pcp-5.2.2/qa/src/storepast.c:27:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:n:")) != EOF) {
data/pcp-5.2.2/qa/src/storepdu.c:26:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:h:n:")) != EOF) {
data/pcp-5.2.2/qa/src/storepmcd.c:138:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "d:D:h:wx:?")) != EOF) {
data/pcp-5.2.2/qa/src/template.c:181:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("PCP_CONTAINER");
data/pcp-5.2.2/qa/src/test_service_notify.c:31:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "fl:D:?")) != EOF) {
data/pcp-5.2.2/qa/src/torture-eol.c:54:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:t:qv?")) != EOF) {
data/pcp-5.2.2/qa/src/torture_api.c:152:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:iLmn:s:vbc")) != EOF) {
data/pcp-5.2.2/qa/src/torture_cache.c:585:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/torture_indom.c:331:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:h:K:Ln:v?")) != EOF) {
data/pcp-5.2.2/qa/src/torture_logmeta.c:38:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "fD:O:?")) != EOF) {
data/pcp-5.2.2/qa/src/torture_pmns.c:135:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:bcC:D:h:iLmn:s:vx")) != EOF) {
data/pcp-5.2.2/qa/src/torture_trace.c:39:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
len = (int)lrand48() % 10 + 1;
data/pcp-5.2.2/qa/src/torture_trace.c:41:23: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
buf[i] = (char)((int)lrand48() % 88 + 40); /* some ascii */
data/pcp-5.2.2/qa/src/tztest.c:37:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * tz = getenv("TZ");
data/pcp-5.2.2/qa/src/tztest.c:62:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tz = getenv("TZ");
data/pcp-5.2.2/qa/src/unpack.c:262:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:")) != EOF) {
data/pcp-5.2.2/qa/src/unpickargs.c:20:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:?")) != EOF) {
data/pcp-5.2.2/qa/src/wrap_int.c:38:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ln:u")) != EOF) {
data/pcp-5.2.2/qa/src/xarch.c:107:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:tv")) != EOF) {
data/pcp-5.2.2/qa/src/xlog.c:102:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:D:n:v")) != EOF) {
data/pcp-5.2.2/src/autofsd-probe/autofsd-probe.c:41:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "h:t:?")) != EOF) {
data/pcp-5.2.2/src/external/dict.c:616:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
h = d->rehashidx + (random() % (d->ht[0].size +
data/pcp-5.2.2/src/external/dict.c:624:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
h = random() & d->ht[0].sizemask;
data/pcp-5.2.2/src/external/dict.c:639:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
listele = random() % listlen;
data/pcp-5.2.2/src/external/dict.c:690:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned long i = random() & maxsizemask;
data/pcp-5.2.2/src/external/dict.c:713:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = random() & maxsizemask;
data/pcp-5.2.2/src/libpcp/src/accounts.c:216:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HOME"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/accounts.c:242:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HOME"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:825:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
timeout_str = getenv("PMCD_CONNECT_TIMEOUT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1104:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMCD_SOCKET")) != NULL) { /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/auxserver.c:111:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("PMCD_PORT")) != NULL) /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/auxserver.c:145:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("PMPROXY_PORT")) != NULL) /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/auxserver.c:179:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("PMWEBAPI_PORT")) != NULL) /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1265:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *notify_socket = getenv("NOTIFY_SOCKET"); /* may be NULL */
data/pcp-5.2.2/src/libpcp/src/avahi.c:671:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
timeout_str = getenv("AVAHI_DISCOVERY_TIMEOUT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/config.c:126:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("SHELL"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/config.c:193:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pcp_dir = getenv("PCP_DIR"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/config.c:301:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pcp_dir = getenv("PCP_DIR"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/config.c:304:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pcp_conf = getenv("PCP_CONF"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/config.c:350:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv(var); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/config.c:405:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
val = getenv(name); /* THREAD-UNSAFE! */
data/pcp-5.2.2/src/libpcp/src/connect.c:343:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMPROXY_HOST")) != NULL) { /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/context.c:129:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
q = getenv("PMCD_RECONNECT_TIMEOUT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/context.c:408:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((container = getenv("PCP_CONTAINER")) != NULL) { /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/context.c:444:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
secure = getenv("PCP_SECURE_SOCKETS"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/context.c:471:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
container = getenv("PCP_CONTAINER"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/fault.c:83:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fname = getenv("PM_FAULT_CONTROL"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/fetchgroup.c:1261:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_COUNTER_WRAP") != NULL)
data/pcp-5.2.2/src/libpcp/src/getopt.c:1249:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
d->__posixly_correct |= !!getenv ("POSIXLY_CORRECT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/interp.c:410:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
str = getenv("PCP_IGNORE_MARK_RECORDS"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/interp.c:912:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_COUNTER_WRAP") == NULL) /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/io.c:210:16: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if ((msg = tmpnam(NULL)) == NULL) { /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/lock.c:79:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
val = getenv("PCP_DEBUG"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/logconnect.c:39:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
timeout_str = getenv("PMLOGGER_REQUEST_TIMEOUT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/optfetch.c:701:16: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
numreq = (int)lrand48() % numreq; /* THREADSAFE - don't care */
data/pcp-5.2.2/src/libpcp/src/pdu.c:101:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
timeout_str = getenv("PMCD_REQUEST_TIMEOUT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/pmns.c:548:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((alt = getenv("PCP_ALT_CPP")) != NULL) {
data/pcp-5.2.2/src/libpcp/src/pmns.c:1361:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
def_pmns = getenv("PMNS_DEFAULT"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:186:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *homedir = getenv("HOME");
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:187:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *nss_method = getenv("PCP_SECURE_DB_METHOD");
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:188:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *nss_dir = getenv("PCP_SECURE_DB_PATH");
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:409:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
AllowSelfSignedCerts = (getenv("PCP_ALLOW_SERVER_SELF_CERT") != NULL );
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:443:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
AllowBadCertDomain = (getenv("PCP_ALLOW_BAD_CERT_DOMAIN") != NULL );
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:651:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
console = getenv("PCP_CONSOLE");
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1004:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((path = getenv("PCP_SASL2_PLUGIN_PATH")) != NULL)
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1006:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((path = getenv("PCP_SASL2_CONFIG_PATH")) != NULL)
data/pcp-5.2.2/src/libpcp/src/secureserver.c:244:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *nss_method = getenv("PCP_SECURE_DB_METHOD");
data/pcp-5.2.2/src/libpcp/src/secureserver.c:303:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *pcp_nss_init_mode = getenv("PCP_NSS_INIT_MODE");
data/pcp-5.2.2/src/libpcp/src/tz.c:62:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("TZ"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/tz.c:71:91: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stderr, "_pushTZ() envtz=\"%s\" savetz=\"%s\" after TZ=\"%s\"\n", envtz, savetz, getenv("TZ")); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/tz.c:89:70: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stderr, "_popTZ() savetz=\"%s\" after TZ=\"%s\"\n", savetz, getenv("TZ")); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/tz.c:280:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tz = getenv("TZ"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/util.c:1601:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
filename = getenv("PCP_STDERR"); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/win32.c:233:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pcp_dir = getenv("PCP_DIR");
data/pcp-5.2.2/src/libpcp/src/win32.c:274:16: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if ((sts = CreateProcess( NULL,
data/pcp-5.2.2/src/libpcp/src/win32.c:274:16: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if ((sts = CreateProcess( NULL,
data/pcp-5.2.2/src/libpcp/src/win32.c:370:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pcp_dir = getenv("PCP_DIR");
data/pcp-5.2.2/src/libpcp/src/win32.c:459:16: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if ((sts = CreateProcess(NULL,
data/pcp-5.2.2/src/libpcp/src/win32.c:459:16: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
if ((sts = CreateProcess(NULL,
data/pcp-5.2.2/src/libpcp/src/win32.c:662:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(void)
data/pcp-5.2.2/src/libpcp/src/win32.c:668:1: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(unsigned int seed)
data/pcp-5.2.2/src/libpcp/src/win32.c:670:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/pcp-5.2.2/src/libpcp/src/win32.c:674:1: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
lrand48(void)
data/pcp-5.2.2/src/libpcp/src/win32.c:682:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/pcp-5.2.2/src/libpcp/src/win32.c:757:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
return LoadLibrary(filename);
data/pcp-5.2.2/src/libpcp/src/win32.c:1034:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(name) != NULL) { /* THREADSAFE */
data/pcp-5.2.2/src/libpcp_import/src/archive.c:161:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *p = getenv("PCP_LOGIMPORT_MAXLOGSZ");
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:45:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_STDERR") == NULL) // do not overwrite, for QA
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:75:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
switch ((c = getopt(my.argc, my.argv, options))) {
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:413:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
wrap = (getenv("PCP_COUNTER_WRAP") != NULL);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_source.cpp:83:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
my.proxy = getenv("PMPROXY_HOST");
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_source.cpp:263:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMPROXY_HOST")) != NULL) {
data/pcp-5.2.2/src/libpcp_trace/src/pdu.c:131:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((timeout_str = getenv(TRACE_ENV_REQTIMEOUT)) != NULL) {
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:546:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((q = getenv(TRACE_ENV_RECTIMEOUT)) != NULL) {
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:713:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((sptr = getenv(TRACE_ENV_HOST)) != NULL)
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:719:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((sptr = getenv(TRACE_ENV_PORT)) != NULL) {
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:726:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((sptr = getenv(TRACE_ENV_TIMEOUT)) != NULL) {
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:734:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(TRACE_ENV_NOAGENT) != NULL)
data/pcp-5.2.2/src/libpcp_web/src/config.c:41:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dirname = getenv("HOME")) != NULL) {
data/pcp-5.2.2/src/libpcp_web/src/load.c:735:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(cp->name.sds, path) != NULL)
data/pcp-5.2.2/src/libpcp_web/src/util.c:346:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("FAKETTY"))
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:204:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if ((cp->randomid = random()) < 0 ||
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:2159:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(pid ^ (unsigned int)tv.tv_sec ^ (unsigned int)tv.tv_usec);
data/pcp-5.2.2/src/newhelp/chkhelp.c:140:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "D:eHin:Opv:?")) != EOF) {
data/pcp-5.2.2/src/pcp/atop/atop.c:298:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (p = getenv("HOME")) )
data/pcp-5.2.2/src/perl/PMDA/local.c:32:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return (getenv("PCP_PERL_PMNS") || getenv("PCP_PERL_DOMAIN"));
data/pcp-5.2.2/src/perl/PMDA/local.c:32:40: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return (getenv("PCP_PERL_PMNS") || getenv("PCP_PERL_DOMAIN"));
data/pcp-5.2.2/src/pmcd/src/config.c:1677:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((args = getenv("PMCD_ROOT_AGENT")) == NULL)
data/pcp-5.2.2/src/pmcd/src/pmcd.c:809:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((args = getenv("PMCD_RESTART_AGENTS")) == NULL)
data/pcp-5.2.2/src/pmcd/src/pmcd.c:945:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMCD_PORT")) != NULL) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:949:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMCD_LOCAL")) != NULL) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:955:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMCD_MAXPENDING")) != NULL) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:1013:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"Warning", nport, getenv("PMCD_PORT"));
data/pcp-5.2.2/src/pmcd/src/pmcd.c:1016:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"Warning", getenv("PMCD_LOCAL"));
data/pcp-5.2.2/src/pmcd/src/pmcd.c:1019:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"Warning", maxpending, getenv("PMCD_MAXPENDING"));
data/pcp-5.2.2/src/pmchart/main.cpp:136:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_STDERR") == NULL && // do not overwrite, for QA
data/pcp-5.2.2/src/pmchart/view.cpp:115:14: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
static char *getwd(FILE *f)
data/pcp-5.2.2/src/pmchart/view.cpp:187:17: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
while ((w = getwd(f)) != NULL && w[0] != '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:199:17: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
while ((w = getwd(f)) != NULL && w[0] != '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:339:17: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
while ((w = getwd(f)) != NULL) {
data/pcp-5.2.2/src/pmchart/view.cpp:371:10: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:395:10: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:412:10: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:439:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:445:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:450:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:456:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:483:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n')
data/pcp-5.2.2/src/pmchart/view.cpp:487:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:492:13: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:502:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:507:13: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:518:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n')
data/pcp-5.2.2/src/pmchart/view.cpp:523:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:535:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n')
data/pcp-5.2.2/src/pmchart/view.cpp:540:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:552:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n')
data/pcp-5.2.2/src/pmchart/view.cpp:601:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:619:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:657:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:673:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:676:11: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:691:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:698:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:704:11: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:710:11: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:718:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:726:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:733:7: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
w = getwd(f);
data/pcp-5.2.2/src/pmchart/view.cpp:807:15: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:815:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:820:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:828:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:833:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:845:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:854:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:865:12: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:877:15: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) != NULL && w[0] != '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:884:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:893:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:902:16: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if ((w = getwd(f)) == NULL || w[0] == '\n') {
data/pcp-5.2.2/src/pmchart/view.cpp:916:19: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
while ((w = getwd(f)) != NULL && w[0] != '\n') {
data/pcp-5.2.2/src/pmconfig/pmconfig.c:65:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
val = getenv(var);
data/pcp-5.2.2/src/pmconfig/pmconfig.c:73:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
val = getenv(var);
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:492:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("CIFS_STATSPATH")) != NULL)
data/pcp-5.2.2/src/pmdas/cisco/probe.c:266:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ND:P:s:U:x:?")) != EOF) {
data/pcp-5.2.2/src/pmdas/dm/dmcache.c:249:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_command = getenv("DM_SETUP_CACHE")) != NULL)
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:359:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_command = getenv("DM_SETUP_THIN")) != NULL)
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:363:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_command = getenv("DM_SETUP_THINPOOL")) != NULL)
data/pcp-5.2.2/src/pmdas/dm/vdo.c:265:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_path = getenv("DM_VDO_STATSPATH")) != NULL)
data/pcp-5.2.2/src/pmdas/docker/docker.c:849:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *docker = getenv("PCP_DOCKER_DIR");
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:890:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, options)) != EOF) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:626:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("KVM_NCPUS")))
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:632:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("KVM_DEBUGFS_PATH")))
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:636:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("KVM_TRACEFS_PATH")))
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:640:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("KVM_LOCKDOWN_PATH")))
data/pcp-5.2.2/src/pmdas/linux/filesys.c:92:10: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(device, src) != NULL)
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9137:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("LINUX_HERTZ")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9142:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("LINUX_NCPUS")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9147:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("LINUX_PAGESIZE")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9152:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("LINUX_STATSPATH")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9156:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("LINUX_MDADM")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9160:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_QA_ESTIMATE_MEMAVAILABLE") != NULL)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:336:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(buf, realname)) {
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3842:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("PROC_HERTZ")) != NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3846:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("PROC_PAGESIZE")) != NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3850:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("PROC_STATSPATH")) != NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3852:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("PROC_THREADS")) != NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3854:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("PROC_ACCESS")) != NULL)
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:145:10: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(device, realdevice) != NULL) {
data/pcp-5.2.2/src/pmdas/linux_xfs/pmda.c:1958:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envpath = getenv("XFS_STATSPATH")) != NULL)
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:340:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(devname, statsname) == NULL)
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:326:53: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (strncmp(device, "/dev/mapper", 11) == 0 || realpath(device, mp->device) == NULL)
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:155:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
basepath = getenv("SYSFS_MOUNT_POINT");
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:209:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
basepath = getenv("SYSFS_MOUNT_POINT");
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:1019:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
prefix = getenv("SYSFS_PREFIX");
data/pcp-5.2.2/src/pmdas/perfevent/perfalloc.c:74:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "dDf:hv")) != -1) {
data/pcp-5.2.2/src/pmdas/root/docker.c:41:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *docker = getenv("PCP_DOCKER_DIR");
data/pcp-5.2.2/src/pmdas/root/docker.c:46:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
systemd_cgroup = getenv("PCP_SYSTEMD_CGROUP");
data/pcp-5.2.2/src/pmdas/root/docker.c:70:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cgroup_check_path = getenv("PCP_CGROUP_CHECK_PATH")) == NULL)
data/pcp-5.2.2/src/pmdas/root/docker.c:179:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (cgroup == NULL && (cgroup = getenv("PCP_CGROUP_DIR")) == NULL)
data/pcp-5.2.2/src/pmdas/root/lxc.c:37:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *lxc = getenv("PCP_LXC_DIR");
data/pcp-5.2.2/src/pmdas/root/lxc.c:38:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *lxc_cmd = getenv("PCP_LXC_INFO");
data/pcp-5.2.2/src/pmdas/root/podman.c:43:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
podman_datadir = getenv("PCP_PODMAN_DATADIR");
data/pcp-5.2.2/src/pmdas/root/podman.c:44:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
podman_rundir = getenv("PCP_PODMAN_RUNDIR");
data/pcp-5.2.2/src/pmdas/root/podman.c:318:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (cgroup == NULL && (cgroup = getenv("PCP_CGROUP_DIR")) == NULL)
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:882:10: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (lrand48() % 1000 < 1000 / cull) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:898:10: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (lrand48() % 1000 < 500) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:956:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
j = (int)(lrand48() % 1000);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:970:7: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (lrand48() % 100 < 49) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:979:21: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
new_dodgey = (int)(lrand48() % dodgey);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1913:36: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_drift = _drift + _sign * (int)(lrand48() % 50);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1916:9: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if ((lrand48() % 100) < 20) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2006:17: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_col46 = lrand48() % 3;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2007:25: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_n46 = 1 + (int)(lrand48() % 10);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2024:33: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_mag47 = 1 << (1 + (int)(lrand48() % 6));
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2025:25: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_n47 = 1 + (int)(lrand48() % 5);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2188:19: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
atom.l = (int)(lrand48() % 101);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2291:13: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
nbyte += lrand48() % 1024;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2295:19: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
atom.l = (int)(lrand48() % 1024);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2298:13: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
nbyte += lrand48() % 1024;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2302:19: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
atom.l = (int)(lrand48() % 1024);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2305:19: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
atom.l = (int)(lrand48() % 1024);
data/pcp-5.2.2/src/pmdas/smart/pmda.c:1358:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_command = getenv("SMART_SETUP_LSBLK")) != NULL)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:531:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_command = getenv("SMART_SETUP")) != NULL)
data/pcp-5.2.2/src/pmdas/trace/app2.c:97:18: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
iterations = lrand48() % CPU_UPPER_LIMIT;
data/pcp-5.2.2/src/pmdas/trace/app2.c:123:15: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
seconds = lrand48() % TIME_UPPER_LIMIT;
data/pcp-5.2.2/src/pmdas/trace/app2.c:151:18: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
characters = lrand48() % IO_UPPER_LIMIT;
data/pcp-5.2.2/src/pmdas/trace/app3.c:99:15: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
iterations = lrand48() % CPU_UPPER_LIMIT;
data/pcp-5.2.2/src/pmdas/trace/app3.c:129:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
seconds = lrand48() % TIME_UPPER_LIMIT;
data/pcp-5.2.2/src/pmdas/trace/app3.c:161:15: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
characters = lrand48() % IO_UPPER_LIMIT;
data/pcp-5.2.2/src/pmdas/trace/src/comms.c:246:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv(TRACE_ENV_PORT)) != NULL) {
data/pcp-5.2.2/src/pmie/src/pmie.c:239:11: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
else if (realpath(fname, perf->config) == NULL) {
data/pcp-5.2.2/src/pmie/src/pmie.c:690:38: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (strcmp(commandlog, "-") != 0 && realpath(commandlog, logfile) == NULL) {
data/pcp-5.2.2/src/pmie/src/pmie.c:956:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_COUNTER_WRAP") != NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:1852:6: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(token, pmiefile) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:2221:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((home = getenv("USERPROFILE")) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:2234:11: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
else if (realpath(in_pmie, pmiefile) == NULL && oserror() != ENOENT) {
data/pcp-5.2.2/src/pmieconf/rules.c:2243:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((home = getenv("HOME")) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:2256:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PMIECONF_PATH")) == NULL)
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:470:13: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if ((msg = tmpnam(NULL)) != NULL)
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:785:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((endnum = getenv("PMLOGGER_INTERVAL")) != NULL)
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1010:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PMLOGGER_REEXEC") != NULL) {
data/pcp-5.2.2/src/pmlogger/src/ports.c:261:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PMLOGGER_MAXPENDING")) != NULL)
data/pcp-5.2.2/src/pmlogger/src/ports.c:382:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PMLOGGER_LOCAL")) != NULL) {
data/pcp-5.2.2/src/pmlogger/src/ports.c:386:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_str = getenv("PMLOGGER_PORT")) != NULL) {
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1601:11: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if ((s = tempnam(dname, fname)) == NULL) {
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1617:11: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
if ((s = tempnam(dname, fname)) == NULL) {
data/pcp-5.2.2/src/pmlogsummary/pmlogsummary.c:387:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_COUNTER_WRAP") == NULL)
data/pcp-5.2.2/src/pmns/pmnsdel.c:116:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PMNS_DEFAULT")) != NULL) {
data/pcp-5.2.2/src/pmpost/pmpost.c:102:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
keepval[i] = getenv(keepname[i]);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:339:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMPROXY_PORT")) != NULL) {
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:343:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMPROXY_LOCAL")) != NULL) {
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:349:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMPROXY_MAXPENDING")) != NULL) {
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:421:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"Warning", nport, getenv("PMPROXY_PORT"));
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:424:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"Warning", getenv("PMPROXY_LOCAL"));
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:427:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"Warning", maxpending, getenv("PMPROXY_MAXPENDING"));
data/pcp-5.2.2/src/pmproxy/src/server.c:604:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMPROXY_SOCKET")) != NULL)
data/pcp-5.2.2/src/pmpython/pmpython.c:33:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *altconf = getenv("PCP_CONF");
data/pcp-5.2.2/src/pmpython/pmpython.c:34:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *altdir = getenv("PCP_DIR");
data/pcp-5.2.2/src/pmtime/main.cpp:42:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_STDERR") == NULL && // do not overwrite, for QA
data/pcp-5.2.2/src/pmtime/main.cpp:86:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envstr = getenv("PMTIME_PORT")) == NULL) {
data/pcp-5.2.2/src/pmtrace/pmtrace.c:45:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "S:c:e:h:qv:?")) != EOF) {
data/pcp-5.2.2/src/pmval/pmval.c:651:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PCP_COUNTER_WRAP") == NULL)
data/pcp-5.2.2/src/pmview/launch.cpp:368:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("PM_LAUNCH_PATH")) != NULL)
data/pcp-5.2.2/src/pmview/main.cpp:229:15: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
configfile = tempnam(tmpdir, "pcp-");
data/pcp-5.2.2/src/pmview/text.cpp:67:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * font = getenv ("PMVIEW_FONT");
data/pcp-5.2.2/src/python/pmapi.c:1246:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((container = getenv("PCP_CONTAINER")) != NULL)
data/pcp-5.2.2/src/python/pmda.c:937:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pmda_generating_pmns(void) { return getenv("PCP_PYTHON_PMNS") != NULL; }
data/pcp-5.2.2/src/python/pmda.c:940:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pmda_generating_domain(void) { return getenv("PCP_PYTHON_DOMAIN") != NULL; }
data/pcp-5.2.2/src/python/pmda.c:956:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PCP_PYTHON_DEBUG")) != NULL)
data/pcp-5.2.2/src/telnet-probe/telnet-probe.c:40:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "cv?")) != EOF) {
data/pcp-5.2.2/src/win32ctl/eventlog/pcp-eventlog.c:65:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ip:st:?")) != EOF) {
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:122:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((basedir = getenv("PCP_DIR")) == NULL) {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:724:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
namelist = (char **)realloc(namelist, n*sizeof(namelist[0]));
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:857:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowed_events[3] = {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:863:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *denied_events[2] = {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:910:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowed_events[3] = {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:916:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *denied_events[2] = {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:963:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *allowed_events[3] = {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:969:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *denied_events[2] = {
data/pcp-5.2.2/qa/perfevent/perf_event_test.c:1358:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_num = atoi(argv[1]);
data/pcp-5.2.2/qa/pmdas/bigun/bigun.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/qa/pmdas/bigun/bigun.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&vbp->vbuf[i], (void *)&i, sizeof(int));
data/pcp-5.2.2/qa/pmdas/dynamic/dynamic.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/pcp-5.2.2/qa/pmdas/dynamic/dynamic.c:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/qa/pmdas/schizo/schizo-A.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/qa/pmdas/schizo/schizo-B.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/qa/pmlogconv/libpcp.c:149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuf[13];
data/pcp-5.2.2/qa/pmlogconv/libpcp.c:281:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/qa/pmlogconv/logio.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tail, &p[ntohl(head) - sizeof(head)], sizeof(head));
data/pcp-5.2.2/qa/qt/qmc_context/qmc_context.cpp:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/qt/qmc_desc/qmc_desc.cpp:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/qt/qmc_dynamic/qmc_dynamic.cpp:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/qa/qt/qmc_dynamic/qmc_dynamic.cpp:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/qa/qt/qmc_metric/qmc_metric.cpp:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/qa/qt/qmc_metric/qmc_metric.cpp:22:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "w");
data/pcp-5.2.2/qa/qt/qmc_source/qmc_source.cpp:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/779246.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[NUM] = { "sample.sysinfo" };
data/pcp-5.2.2/qa/src/addctxdm.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100]; /* no checks, assume big enough */
data/pcp-5.2.2/qa/src/addctxdm.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[1000]; /* no checks, assume big enough */
data/pcp-5.2.2/qa/src/addctxdm.c:43:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(filename, "r")) == NULL) {
data/pcp-5.2.2/qa/src/aggrstore.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[1];
data/pcp-5.2.2/qa/src/aggrstore.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->vset[0]->vlist[0].value.pval->vbuf, argv[optind+1], len);
data/pcp-5.2.2/qa/src/anon-sa.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[SA_UTSNAME_LEN] = { 0 };
data/pcp-5.2.2/qa/src/anon-sa.c:75:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(file, O_RDWR)) < 0) {
data/pcp-5.2.2/qa/src/anon-sa.c:94:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "pcp.qa.org"); // reset it
data/pcp-5.2.2/qa/src/arch_maxfd.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pcp-5.2.2/qa/src/arch_maxfd.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[100];
data/pcp-5.2.2/qa/src/archfetch.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[26];
data/pcp-5.2.2/qa/src/archinst.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/atomstr.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atom.vbp->vbuf, (void *)aggr, sizeof(aggr));
data/pcp-5.2.2/qa/src/badmmv.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/qa/src/badmmv.c:48:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644)) < 0) {
data/pcp-5.2.2/qa/src/badpmda.c:28:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(optarg);
data/pcp-5.2.2/qa/src/badpmda.c:36:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/pcp-5.2.2/qa/src/chain.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[512] = {0};
data/pcp-5.2.2/qa/src/chain.c:46:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
links = atoi(argv[1]);
data/pcp-5.2.2/qa/src/chain.c:51:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numiter = atoi(argv[2]);
data/pcp-5.2.2/qa/src/check_pmiend_fdleak.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/qa/src/check_pmiend_fdleak.c:27:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((before = open("/dev/null", O_RDONLY)) < 0)
data/pcp-5.2.2/qa/src/check_pmiend_fdleak.c:48:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((after = open("/dev/null", O_RDONLY)) < 0)
data/pcp-5.2.2/qa/src/checkstructs.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[sizeof(int)];
data/pcp-5.2.2/qa/src/checkstructs.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(int)]; /* may be missing */
data/pcp-5.2.2/qa/src/checkstructs.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(int)]; /* may be missing */
data/pcp-5.2.2/qa/src/checkstructs.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__pmPDU)]; /* variable length */
data/pcp-5.2.2/qa/src/checkstructs.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__pmPDU)]; /* variable length */
data/pcp-5.2.2/qa/src/checkstructs.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(int)];
data/pcp-5.2.2/qa/src/checkstructs.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(int)]; /* desired text */
data/pcp-5.2.2/qa/src/chk_memleak.c:38:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
niter = atoi(optarg);
data/pcp-5.2.2/qa/src/chk_metric_types.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/chkacc1.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4*8 + 7 + 1]; /* handles full IPv6 address, if supported */
data/pcp-5.2.2/qa/src/chkacc1.c:111:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/pcp-5.2.2/qa/src/chkacc1.c:133:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4*8 + 7 + 1]; /* handles full IPv6 address */
data/pcp-5.2.2/qa/src/chkacc2.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4*8 + 7 + 1]; /* handles full IPv6 address, if supported */
data/pcp-5.2.2/qa/src/chkacc2.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/pcp-5.2.2/qa/src/chkacc2.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4*8 + 7 + 1]; /* handles full IPv6 address */
data/pcp-5.2.2/qa/src/chkacc3.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4*8 + 7 + 1]; /* handles full IPv6 address, if supported */
data/pcp-5.2.2/qa/src/chkacc3.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *wnames[4] = { ".*", "38.*", "38.202.*", "38.202.16.*" };
data/pcp-5.2.2/qa/src/chkacc3.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *wnames6[4] = { ":*", "26:*", "26:ca:*", "26:ca:10:*" };
data/pcp-5.2.2/qa/src/chkacc3.c:190:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/pcp-5.2.2/qa/src/chkacc3.c:215:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4*8 + 7 + 1]; /* handles full IPv6 address */
data/pcp-5.2.2/qa/src/chkacc4.c:120:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gid = atoi(optarg);
data/pcp-5.2.2/qa/src/chkacc4.c:137:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(optarg);
data/pcp-5.2.2/qa/src/chkconnect.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/qa/src/chkhelp.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[2];
data/pcp-5.2.2/qa/src/chknumval.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/qa/src/chkopenlog.c:22:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = atoi(argv[1]);
data/pcp-5.2.2/qa/src/chkopenlog.c:25:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fout = fopen("/tmp/chk.fout", "w");
data/pcp-5.2.2/qa/src/chkopenlog.c:37:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nextfd = open("/dev/null", 0);
data/pcp-5.2.2/qa/src/chkopenlog.c:45:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nextfd = open("/dev/null", 0);
data/pcp-5.2.2/qa/src/chkputlogresult.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logctl.l_label.ill_hostname, "happycamper");
data/pcp-5.2.2/qa/src/chkputlogresult.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logctl.l_label.ill_tz, "UTC");
data/pcp-5.2.2/qa/src/churnctx.c:35:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((name = (char **)realloc(name, nmetric*sizeof(name[0]))) == NULL) {
data/pcp-5.2.2/qa/src/churnctx.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/churnctx.c:511:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char now[26];
data/pcp-5.2.2/qa/src/clientid.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cp = (char *)malloc(strlen(argv[a])+strlen(TAG)+1);
data/pcp-5.2.2/qa/src/context_fd_leak.c:21:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/countmark.c:28:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = open(argv[1], O_RDONLY)) < 0) {
data/pcp-5.2.2/qa/src/crashpmcd.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pcp-5.2.2/qa/src/crashpmcd.c:28:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&myAddr.sin_addr, servInfo->h_addr, servInfo->h_length);
data/pcp-5.2.2/qa/src/ctx_derive.c:62:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp_names = (char **)realloc(namelist, numnames*sizeof(namelist[0]));
data/pcp-5.2.2/qa/src/ctx_derive.c:233:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(opts.optarg);
data/pcp-5.2.2/qa/src/ctx_derive.c:238:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Limit = atoi(opts.optarg);
data/pcp-5.2.2/qa/src/err.c:46:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sts = atoi(argv[optind]);
data/pcp-5.2.2/qa/src/exectest.c:66:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(optarg, "r")) == NULL) {
data/pcp-5.2.2/qa/src/exertz.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/exertz.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[28];
data/pcp-5.2.2/qa/src/fetchgroup.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *values_inst_names[almost_bins];
data/pcp-5.2.2/qa/src/fetchgroup.c:72:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
assert(atoi(values_inst_names[j]+4) == values_inst_codes[j]);
data/pcp-5.2.2/qa/src/fetchgroup.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *constant_rate_counter_names[2];
data/pcp-5.2.2/qa/src/fetchgroup.c:211:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(values[j].cp);
data/pcp-5.2.2/qa/src/fetchloop.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/qa/src/fetchloop.c:46:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "PMCD state change(s): ");
data/pcp-5.2.2/qa/src/fetchloop.c:48:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "agent ");
data/pcp-5.2.2/qa/src/fetchloop.c:50:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "label ");
data/pcp-5.2.2/qa/src/fetchloop.c:52:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "names ");
data/pcp-5.2.2/qa/src/fetchloop.c:57:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "none");
data/pcp-5.2.2/qa/src/fetchloop.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/qa/src/fetchloop.c:194:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(configfile, "r")) == NULL) {
data/pcp-5.2.2/qa/src/fetchpdu.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/qa/src/fetchrate.c:51:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iterations = atoi(optarg);
data/pcp-5.2.2/qa/src/getcontexthost.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/getcontexthost.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/getdomainname.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXDOMAINNAMELEN];
data/pcp-5.2.2/qa/src/getoptions.c:16:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(value);
data/pcp-5.2.2/qa/src/getoptions.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char flags[128];
data/pcp-5.2.2/qa/src/getoptions.c:48:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",init");
data/pcp-5.2.2/qa/src/getoptions.c:50:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",done");
data/pcp-5.2.2/qa/src/getoptions.c:52:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",multi");
data/pcp-5.2.2/qa/src/getoptions.c:54:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",usage_err");
data/pcp-5.2.2/qa/src/getoptions.c:56:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",runtime_err");
data/pcp-5.2.2/qa/src/getoptions.c:58:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",exit");
data/pcp-5.2.2/qa/src/getoptions.c:60:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",posix");
data/pcp-5.2.2/qa/src/getoptions.c:62:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",mixed");
data/pcp-5.2.2/qa/src/getoptions.c:64:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",env_only");
data/pcp-5.2.2/qa/src/getoptions.c:66:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",long_only");
data/pcp-5.2.2/qa/src/getoptions.c:68:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",boundaries");
data/pcp-5.2.2/qa/src/getoptions.c:70:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags, ",stdout_tz");
data/pcp-5.2.2/qa/src/getoptions.c:96:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tv[128];
data/pcp-5.2.2/qa/src/getoptions.c:114:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char it[128];
data/pcp-5.2.2/qa/src/getversion.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12]; /* enough for XXX.XXX.XXX */
data/pcp-5.2.2/qa/src/grind_conv.c:64:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[optind]);
data/pcp-5.2.2/qa/src/grind_conv.c:108:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv.vbp->vbuf, vp, strlen(vp));
data/pcp-5.2.2/qa/src/hanoi.c:43:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc > 1)disk = atoi(argv[1]);
data/pcp-5.2.2/qa/src/hex2nbo.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pcp-5.2.2/qa/src/hrunpack.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(eptr + sizeof(pmEventParameter)), src, vlen);
data/pcp-5.2.2/qa/src/hrunpack.c:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aggr->vbuf, (void *)aggrval, sizeof(aggrval));
data/pcp-5.2.2/qa/src/httpfetch.c:44:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout.tv_sec = atoi(optarg);
data/pcp-5.2.2/qa/src/httpfetch.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/qa/src/httpfetch.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[64] = {0};
data/pcp-5.2.2/qa/src/int2indom.c:14:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indom = atoi(argv[optind++]);
data/pcp-5.2.2/qa/src/int2pmid.c:14:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmid = atoi(argv[optind++]);
data/pcp-5.2.2/qa/src/interp0.c:215:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av, cp, sizeof(pmAtomValue));
data/pcp-5.2.2/qa/src/interp0.c:217:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av, pp, sizeof(pmAtomValue));
data/pcp-5.2.2/qa/src/interp1.c:238:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av, cp, sizeof(pmAtomValue));
data/pcp-5.2.2/qa/src/interp1.c:241:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av, pp, sizeof(pmAtomValue));
data/pcp-5.2.2/qa/src/interp3.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[20];
data/pcp-5.2.2/qa/src/interp4.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[20];
data/pcp-5.2.2/qa/src/interp_bug.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/interp_bug2.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/iohack.c:18:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *ferr = fopen("iohack.err", "w");
data/pcp-5.2.2/qa/src/ipc.c:121:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iterations = atoi(optarg);
data/pcp-5.2.2/qa/src/json_test.c:251:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[optind], "r")) == NULL) {
data/pcp-5.2.2/qa/src/keycache.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/pcp-5.2.2/qa/src/keycache.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/pcp-5.2.2/qa/src/keycache2.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/pcp-5.2.2/qa/src/lookupnametest.c:165:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
namelist = (char **)malloc(numpmid*sizeof(namelist[0]));
data/pcp-5.2.2/qa/src/mark-bug.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[2] = {"hinv.ncpu", "irix.kernel.all.cpu.idle"};
data/pcp-5.2.2/qa/src/mark-bug.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timebuf[26];
data/pcp-5.2.2/qa/src/mark-bug.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/mergelabels.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **sets, result[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/qa/src/mergelabelsets.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/qa/src/mmv2_genstats.c:94:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sleeper = (ac > 2) ? atoi(av[2]) : 0;
data/pcp-5.2.2/qa/src/mmv3_genstats.c:91:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sleeper = (ac > 2) ? atoi(av[2]) : 0;
data/pcp-5.2.2/qa/src/mmv_genstats.c:93:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sleeper = (ac > 2) ? atoi(av[2]) : 0;
data/pcp-5.2.2/qa/src/mmv_noinit.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/qa/src/mmv_noinit.c:60:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR, 0644);
data/pcp-5.2.2/qa/src/mmv_noinit.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &hdr, sizeof(hdr));
data/pcp-5.2.2/qa/src/mmv_noinit.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &toc, sizeof(toc));
data/pcp-5.2.2/qa/src/mmv_noinit.c:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &metric, sizeof(metric));
data/pcp-5.2.2/qa/src/mmv_noinit.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &values, sizeof(values));
data/pcp-5.2.2/qa/src/mmv_noinit.c:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &hdr, sizeof(hdr));
data/pcp-5.2.2/qa/src/mmv_ondisk.c:43:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(metric->name, "ondisk.counter");
data/pcp-5.2.2/qa/src/mmv_ondisk.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/qa/src/mmv_ondisk.c:78:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644)) < 0) {
data/pcp-5.2.2/qa/src/mmv_poke.c:66:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(optarg);
data/pcp-5.2.2/qa/src/mmv_poke.c:78:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
c = open(file, O_RDWR, 0644);
data/pcp-5.2.2/qa/src/multictx.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/multifetch.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/multifetch.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/qa/src/multithread10.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/pcp-5.2.2/qa/src/multithread11.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread11.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread11.c:118:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(optarg);
data/pcp-5.2.2/qa/src/multithread12.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread12.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread12.c:73:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/thread_A.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread12.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread12.c:119:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/thread_B.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread12.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread12.c:190:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/thread_C.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread12.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread12.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread12.c:329:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/thread_D.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread13.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/pcp-5.2.2/qa/src/multithread13.c:108:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(path, "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread13.c:301:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nthread = atoi(argv[opts.optind]);
data/pcp-5.2.2/qa/src/multithread3.c:147:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(pmnsfile, "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread3.c:200:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(pmnsfile, "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread4.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread4.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread4.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/qa/src/multithread5.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[NMETRIC] = {
data/pcp-5.2.2/qa/src/multithread5.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[60];
data/pcp-5.2.2/qa/src/multithread5.c:71:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func1.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread5.c:103:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func2.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread5.c:135:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func3.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread6.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[NMETRIC] = {
data/pcp-5.2.2/qa/src/multithread6.c:94:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func1.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread6.c:127:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func2.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread6.c:160:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func3.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread7.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[NMETRIC] = {
data/pcp-5.2.2/qa/src/multithread7.c:75:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func1.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread7.c:109:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func2.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread7.c:163:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func3.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread8.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/qa/src/multithread8.c:80:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func1.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread8.c:113:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func2.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread8.c:146:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func3.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread9.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **chn[NMETRIC];
data/pcp-5.2.2/qa/src/multithread9.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/qa/src/multithread9.c:199:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func1.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread9.c:232:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func2.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/multithread9.c:265:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/tmp/func3.out", "w")) == NULL) {
data/pcp-5.2.2/qa/src/nvidia-ml.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NVML_DEVICE_NAME_BUFFER_SIZE];
data/pcp-5.2.2/qa/src/nvidia-ml.c:355:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stats, proc_table[i].stats, sizeof(nvmlAccountingStats_t));
data/pcp-5.2.2/qa/src/parsehostattrs.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/qa/src/parsehostattrs.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/pcp-5.2.2/qa/src/parsehostspec.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, buffer[512];
data/pcp-5.2.2/qa/src/parsemetricspec.c:19:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isarch = atol(argv[2]);
data/pcp-5.2.2/qa/src/pcp_lite_crash.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/pdu-server.c:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/pcp-5.2.2/qa/src/pducheck.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mytag[10];
data/pcp-5.2.2/qa/src/pducheck.c:375:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gav.ull, gvbp->vbuf, sizeof(__uint64_t));
data/pcp-5.2.2/qa/src/pducheck.c:376:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xav.ull, xvbp->vbuf, sizeof(__uint64_t));
data/pcp-5.2.2/qa/src/pducheck.c:382:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gav.f, gvbp->vbuf, sizeof(float));
data/pcp-5.2.2/qa/src/pducheck.c:383:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xav.f, xvbp->vbuf, sizeof(float));
data/pcp-5.2.2/qa/src/pducheck.c:389:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gav.d, gvbp->vbuf, sizeof(double));
data/pcp-5.2.2/qa/src/pducheck.c:390:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xav.d, xvbp->vbuf, sizeof(double));
data/pcp-5.2.2/qa/src/pducheck.c:1408:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logstat.ls_hostname, "foo");
data/pcp-5.2.2/qa/src/pducheck.c:1409:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logstat.ls_fqdn, "foo.bar.com");
data/pcp-5.2.2/qa/src/pducheck.c:1410:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logstat.ls_tz, "TZ-THERE");
data/pcp-5.2.2/qa/src/pducheck.c:1411:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logstat.ls_tzlogger, "TZ-HERE");
data/pcp-5.2.2/qa/src/pducheck.c:1557:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mytag, "b1+b2");
data/pcp-5.2.2/qa/src/pducrash.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[0];
data/pcp-5.2.2/qa/src/pducrash.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/pcp-5.2.2/qa/src/pducrash.c:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/pcp-5.2.2/qa/src/pducrash.c:714:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/pcp-5.2.2/qa/src/pducrash.c:847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/pcp-5.2.2/qa/src/pducrash.c:1217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[0];
data/pcp-5.2.2/qa/src/pducrash.c:1307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[0];
data/pcp-5.2.2/qa/src/permfetch.c:27:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
todolist[todo].namelist = (char **)realloc(todolist[todo].namelist, (1+done)*sizeof(char *));
data/pcp-5.2.2/qa/src/permfetch.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/pmcdgone.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[4];
data/pcp-5.2.2/qa/src/pmcdgone.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/qa/src/pmconvscale.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olds[64], news[64];
data/pcp-5.2.2/qa/src/pmdaqueue.c:113:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context = atoi(name);
data/pcp-5.2.2/qa/src/pmdaqueue.c:124:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context = atoi(optarg);
data/pcp-5.2.2/qa/src/pmdaqueue.c:132:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context = atoi(optarg);
data/pcp-5.2.2/qa/src/pmdaqueue.c:157:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(s);
data/pcp-5.2.2/qa/src/pmdaqueue.c:182:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
queueid = atoi(name);
data/pcp-5.2.2/qa/src/pmdaqueue.c:183:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(s);
data/pcp-5.2.2/qa/src/pmdaqueue.c:202:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(s);
data/pcp-5.2.2/qa/src/pmdaqueue.c:218:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context = atoi(name);
data/pcp-5.2.2/qa/src/pmdaqueue.c:227:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filter_size = atoi(s);
data/pcp-5.2.2/qa/src/pmdaqueue.c:245:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context = atoi(name);
data/pcp-5.2.2/qa/src/pmdaqueue.c:275:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context = atoi(name);
data/pcp-5.2.2/qa/src/pmnsunload.c:52:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
niter = atoi(optarg);
data/pcp-5.2.2/qa/src/pmprintf.c:34:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmprintf.c:35:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmprintf.c:36:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmprintf.c:37:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmprintf.c:38:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmprintf.c:39:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmprintf.c:40:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY);
data/pcp-5.2.2/qa/src/pmsocks_objstyle.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/pmsprintf.c:10:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16];
data/pcp-5.2.2/qa/src/proc_test.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metrics[MAXMETRICS];
data/pcp-5.2.2/qa/src/proc_test.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_fmt[8]; /* export for procfs fname conversions */
data/pcp-5.2.2/qa/src/proc_test.c:419:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[100];
data/pcp-5.2.2/qa/src/pv.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[sizeof(double)];
data/pcp-5.2.2/qa/src/pv.c:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&v.value.lval, (void *)&l, sizeof(l));
data/pcp-5.2.2/qa/src/pv.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&v.value.lval, (void *)&ul, sizeof(ul));
data/pcp-5.2.2/qa/src/pv.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vb.vbuf, (void *)&d, sizeof(double));
data/pcp-5.2.2/qa/src/pv.c:73:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vb.vbuf, (void *)&ll, sizeof(long long));
data/pcp-5.2.2/qa/src/pv.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vb.vbuf, (void *)&ull, sizeof(unsigned long long));
data/pcp-5.2.2/qa/src/qa_libpcp_compat.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/qa/src/qa_libpcp_compat.c:119:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(TMP ".tmp", "w")) == NULL) {
data/pcp-5.2.2/qa/src/recon.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[4];
data/pcp-5.2.2/qa/src/record-setarg.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/pcp-5.2.2/qa/src/record.c:21:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/pcp-5.2.2/qa/src/record.c:90:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = pmRecordSetup(argv[optind], argv[optind+1], atoi(argv[optind+2]));
data/pcp-5.2.2/qa/src/rootclient.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/qa/src/rootclient.c:57:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(opts.optarg);
data/pcp-5.2.2/qa/src/rtimetest.c:22:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ntm, btm, sizeof(struct tm));
data/pcp-5.2.2/qa/src/rtimetest.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/qa/src/scanmeta.c:478:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = open(argv[optind], O_RDONLY)) < 0) {
data/pcp-5.2.2/qa/src/sha1int2ext.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[40+1];
data/pcp-5.2.2/qa/src/sha1int2ext.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256] = {0};
data/pcp-5.2.2/qa/src/sortinst.c:90:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(key_a) > atoi(key_b);
data/pcp-5.2.2/qa/src/sortinst.c:90:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(key_a) > atoi(key_b);
data/pcp-5.2.2/qa/src/sortinst.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[100];
data/pcp-5.2.2/qa/src/spawn.c:35:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(argv[1]);
data/pcp-5.2.2/qa/src/store.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/qa/src/store_and_fetch.c:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[1];
data/pcp-5.2.2/qa/src/storepast.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/storepdu.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/qa/src/storepmcd.c:149:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay = atoi(optarg);
data/pcp-5.2.2/qa/src/storepmcd.c:164:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
excludes[nexcludes++] = atoi(optarg);
data/pcp-5.2.2/qa/src/stripmark.c:32:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = open(argv[1], O_RDONLY)) < 0) {
data/pcp-5.2.2/qa/src/stripmark.c:36:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC, 0644)) < 0) {
data/pcp-5.2.2/qa/src/sum16.c:41:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[i], "r");
data/pcp-5.2.2/qa/src/torture-eol.c:15:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_WRONLY)) < 0)
data/pcp-5.2.2/qa/src/torture-eol.c:77:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunc_size = atol(optarg);
data/pcp-5.2.2/qa/src/torture-eol.c:123:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/qa/src/torture_api.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/torture_cache.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[80]; /* at least as big as xxx[] */
data/pcp-5.2.2/qa/src/torture_cache.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2*MAXPATHLEN+30];
data/pcp-5.2.2/qa/src/torture_cache.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nbuf, xxx, ncount+3);
data/pcp-5.2.2/qa/src/torture_cache.c:223:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nbuf, xxx, 11+3);
data/pcp-5.2.2/qa/src/torture_cache.c:620:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_i(atoi(argv[optind]));
data/pcp-5.2.2/qa/src/torture_indom.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metriclist[1];
data/pcp-5.2.2/qa/src/torture_indom.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/torture_logmeta.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/torture_logmeta.c:76:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indom[1] = pmInDom_build(atoi(argv[optind+1]), atoi(argv[optind+2]));
data/pcp-5.2.2/qa/src/torture_logmeta.c:76:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indom[1] = pmInDom_build(atoi(argv[optind+1]), atoi(argv[optind+2]));
data/pcp-5.2.2/qa/src/torture_logmeta.c:77:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indom[2] = pmInDom_build(atoi(argv[optind+1]), atoi(argv[optind+3]));
data/pcp-5.2.2/qa/src/torture_logmeta.c:77:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indom[2] = pmInDom_build(atoi(argv[optind+1]), atoi(argv[optind+3]));
data/pcp-5.2.2/qa/src/torture_pmns.c:284:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[MAXHOSTNAMELEN];
data/pcp-5.2.2/qa/src/torture_trace.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/qa/src/torture_trace.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/qa/src/torture_trace.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64], buf3[64], buf4[64];
data/pcp-5.2.2/qa/src/tztest.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tb[256];
data/pcp-5.2.2/qa/src/tztest.c:56:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[64];
data/pcp-5.2.2/qa/src/units-parse.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char converted[100] = "";
data/pcp-5.2.2/qa/src/units-parse.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char converted2[100] = "";
data/pcp-5.2.2/qa/src/units-parse.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char converted[100] = "";
data/pcp-5.2.2/qa/src/units-parse.c:102:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmunits_roundtrip(1, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]));
data/pcp-5.2.2/qa/src/units-parse.c:102:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmunits_roundtrip(1, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]));
data/pcp-5.2.2/qa/src/units-parse.c:102:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmunits_roundtrip(1, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]));
data/pcp-5.2.2/qa/src/units-parse.c:102:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmunits_roundtrip(1, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]));
data/pcp-5.2.2/qa/src/units-parse.c:102:83: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmunits_roundtrip(1, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]));
data/pcp-5.2.2/qa/src/units-parse.c:102:98: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmunits_roundtrip(1, atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), atoi(argv[6]), atoi(argv[7]));
data/pcp-5.2.2/qa/src/unpack.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(eptr + sizeof(pmEventParameter)), src, vlen);
data/pcp-5.2.2/qa/src/unpack.c:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aggr->vbuf, (void *)aggrval, sizeof(aggrval));
data/pcp-5.2.2/qa/src/whichtimezone.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[28];
data/pcp-5.2.2/qa/src/wrap_int.c:46:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_samples = atoi(optarg);
data/pcp-5.2.2/qa/src/xarch.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[20];
data/pcp-5.2.2/qa/src/xlog.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *namelist[20];
data/pcp-5.2.2/qa/src/xmktime.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[28];
data/pcp-5.2.2/qa/src/xval.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av, (void *)ap, sizeof(av));
data/pcp-5.2.2/qa/src/xval.c:186:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv, sizeof(bv));
data/pcp-5.2.2/qa/src/xval.c:196:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv, sizeof(bv));
data/pcp-5.2.2/qa/src/xval.c:209:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv, sizeof(bv));
data/pcp-5.2.2/qa/src/xval.c:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv, sizeof(bv));
data/pcp-5.2.2/qa/src/xval.c:279:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&iv, (void *)ap, sizeof(iv));
data/pcp-5.2.2/qa/src/xval.c:394:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:410:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:418:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:426:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:434:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:442:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:450:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:466:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:494:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.ll, sizeof(bv.ll));
data/pcp-5.2.2/qa/src/xval.c:502:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.ull, sizeof(bv.ull));
data/pcp-5.2.2/qa/src/xval.c:511:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.f, sizeof(bv.f));
data/pcp-5.2.2/qa/src/xval.c:520:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv.d, sizeof(bv.d));
data/pcp-5.2.2/qa/src/xval.c:528:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp, (void *)&bv, sizeof(bv));
data/pcp-5.2.2/qa/src/xxx.c:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[20];
data/pcp-5.2.2/src/collectl2pcp/collectl2pcp.c:228:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(infile, "r")) == NULL) {
data/pcp-5.2.2/src/collectl2pcp/disk.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char metric[MAXPATHLEN];
data/pcp-5.2.2/src/collectl2pcp/disk.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXPATHLEN];
data/pcp-5.2.2/src/collectl2pcp/header.c:133:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
put_int_value("hinv.physmem", PM_INDOM_NULL, NULL, atoi(f->fields[4])/1024);
data/pcp-5.2.2/src/collectl2pcp/pmdesc.c:27:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pcp-5.2.2/src/collectl2pcp/pmdesc.c:31:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "c_api.PM_INDOM_NULL");
data/pcp-5.2.2/src/collectl2pcp/pmdesc.c:33:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "PM_INDOM_NULL");
data/pcp-5.2.2/src/collectl2pcp/pmdesc.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/collectl2pcp/proc.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base, start, size);
data/pcp-5.2.2/src/collectl2pcp/util.c:58:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(instance);
data/pcp-5.2.2/src/collectl2pcp/util.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[64];
data/pcp-5.2.2/src/collectl2pcp/util.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[64];
data/pcp-5.2.2/src/collectl2pcp/util.c:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy->buf, f->buf, f->len);
data/pcp-5.2.2/src/dbpmda/src/dso.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pcp-5.2.2/src/dbpmda/src/pmda.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket[MYSOCKETSZ];
data/pcp-5.2.2/src/dbpmda/src/pmda.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pcp-5.2.2/src/dbpmda/src/util.c:160:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[32];
data/pcp-5.2.2/src/dbpmda/src/util.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MYCMDSZ];
data/pcp-5.2.2/src/external/http_parser.c:162:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tokens[256] = {
data/pcp-5.2.2/src/external/ini.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[INI_MAX_LINE];
data/pcp-5.2.2/src/external/ini.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[MAX_SECTION] = "";
data/pcp-5.2.2/src/external/ini.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_name[MAX_NAME] = "";
data/pcp-5.2.2/src/external/ini.c:226:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/pcp-5.2.2/src/external/jsonsl.c:1158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jsn->jprs, jprs, sizeof(jsonsl_jpr_t) * njprs);
data/pcp-5.2.2/src/external/jsonsl.c:1338:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_t jsonsl_util_unescape_ex(const char *in,
data/pcp-5.2.2/src/external/jsonsl.c:1339:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *out,
data/pcp-5.2.2/src/external/jsonsl.c:1623:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char Escape_Equivs[0x100] = {
data/pcp-5.2.2/src/external/jsonsl.h:1002:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_t jsonsl_util_unescape_ex(const char *in,
data/pcp-5.2.2/src/external/jsonsl.h:1003:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *out,
data/pcp-5.2.2/src/external/sds.c:140:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, init, initlen);
data/pcp-5.2.2/src/external/sds.c:237:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)newsh+hdrlen, s, len+1);
data/pcp-5.2.2/src/external/sds.c:276:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)newsh+hdrlen, s, len+1);
data/pcp-5.2.2/src/external/sds.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+curlen, t, len);
data/pcp-5.2.2/src/external/sds.c:425:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, t, len);
data/pcp-5.2.2/src/external/sds.c:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SDS_LLSTR_SIZE];
data/pcp-5.2.2/src/external/sds.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticbuf[1024], *buf = staticbuf, *t;
data/pcp-5.2.2/src/external/sds.c:626:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+i,str,l);
data/pcp-5.2.2/src/external/sds.c:637:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SDS_LLSTR_SIZE];
data/pcp-5.2.2/src/external/sds.c:642:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+i,buf,l);
data/pcp-5.2.2/src/external/sds.c:654:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SDS_LLSTR_SIZE];
data/pcp-5.2.2/src/external/sds.c:659:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+i,buf,l);
data/pcp-5.2.2/src/external/sha1.c:52:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Transform(uint32_t state[5], const unsigned char buffer[64])
data/pcp-5.2.2/src/external/sha1.c:56:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[64];
data/pcp-5.2.2/src/external/sha1.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/pcp-5.2.2/src/external/sha1.c:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/pcp-5.2.2/src/external/sha1.c:145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/pcp-5.2.2/src/external/sha1.c:151:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
data/pcp-5.2.2/src/external/sha1.c:154:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8];
data/pcp-5.2.2/src/external/sha1.c:203:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20], buf[BUFSIZE];
data/pcp-5.2.2/src/external/sha1.h:13:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/pcp-5.2.2/src/external/sha1.h:16:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]);
data/pcp-5.2.2/src/external/sha1.h:19:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
data/pcp-5.2.2/src/external/sort_r.h:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *l[3];
data/pcp-5.2.2/src/find-filter/find-filter.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/pcp-5.2.2/src/include/pcp/libpcp.h:723:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ill_hostname[PM_LOG_MAXHOSTLEN];/* name of collection host */
data/pcp-5.2.2/src/include/pcp/libpcp.h:724:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ill_tz[PM_TZ_MAXLEN]; /* $TZ at collection host */
data/pcp-5.2.2/src/include/pcp/libpcp.h:938:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_hostname[PM_LOG_MAXHOSTLEN];
data/pcp-5.2.2/src/include/pcp/libpcp.h:940:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_fqdn[PM_LOG_MAXHOSTLEN];
data/pcp-5.2.2/src/include/pcp/libpcp.h:942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_tz[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/include/pcp/libpcp.h:944:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_tzlogger[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/include/pcp/mmv_dev.h:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char external[MMV_NAMEMAX]; /* External instance ID */
data/pcp-5.2.2/src/include/pcp/mmv_dev.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[MMV_STRINGMAX]; /* NULL terminated string */
data/pcp-5.2.2/src/include/pcp/mmv_dev.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[MMV_LABELMAX];
data/pcp-5.2.2/src/include/pcp/mmv_dev.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MMV_NAMEMAX];
data/pcp-5.2.2/src/include/pcp/mmv_dev.h:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4]; /* MMV\0 */
data/pcp-5.2.2/src/include/pcp/mmv_stats.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char external[MMV_NAMEMAX]; /* External instance ID */
data/pcp-5.2.2/src/include/pcp/mmv_stats.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MMV_NAMEMAX];
data/pcp-5.2.2/src/include/pcp/mmv_stats.h:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[MMV_LABELMAX];
data/pcp-5.2.2/src/include/pcp/pmapi.h:465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[1]; /* the value */
data/pcp-5.2.2/src/include/pcp/pmapi.h:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll_hostname[PM_LOG_MAXHOSTLEN]; /* name of collection host */
data/pcp-5.2.2/src/include/pcp/pmapi.h:647:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll_tz[PM_TZ_MAXLEN]; /* $TZ at collection host */
data/pcp-5.2.2/src/include/pcp/pmapi.h:748:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *inst[1]; /* array of instance names */
data/pcp-5.2.2/src/include/pcp/pmdaroot.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN]; /* max possible size */
data/pcp-5.2.2/src/include/pcp/pmdaroot.h:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPMDALEN]; /* in: process label */
data/pcp-5.2.2/src/include/pcp/pmdaroot.h:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[MAXPATHLEN]; /* in: process args */
data/pcp-5.2.2/src/include/pcp/pmtime.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0]; /* arbitrary length info (e.g. $TZ) */
data/pcp-5.2.2/src/libpcp/src/access.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char myhostname[MAXHOSTNAMELEN+1];
data/pcp-5.2.2/src/libpcp/src/access.c:546:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ip, "::");
data/pcp-5.2.2/src/libpcp/src/access.c:547:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mask, "::");
data/pcp-5.2.2/src/libpcp/src/access.c:625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rootPath[2];
data/pcp-5.2.2/src/libpcp/src/access.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN];
data/pcp-5.2.2/src/libpcp/src/access.c:667:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET6_ADDRSTRLEN];
data/pcp-5.2.2/src/libpcp/src/access.c:865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/access.c:903:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/pcp-5.2.2/src/libpcp/src/access.c:1021:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/pcp-5.2.2/src/libpcp/src/access.c:1380:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/access.c:1784:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/libpcp/src/access.c:1850:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/libpcp/src/accounts.c:54:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*uid = atoi(userid);
data/pcp-5.2.2/src/libpcp/src/accounts.c:60:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*gid = atoi(groupid);
data/pcp-5.2.2/src/libpcp/src/accounts.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/pcp-5.2.2/src/libpcp/src/accounts.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/pcp-5.2.2/src/libpcp/src/accounts.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/pcp-5.2.2/src/libpcp/src/accounts.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[512];
data/pcp-5.2.2/src/libpcp/src/accounts.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/pcp-5.2.2/src/libpcp/src/accounts.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grbuf[1024];
data/pcp-5.2.2/src/libpcp/src/accounts.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grbuf[1024];
data/pcp-5.2.2/src/libpcp/src/accounts.c:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pcp-5.2.2/src/libpcp/src/accounts.c:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pcp-5.2.2/src/libpcp/src/accounts.c:570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[128];
data/pcp-5.2.2/src/libpcp/src/accounts.c:605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET6_ADDRSTRLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:503:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:737:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:761:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:776:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:888:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s1, s2, sizeof(*s1));
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1098:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pmcd_socket[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->sockaddr.raw, ai->ai_addr, ai->ai_addrlen);
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NI_MAXHOST];
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1624:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxserver.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidpath[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/auxserver.c:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidpath[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/auxserver.c:299:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfile = fopen(pidpath, "w")) == NULL) {
data/pcp-5.2.2/src/libpcp/src/auxserver.c:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxserver.c:756:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/auxserver.c:792:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32], *namep;
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/pcp-5.2.2/src/libpcp/src/avahi.c:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/avahi.c:526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressString[AVAHI_ADDRESS_STR_MAX];
data/pcp-5.2.2/src/libpcp/src/config.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envbuf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/config.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envbuf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/config.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/config.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/config.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/config.c:324:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pcp_conf, "r")) == NULL) {
data/pcp-5.2.2/src/libpcp/src/config.c:473:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/proc/sys/net/ipv6/conf/all/disable_ipv6", "r");
data/pcp-5.2.2/src/libpcp/src/connect.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MY_BUFLEN];
data/pcp-5.2.2/src/libpcp/src/connect.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connect.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connect.c:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connect.c:421:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name = (const char *)hosts[0].name;
data/pcp-5.2.2/src/libpcp/src/connect.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connect.c:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connect.c:540:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configFileName[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:99:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile = fopen(configFileName, "r");
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:447:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:590:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:733:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostbuf[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/context.c:587:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:672:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list + *listsize, item, itemsize);
data/pcp-5.2.2/src/libpcp/src/context.c:719:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirname, current, length);
data/pcp-5.2.2/src/libpcp/src/context.c:1259:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:1345:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:1364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostspec[4096];
data/pcp-5.2.2/src/libpcp/src/context.c:1432:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newcon->c_instprof->profile, oldcon->c_instprof->profile,
data/pcp-5.2.2/src/libpcp/src/context.c:1444:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->instances, p->instances,
data/pcp-5.2.2/src/libpcp/src/context.c:1485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:1562:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:1607:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:1705:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/context.c:1738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/context.c:1856:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:720:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np->data.info->ivlist[0].value.l = atoi(np->value);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:723:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
np->data.info->ivlist[0].value.ul = atoi(np->value);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&np->data.info->ivlist[i].value.ll, (void *)rp->vset[j]->vlist[i].value.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1395:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&np->data.info->ivlist[i].value.f, (void *)rp->vset[j]->vlist[i].value.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1403:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&np->data.info->ivlist[i].value.d, (void *)rp->vset[j]->vlist[i].value.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1413:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)np->data.info->ivlist[i].value.cp, (void *)rp->vset[j]->vlist[i].value.pval->vbuf, need);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1426:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np->data.info->ivlist[i].value.vbp, (void *)rp->vset[j]->vlist[i].value.pval, rp->vset[j]->vlist[i].value.pval->vlen);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1515:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1904:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1908:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp, (void *)rp->vset[j]->vlist[i].value.pval, need);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1945:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&cp->mlist[m].expr->data.info->ivlist[i].value.ll, sizeof(__int64_t));
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1957:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&cp->mlist[m].expr->data.info->ivlist[i].value.f, sizeof(float));
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1969:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&cp->mlist[m].expr->data.info->ivlist[i].value.f, sizeof(double));
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1982:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, cp->mlist[m].expr->data.info->ivlist[i].value.cp, cp->mlist[m].expr->data.info->ivlist[i].vlen);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:1996:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp, cp->mlist[m].expr->data.info->ivlist[i].value.vbp, cp->mlist[m].expr->data.info->ivlist[i].vlen);
data/pcp-5.2.2/src/libpcp/src/derive_fetch.c:2006:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/desc.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/desc.c:123:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/discovery.c:197:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/err.c:355:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/events.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/events.c:92:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&atom.ll, (void *)vbuf, sizeof(atom.ll));
data/pcp-5.2.2/src/libpcp/src/events.c:96:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&atom.ull, (void *)vbuf, sizeof(atom.ull));
data/pcp-5.2.2/src/libpcp/src/events.c:100:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&atom.f, (void *)vbuf, sizeof(atom.f));
data/pcp-5.2.2/src/libpcp/src/events.c:104:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&atom.d, (void *)vbuf, sizeof(atom.d));
data/pcp-5.2.2/src/libpcp/src/events.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/events.c:171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
valend = &((char *)hreap)[length];
data/pcp-5.2.2/src/libpcp/src/events.c:186:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
valend = &((char *)eap)[length];
data/pcp-5.2.2/src/libpcp/src/events.c:287:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
valend = &((char *)hreap)[hreap->ea_len];
data/pcp-5.2.2/src/libpcp/src/events.c:299:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
valend = &((char *)eap)[eap->ea_len];
data/pcp-5.2.2/src/libpcp/src/events.c:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/events.c:449:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&vset->vlist[0].value.lval, (void *)vbuf, sizeof(__int32_t));
data/pcp-5.2.2/src/libpcp/src/events.c:486:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vset->vlist[0].value.pval->vbuf, (void *)vbuf, vsize);
data/pcp-5.2.2/src/libpcp/src/fault.c:89:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(fname, "r")) == NULL) {
data/pcp-5.2.2/src/libpcp/src/fault.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fault.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/pcp-5.2.2/src/libpcp/src/fault.c:183:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fault.c:195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fault.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fault.c:277:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/fault.c:278:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fetch.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/fetch.c:186:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fetch.c:219:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/fetchgroup.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buf[fmt_buf_size];
data/pcp-5.2.2/src/libpcp/src/fetchgroup.c:536:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buf[fmt_buf_size];
data/pcp-5.2.2/src/libpcp/src/fetchlocal.c:157:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/fetchlocal.c:158:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/freeresult.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/getopt.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:513:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fp = fopen(arg, "r")) == NULL) {
data/pcp-5.2.2/src/libpcp/src/getopt.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char archive[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:599:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(arg, "r");
data/pcp-5.2.2/src/libpcp/src/getopt.c:602:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:644:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/getopt.c:708:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/instance.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/instance.c:114:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/instance.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/instance.c:231:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/instance.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/instance.c:416:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/instance.c:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/interp.c:323:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)&vp->lval, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/interp.c:329:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)vp->pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/interp.c:334:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)vp->pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/interp.c:339:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)vp->pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/interp.c:344:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)vp->pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/interp.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:466:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/interp.c:679:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:1426:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:1533:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:1656:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/libpcp/src/interp.c:1658:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_next.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/libpcp/src/interp.c:1662:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/libpcp/src/interp.c:1668:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/libpcp/src/interp.c:1681:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.f, avp_prior, sizeof(av.f));
data/pcp-5.2.2/src/libpcp/src/interp.c:1683:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.f, avp_next, sizeof(av.f));
data/pcp-5.2.2/src/libpcp/src/interp.c:1689:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&av.f, sizeof(av.f));
data/pcp-5.2.2/src/libpcp/src/interp.c:1718:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/libpcp/src/interp.c:1720:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_next.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/libpcp/src/interp.c:1724:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/libpcp/src/interp.c:1730:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/libpcp/src/interp.c:1743:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.ll, avp_prior, sizeof(av.ll));
data/pcp-5.2.2/src/libpcp/src/interp.c:1745:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.ll, avp_next, sizeof(av.ll));
data/pcp-5.2.2/src/libpcp/src/interp.c:1754:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&av.ll, sizeof(av.ll));
data/pcp-5.2.2/src/libpcp/src/interp.c:1759:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.ull, avp_prior, sizeof(av.ull));
data/pcp-5.2.2/src/libpcp/src/interp.c:1761:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.ull, avp_next, sizeof(av.ull));
data/pcp-5.2.2/src/libpcp/src/interp.c:1831:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&av.ull, sizeof(av.ull));
data/pcp-5.2.2/src/libpcp/src/interp.c:1858:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/libpcp/src/interp.c:1860:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_next.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/libpcp/src/interp.c:1864:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/libpcp/src/interp.c:1870:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)icp->v_prior.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/libpcp/src/interp.c:1882:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.d, avp_prior, sizeof(av.d));
data/pcp-5.2.2/src/libpcp/src/interp.c:1884:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&av.d, avp_next, sizeof(av.d));
data/pcp-5.2.2/src/libpcp/src/interp.c:1889:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->vbuf, (void *)&av.d, sizeof(av.d));
data/pcp-5.2.2/src/libpcp/src/interp.c:1917:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp, icp->v_prior.pval, need);
data/pcp-5.2.2/src/libpcp/src/interp.c:2056:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/interp.c:2064:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/io.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/libpcp/src/io.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:201:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpname);
data/pcp-5.2.2/src/libpcp/src/io.c:204:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:213:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:219:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msg, O_RDWR|O_CREAT|O_EXCL, 0600);
data/pcp-5.2.2/src/libpcp/src/io.c:222:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:275:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:286:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:307:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:624:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/io.c:737:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuf[SBUFLEN] = { '\0' };
data/pcp-5.2.2/src/libpcp/src/io_stdio.c:29:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, mode)) == NULL)
data/pcp-5.2.2/src/libpcp/src/io_xz.c:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, &c->stats, sizeof(c->stats));
data/pcp-5.2.2/src/libpcp/src/io_xz.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[XZ_HEADER_MAGIC_LEN];
data/pcp-5.2.2/src/libpcp/src/io_xz.c:448:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xz->f = fopen(path, mode);
data/pcp-5.2.2/src/libpcp/src/io_xz.c:830:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p, n);
data/pcp-5.2.2/src/libpcp/src/ipc.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0]; /* opaque data (optional) */
data/pcp-5.2.2/src/libpcp/src/ipc.c:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, ipcentrysize - sizeof(__pmIPC));
data/pcp-5.2.2/src/libpcp/src/ipc.c:337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, source, ipcentrysize - sizeof(__pmIPC));
data/pcp-5.2.2/src/libpcp/src/labels.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, source, sizeof(pmLabelSet));
data/pcp-5.2.2/src/libpcp/src/labels.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target->labels, source->labels, size);
data/pcp-5.2.2/src/libpcp/src/labels.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:285:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp, lsp ? output : input, bytes);
data/pcp-5.2.2/src/libpcp/src/labels.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:367:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp, labels, nlabels * sizeof(pmLabel));
data/pcp-5.2.2/src/libpcp/src/labels.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flbuf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:929:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[PM_MAXLABELJSONLEN], bbuf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:976:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:989:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buffer, sts);
data/pcp-5.2.2/src/libpcp/src/labels.c:990:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blabels, olabels, nlabels * sizeof(pmLabel));
data/pcp-5.2.2/src/libpcp/src/labels.c:1031:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1041:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buffer, bytes);
data/pcp-5.2.2/src/libpcp/src/labels.c:1055:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1059:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(lf, "r")) != NULL) {
data/pcp-5.2.2/src/libpcp/src/labels.c:1074:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *p;
data/pcp-5.2.2/src/libpcp/src/labels.c:1191:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/libpcp/src/labels.c:1222:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[SHA256_BLOCK_SIZE];
data/pcp-5.2.2/src/libpcp/src/labels.c:1244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[MAXDOMAINNAMELEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machineid[MAXMACHINEIDLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/labels.c:1563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[64], fbuf[32];
data/pcp-5.2.2/src/libpcp/src/lock.c:120:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char locknamebuf[30];
data/pcp-5.2.2/src/libpcp/src/lock.c:230:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/lock.c:292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/lock.c:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/lock.c:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logconnect.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char home[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logconnect.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket_path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logconnect.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logconnect.c:309:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logconnect.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logconnect.c:398:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:169:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:787:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:955:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)labelsets[i].json, (void *)&tbuf[k], jsonlen);
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0]; /* will be expanded */
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0]; /* inst[] then stridx[] then strings */
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char match[PROCFS_ENTRY_SIZE];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:125:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(match, "primary");
data/pcp-5.2.2/src/libpcp/src/logportmap.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:202:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pfile = fopen(namebuf, "r")) == NULL) {
data/pcp-5.2.2/src/libpcp/src/logportmap.c:203:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logportmap.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhost[MAXHOSTNAMELEN+1];
data/pcp-5.2.2/src/libpcp/src/logutil.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:432:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:534:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:816:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:933:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1198:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1218:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1727:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:1841:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:2168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/logutil.c:2169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/logutil.c:2483:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp->ll_hostname, rlp->ill_hostname, PM_LOG_MAXHOSTLEN);
data/pcp-5.2.2/src/libpcp/src/optfetch.c:296:32: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_NEW) strcat(sbuf, "NEW ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:297:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_PMID) strcat(sbuf, "PMID ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:298:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_PROFILE) strcat(sbuf, "PROFILE ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:299:33: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_XREQ) strcat(sbuf, "XREQ ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:300:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_XPMID) strcat(sbuf, "XPMID ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:301:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_XINDOM) strcat(sbuf, "XINDOM ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:302:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_XFETCH) strcat(sbuf, "XFETCH ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:303:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (state & OPT_STATE_XPROFILE) strcat(sbuf, "XPROFILE ");
data/pcp-5.2.2/src/libpcp/src/optfetch.c:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/optfetch.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[100];
data/pcp-5.2.2/src/libpcp/src/optfetch.c:441:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[100];
data/pcp-5.2.2/src/libpcp/src/optfetch.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[100];
data/pcp-5.2.2/src/libpcp/src/p_attr.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[sizeof(int)];
data/pcp-5.2.2/src/libpcp/src/p_attr.c:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pp->value, value, length);
data/pcp-5.2.2/src/libpcp/src/p_attr.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LIMIT_ATTR_PDU];
data/pcp-5.2.2/src/libpcp/src/p_attr.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LIMIT_ATTR_PDU];
data/pcp-5.2.2/src/libpcp/src/p_desc.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/p_instance.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(int)]; /* may be missing */
data/pcp-5.2.2/src/libpcp/src/p_instance.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)pp->name, (void *)name, pp->namelen);
data/pcp-5.2.2/src/libpcp/src/p_instance.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(int)]; /* may be missing */
data/pcp-5.2.2/src/libpcp/src/p_instance.c:165:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)ip->name, (void *)result->namelist[i], ip->namelen);
data/pcp-5.2.2/src/libpcp/src/p_instance.c:261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)p, (void *)ip->name, ip->namelen);
data/pcp-5.2.2/src/libpcp/src/p_label.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, id[32];
data/pcp-5.2.2/src/libpcp/src/p_label.c:82:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ",compound");
data/pcp-5.2.2/src/libpcp/src/p_label.c:84:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ",optional");
data/pcp-5.2.2/src/libpcp/src/p_label.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp/src/p_label.c:286:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)pp + json_offset, sets[i].json, sets[i].jsonlen);
data/pcp-5.2.2/src/libpcp/src/p_label.c:409:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(json, (char *)label_pdu + jsonoff, jsonlen);
data/pcp-5.2.2/src/libpcp/src/p_lstatus.c:52:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pp->status, status, sizeof(__pmLoggerStatus));
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__pmPDU)]; /* variable length */
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(__pmPDU)]; /* variable length */
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:243:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nt->name, namelist[i], namelen);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:262:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nst->name, namelist[i], namelen);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:369:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, np->name, namelen);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:396:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, np->name, namelen);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(int)];
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:468:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nreq->name[0], name, namelen);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:508:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, namereq_pdu->name, namelen);
data/pcp-5.2.2/src/libpcp/src/p_result.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vbp, (void *)vsp->vlist[j].value.pval, nb);
data/pcp-5.2.2/src/libpcp/src/p_result.c:274:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/p_result.c:413:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&newbuf[nvsize], (void *)&pp->data[index], vbsize);
data/pcp-5.2.2/src/libpcp/src/p_result.c:432:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/p_text.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(int)]; /* desired text */
data/pcp-5.2.2/src/libpcp/src/p_text.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)pp->buffer, (void *)buffer, len);
data/pcp-5.2.2/src/libpcp/src/pdu.c:242:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pdu.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pdu.c:328:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[20];
data/pcp-5.2.2/src/libpcp/src/pdu.c:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pdu.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pdu.c:474:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pdu.c:553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pdu.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char linebuf[256];
data/pcp-5.2.2/src/libpcp/src/pmns.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[256];
data/pcp-5.2.2/src/libpcp/src/pmns.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tokbuf[256];
data/pcp-5.2.2/src/libpcp/src/pmns.c:251:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char locerr[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:343:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:572:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(fname, "r")) == NULL)
data/pcp-5.2.2/src/libpcp/src/pmns.c:851:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[nch], xp->name, xl);
data/pcp-5.2.2/src/libpcp/src/pmns.c:886:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1280:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1367:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char repname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1852:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1908:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1947:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1948:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1978:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1985:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:1993:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:2390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:2424:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/pmns.c:2702:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((tmp_new = (char **)realloc(tmp, n * sizeof(tmp[0]))) == NULL) {
data/pcp-5.2.2/src/libpcp/src/pmns.c:2794:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((tmp = (char **)malloc(sizeof(tmp[0]))) == NULL) {
data/pcp-5.2.2/src/libpcp/src/pmns.c:2883:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*namelist = (char **)malloc(*sz_namelist * sizeof((*namelist)[0]));
data/pcp-5.2.2/src/libpcp/src/pmns.c:2892:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
namelist_new = (char **)realloc(*namelist, *sz_namelist * sizeof((*namelist)[0]));
data/pcp-5.2.2/src/libpcp/src/pmns.c:3174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/profile.c:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)list, (void *)arg, arg_len * sizeof(int));
data/pcp-5.2.2/src/libpcp/src/profile.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/profile.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/profile.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nssdb[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:388:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fingerprint[SHA1_LENGTH] = { 0 };
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:602:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *value, phrase[256];
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:659:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(console, "r");
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:664:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(console, "w");
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:795:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *value, message[512];
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1059:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *payload, buffer[LIMIT_AUTH_PDU];
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + method_length + 1, payload, length);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database_path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/secureserver.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert_nickname[MAX_CERT_NAME_LENGTH];
data/pcp-5.2.2/src/libpcp/src/secureserver.c:123:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(filename, "r")) == NULL)
data/pcp-5.2.2/src/libpcp/src/secureserver.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passfile[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/secureserver.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[256];
data/pcp-5.2.2/src/libpcp/src/secureserver.c:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN]; /* Discovery script path */
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128]; /* optional individual command */
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[256];
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/spec.c:375:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(portlist, specp->ports, sizeof(int) * specp->nports);
data/pcp-5.2.2/src/libpcp/src/spec.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&portlist[specp->nports], ports, sizeof(int) * nports);
data/pcp-5.2.2/src/libpcp/src/spec.c:471:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(start);
data/pcp-5.2.2/src/libpcp/src/spec.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char absolute_path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp/src/spec.c:648:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/spec.c:845:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32]; /* must be large enough to hold largest attr name */
data/pcp-5.2.2/src/libpcp/src/spec.c:1011:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; /* must be sufficient to hold any key name (above) */
data/pcp-5.2.2/src/libpcp/src/store.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp/src/store.c:137:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/stuffvalue.c:251:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->value.pval->vbuf, (void *)src, body);
data/pcp-5.2.2/src/libpcp/src/subnetprobe.c:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, addressString, len - 1);
data/pcp-5.2.2/src/libpcp/src/tz.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzoffset[6]; /* +1200\0 */
data/pcp-5.2.2/src/libpcp/src/tz.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[256], tzoff[64];
data/pcp-5.2.2/src/libpcp/src/tz.c:403:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(envtz, "TZ=");
data/pcp-5.2.2/src/libpcp/src/tz.c:408:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(envtz, "+0");
data/pcp-5.2.2/src/libpcp/src/tz.c:442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/libpcp/src/tz.c:550:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, tmp, sizeof(*result));
data/pcp-5.2.2/src/libpcp/src/tz.c:564:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, tmp, sizeof(*result));
data/pcp-5.2.2/src/libpcp/src/units.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[40];
data/pcp-5.2.2/src/libpcp/src/units.c:145:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char abuf[80];
data/pcp-5.2.2/src/libpcp/src/units.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[20];
data/pcp-5.2.2/src/libpcp/src/units.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[20];
data/pcp-5.2.2/src/libpcp/src/units.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[20];
data/pcp-5.2.2/src/libpcp/src/units.c:333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ubuf[60];
data/pcp-5.2.2/src/libpcp/src/units.c:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[80];
data/pcp-5.2.2/src/libpcp/src/units.c:567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/units.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/pcp-5.2.2/src/libpcp/src/units.c:584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[80];
data/pcp-5.2.2/src/libpcp/src/units.c:740:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &av.ll, avp, sizeof(av.ll));
data/pcp-5.2.2/src/libpcp/src/units.c:786:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &av.ull, avp, sizeof(av.ull));
data/pcp-5.2.2/src/libpcp/src/units.c:849:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &av.d, avp, sizeof(av.d));
data/pcp-5.2.2/src/libpcp/src/units.c:910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &av.f, avp, sizeof(av.f));
data/pcp-5.2.2/src/libpcp/src/units.c:990:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oval->cp, ival->value.pval->vbuf, len);
data/pcp-5.2.2/src/libpcp/src/units.c:1033:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oval->vbp, ival->value.pval, len);
data/pcp-5.2.2/src/libpcp/src/units.c:1048:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct_buf[26];
data/pcp-5.2.2/src/libpcp/src/util.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syslogmsg[2048];
data/pcp-5.2.2/src/libpcp/src/util.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/util.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct_buf[26];
data/pcp-5.2.2/src/libpcp/src/util.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct_buf[26];
data/pcp-5.2.2/src/libpcp/src/util.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:466:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char idbuf[20];
data/pcp-5.2.2/src/libpcp/src/util.c:486:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char indombuf[20];
data/pcp-5.2.2/src/libpcp/src/util.c:533:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[8];
data/pcp-5.2.2/src/libpcp/src/util.c:554:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
return strcpy(buf, "missed");
data/pcp-5.2.2/src/libpcp/src/util.c:559:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "point");
data/pcp-5.2.2/src/libpcp/src/util.c:563:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "start");
data/pcp-5.2.2/src/libpcp/src/util.c:567:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "end");
data/pcp-5.2.2/src/libpcp/src/util.c:571:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "id");
data/pcp-5.2.2/src/libpcp/src/util.c:575:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "parent");
data/pcp-5.2.2/src/libpcp/src/util.c:583:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ebuf[64];
data/pcp-5.2.2/src/libpcp/src/util.c:728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp/src/util.c:1028:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)val->value.pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/util.c:1035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)val->value.pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/util.c:1052:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&tmp, (void *)val->value.pval->vbuf, sizeof(tmp));
data/pcp-5.2.2/src/libpcp/src/util.c:1144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:1304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[60];
data/pcp-5.2.2/src/libpcp/src/util.c:1590:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:1717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:1730:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((eptr = fopen(filename, "a")) == NULL) {
data/pcp-5.2.2/src/libpcp/src/util.c:1849:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp/src/util.c:1889:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:1905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:1932:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pmvb->vbuf, ") ");
data/pcp-5.2.2/src/libpcp/src/util.c:2028:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN], *p;
data/pcp-5.2.2/src/libpcp/src/util.c:2054:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/etc/defaultdomain", "r");
data/pcp-5.2.2/src/libpcp/src/util.c:2055:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[MAXDOMAINNAMELEN];
data/pcp-5.2.2/src/libpcp/src/util.c:2072:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/etc/machine-id", "r");
data/pcp-5.2.2/src/libpcp/src/util.c:2073:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[MAXMACHINEIDLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:2165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp->d_name, dp->d_name, strlen(dp->d_name)+1);
data/pcp-5.2.2/src/libpcp/src/util.c:2547:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_buf[PROCFS_PATH_SIZE];
data/pcp-5.2.2/src/libpcp/src/util.c:2666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/util.c:2752:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *call_fn[MAX_DEPTH];
data/pcp-5.2.2/src/libpcp/src/util.c:2753:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names[MAX_DEPTH][MAX_SIZE];
data/pcp-5.2.2/src/libpcp/src/win32.c:75:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[8];
data/pcp-5.2.2/src/libpcp/src/win32.c:80:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "SIGHUP");
data/pcp-5.2.2/src/libpcp/src/win32.c:84:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "SIGUSR1");
data/pcp-5.2.2/src/libpcp/src/win32.c:88:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "SIGTERM");
data/pcp-5.2.2/src/libpcp/src/win32.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *signame, evname[64];
data/pcp-5.2.2/src/libpcp/src/win32.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/win32.c:472:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/win32.c:537:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp/src/win32.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logmsg[2048];
data/pcp-5.2.2/src/libpcp_gui/src/record.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[MAXPATHLEN]; /* used for mktemp(), messages, ... */
data/pcp-5.2.2/src/libpcp_gui/src/record.c:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_gui/src/record.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foliopath[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_gui/src/record.c:100:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f_folio = fopen(folio, "w")) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:126:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tbuf, "XXXXXX");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:129:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tbuf)) < 0) {
data/pcp-5.2.2/src/libpcp_gui/src/record.c:139:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(tbuf, O_CREAT | O_EXCL | O_RDWR, 0600)) < 0) {
data/pcp-5.2.2/src/libpcp_gui/src/record.c:180:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_replay = fopen("/dev/null", "r");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:308:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tbuf, ".config");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:315:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ".config");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:332:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rp->public.f_config = fopen(tbuf, "w")) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:349:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rp->logfile, ".log");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:354:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rp->config, ".config");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:539:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loggerpath[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_gui/src/record.c:540:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdnum[4];
data/pcp-5.2.2/src/libpcp_gui/src/timeclient.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portname[32];
data/pcp-5.2.2/src/libpcp_gui/src/timeclient.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/libpcp_gui/src/timestate.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/libpcp_import/src/archive.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_import/src/archive.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzbuf[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/libpcp_import/src/import.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_import/src/import.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_import/src/import.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_import/src/import.c:217:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg[PMI_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_import/src/import.c:910:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_import/src/stuff.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)vp->value.pval->vbuf, data, dsize);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:65:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0644);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:617:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lblist[i].payload, lb[i].payload, MMV_LABELMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1031:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MMV_LABELMAX];
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1057:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(label[registry->nlabels].payload, buffer, buflen);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1074:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MMV_LABELMAX];
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(label[registry->nlabels].payload, buffer, buflen);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MMV_LABELMAX];
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1143:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(label[registry->nlabels].payload, buffer, buflen);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MMV_LABELMAX];
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(label[registry->nlabels].payload, buffer, buflen);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1226:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) < 0)
data/pcp-5.2.2/src/libpcp_pmcd/src/trace.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:671:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:751:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* input line buffer, is this big enough? */
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:755:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:768:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:929:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")) == NULL)
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1031:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1037:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->key, key, keylen);
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1095:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:47:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:150:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:167:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:516:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:722:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[32];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[32], *idp;
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:803:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:938:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:939:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:968:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:969:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:1043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/src/libpcp_pmda/src/dynamic.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtab, fixed, total * sizeof(pmdaMetric));
data/pcp-5.2.2/src/libpcp_pmda/src/events.c:336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(bp->bptr + sizeof(pmEventParameter)), src, vlen);
data/pcp-5.2.2/src/libpcp_pmda/src/help.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/help.c:75:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hp->dir_fd = open(pathname, O_RDONLY);
data/pcp-5.2.2/src/libpcp_pmda/src/help.c:104:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hp->pag_fd = open(pathname, O_RDONLY);
data/pcp-5.2.2/src/libpcp_pmda/src/mainloop.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/mainloop.c:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[128];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:508:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:717:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:718:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st2buf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:729:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[20];
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:214:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(iofds))];
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ioptr, iofds, sizeof(iofds));
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:278:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(iofds))];
data/pcp-5.2.2/src/libpcp_pmda/src/queues.c:238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(event->buffer, data, bytes);
data/pcp-5.2.2/src/libpcp_pmda/src/queues.c:239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&event->time, tv, sizeof(*tv));
data/pcp-5.2.2/src/libpcp_pmda/src/queues.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[64];
data/pcp-5.2.2/src/libpcp_pmda/src/queues.c:495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, buffer, minsize);
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socketpath[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[sizeof(__pmdaRootPDUContainer) + MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[sizeof(__pmdaRootPDUContainer)];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[sizeof(__pmdaRootPDUContainer) + MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[sizeof(__pmdaRootPDUStart) + MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[sizeof(__pmdaRootPDUStop)];
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[sizeof(__pmdaRootPDUStop)];
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:190:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[32];
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:202:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[16];
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[8];
data/pcp-5.2.2/src/libpcp_qed/src/qed_console.cpp:42:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/libpcp_qed/src/qed_console.cpp:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/libpcp_qed/src/qed_fileiconprovider.cpp:102:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/pcp-5.2.2/src/libpcp_qed/src/qed_fileiconprovider.cpp:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[9];
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:54:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:57:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case StartState: strcpy(buf, "Start"); break;
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:58:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case ForwardState: strcpy(buf, "Forward"); break;
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:59:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case BackwardState: strcpy(buf, "Backward"); break;
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:60:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case EndLogState: strcpy(buf, "EndLog"); break;
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:61:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case StandbyState: strcpy(buf, "Standby"); break;
data/pcp-5.2.2/src/libpcp_qed/src/qed_groupcontrol.cpp:62:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(buf, "Dodgey"); break;
data/pcp-5.2.2/src/libpcp_qed/src/qed_recorddialog.cpp:112:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!folio.open(QIODevice::WriteOnly)) {
data/pcp-5.2.2/src/libpcp_qed/src/qed_recorddialog.cpp:148:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!config.open(QIODevice::WriteOnly)) {
data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet, msg, msg->length);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_desc.cpp:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[20], tbuf[20], cbuf[20];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_desc.cpp:81:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:573:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:577:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " inf?");
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:589:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " 0.00 ");
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:593:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " -inf?");
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:605:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " 0.00 ");
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_metric.cpp:902:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_source.cpp:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[32], datebuf[32], *ddmm, *year;
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_source.cpp:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring[32];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delta[64];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:169:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:174:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "magic: TIME");
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:176:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "magic: %d?", packet->magic);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:179:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " length: %u", packet->length);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:213:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " command: %d bogus?", packet->command);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:231:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " source: %d bogus?", packet->source);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:249:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " state: %d bogus?", packet->state);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:267:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " mode: %d bogus?", packet->mode);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:272:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " delta: %ld.%06ld", (long)packet->delta.tv_sec, (long)packet->delta.tv_usec);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:275:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " position: %ld.%06ld", (long)packet->position.tv_sec, (long)packet->position.tv_usec);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:278:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " start: %ld.%06ld", (long)packet->start.tv_sec, (long)packet->start.tv_usec);
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.cpp:281:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, " data[]: %d bytes", (int)(sizeof(QmcTime::Packet) - packet->length));
data/pcp-5.2.2/src/libpcp_qmc/src/qmc_time.h:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[0]; // arbitrary length (e.g. $TZ)
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_clipper.cpp:150:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( m_buffer, points, m_size * sizeof( Point ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_clipper.cpp:234:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( p.data(), points1.data(), points1.size() * sizeof( Point ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_painter.cpp:484:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( polygon.data(), points, pointCount * sizeof( QPointF ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_painter.cpp:533:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( polygon.data(), points, pointCount * sizeof( QPoint ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_intervalcurve.cpp:455:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( p.data(), points, size * sizeof( QPointF ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_plot_intervalcurve.cpp:460:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( p.data(), points + size, size * sizeof( QPointF ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_data.cpp:41:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( d_x.data(), x, size * sizeof( double ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_point_data.cpp:44:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy( d_y.data(), y, size * sizeof( double ) );
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h:164:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double open;
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h:189:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open( o ),
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h:210:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& ( open >= low )
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h:211:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& ( open <= high )
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h:226:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double minY = open;
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_samples.h:231:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
double maxY = open;
data/pcp-5.2.2/src/libpcp_trace/src/hash.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash->ent, entry, t->esize);
data/pcp-5.2.2/src/libpcp_trace/src/p_data.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)cp, (void *)&data, sizeof(double));
data/pcp-5.2.2/src/libpcp_trace/src/p_data.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)data, (void *)cp, sizeof(double));
data/pcp-5.2.2/src/libpcp_trace/src/pdu.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/config.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:396:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:613:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:662:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:686:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[32];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], inbuf[32];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:809:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], idbuf[64];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:926:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:951:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:952:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *host, hostname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1006:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1247:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[64], bufs[64];
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1324:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p->fd = open(metaname, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:54:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pointer_final[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/libpcp_web/src/load.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/load.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN], idbuf[64];
data/pcp-5.2.2/src/libpcp_web/src/load.c:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[64];
data/pcp-5.2.2/src/libpcp_web/src/load.c:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/load.c:644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/load.c:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/load.c:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/libpcp_web/src/load.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/load.c:1137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN], idbuf[64];
data/pcp-5.2.2/src/libpcp_web/src/load.h:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[20]; /* SHA1 of external series name */
data/pcp-5.2.2/src/libpcp_web/src/load.h:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20]; /* SHA1 of intrinsic metadata */
data/pcp-5.2.2/src/libpcp_web/src/load.h:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hostid[20]; /* SHA1 of host identifier */
data/pcp-5.2.2/src/libpcp_web/src/load.h:70:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nameid[20];
data/pcp-5.2.2/src/libpcp_web/src/load.h:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char valueid[20];
data/pcp-5.2.2/src/libpcp_web/src/net.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128] = { 0 };
data/pcp-5.2.2/src/libpcp_web/src/net.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _port[6]; /* strlen("65535"); */
data/pcp-5.2.2/src/libpcp_web/src/net.c:354:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->timeout, timeout, sizeof(struct timeval));
data/pcp-5.2.2/src/libpcp_web/src/net.c:404:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/libpcp_web/src/net.c:427:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/libpcp_web/src/net.c:439:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->saddr, p->ai_addr, p->ai_addrlen);
data/pcp-5.2.2/src/libpcp_web/src/net.c:477:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/libpcp_web/src/net.c:523:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->timeout, timeout, sizeof(struct timeval));
data/pcp-5.2.2/src/libpcp_web/src/query.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/query.c:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:695:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(series, reply->str, SHA1SZ);
data/pcp-5.2.2/src/libpcp_web/src/query.c:758:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved, cp, SHA1SZ);
data/pcp-5.2.2/src/libpcp_web/src/query.c:769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:835:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved, cp, SHA1SZ);
data/pcp-5.2.2/src/libpcp_web/src/query.c:845:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, small, need * SHA1SZ);
data/pcp-5.2.2/src/libpcp_web/src/query.c:852:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:916:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1075:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1125:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64], revbuf[64];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:1977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64], revbuf[64];
data/pcp-5.2.2/src/libpcp_web/src/query.c:2317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:2610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *errmsg, str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:2705:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:2772:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:2858:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:2950:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:3018:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:3330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:3696:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_val[256];
data/pcp-5.2.2/src/libpcp_web/src/query.c:3746:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/query.c:3821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:4141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:4355:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/query.c:4356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[42];
data/pcp-5.2.2/src/libpcp_web/src/query.c:5012:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/query.c:5030:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *endptr, tuple[3] = {0};
data/pcp-5.2.2/src/libpcp_web/src/redis.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->errstr, str, len);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[8], sbuf[128];
data/pcp-5.2.2/src/libpcp_web/src/redis.c:330:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[326], *eptr;
data/pcp-5.2.2/src/libpcp_web/src/redis.c:339:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,p,len);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:821:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, len);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:904:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply->str, str, len);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:965:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->errstr, str, len);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024*16];
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, src, sizeof(*dup));
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1538:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cb, source, sizeof(*cb));
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1563:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target,cb,sizeof(*cb));
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1741:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstcb, dictGetVal(de), sizeof(*dstcb));
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/redis.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[128]; /* string representation of error */
data/pcp-5.2.2/src/libpcp_web/src/redis.h:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[128]; /* string representation of error */
data/pcp-5.2.2/src/libpcp_web/src/schema.c:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhashbuf[42], hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namehash[42], valhash[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:687:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:724:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:737:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[32], pbuf[32], sbuf[20], tbuf[20], ubuf[60];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:892:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:1003:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[40+1];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:1210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/schema.c:1282:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = (unsigned int)atoi(reply->str);
data/pcp-5.2.2/src/libpcp_web/src/schema.h:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + offset + 5, sha, 20);
data/pcp-5.2.2/src/libpcp_web/src/search.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/pcp-5.2.2/src/libpcp_web/src/search.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/pcp-5.2.2/src/libpcp_web/src/search.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64] = {0};
data/pcp-5.2.2/src/libpcp_web/src/search.c:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/search.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indom[64] = {0}, **metrics, *oneline, *helptext;
data/pcp-5.2.2/src/libpcp_web/src/search.c:520:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result.type = atoi(payload->str);
data/pcp-5.2.2/src/libpcp_web/src/search.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/search.c:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/search.c:861:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/search.c:1045:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
resultcount = atoi(resultcount_str);
data/pcp-5.2.2/src/libpcp_web/src/slots.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/ssl.c:141:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[512];
data/pcp-5.2.2/src/libpcp_web/src/util.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[42];
data/pcp-5.2.2/src/libpcp_web/src/util.c:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labels[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sem[32], type[32], units[64];
data/pcp-5.2.2/src/libpcp_web/src/util.c:561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:602:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labels[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/util.c:684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[42];
data/pcp-5.2.2/src/libpcp_web/src/util.c:792:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:848:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/util.c:944:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup->labels, lp->labels, sizeof(pmLabel) * lp->nlabels);
data/pcp-5.2.2/src/libpcp_web/src/util.c:955:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN], buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/util.c:1097:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN], buffer[64], **namelist = NULL;
data/pcp-5.2.2/src/libpcp_web/src/util.c:1251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **names, errmsg[PM_MAXERRMSGLEN], buffer[64];
data/pcp-5.2.2/src/libpcp_web/src/util.c:1286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, buf[512];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:947:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (instance->inst == atoi(ids[i]))
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:1034:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:1117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:1466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN], *error;
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:1720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:1802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:2004:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(ids[i]);
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:2050:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/newhelp/newhelp.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAXPATHLEN];
data/pcp-5.2.2/src/newhelp/newhelp.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXENTRY+MAXLINE];
data/pcp-5.2.2/src/newhelp/newhelp.c:336:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((inf = fopen(filename, "r")) == NULL) {
data/pcp-5.2.2/src/newhelp/newhelp.c:356:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(pathname, "w")) == NULL) {
data/pcp-5.2.2/src/newhelp/newhelp.c:441:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(pathname, "w")) == NULL) {
data/pcp-5.2.2/src/pcp/atop/atop.c:147:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flaglist[MAXFL];
data/pcp-5.2.2/src/pcp/atop/atop.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pcp/atop/atop.c:391:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
linelen = atoi(opts.optarg);
data/pcp-5.2.2/src/pcp/atop/atop.c:421:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((opts.samples = atoi(arg)) < 1)
data/pcp-5.2.2/src/pcp/atop/atop.c:831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[256], tagname[20], tagvalue[256];
data/pcp-5.2.2/src/pcp/atop/atop.c:833:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) != NULL)
data/pcp-5.2.2/src/pcp/atop/atop.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodename[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pcp/atop/atop.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char release[72];
data/pcp-5.2.2/src/pcp/atop/atop.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[72];
data/pcp-5.2.2/src/pcp/atop/atop.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[72];
data/pcp-5.2.2/src/pcp/atop/atopsar.c:179:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
summarycnt = atoi(opts.optarg);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:265:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((opts.samples = atoi(arg)) < 1)
data/pcp-5.2.2/src/pcp/atop/atopsar.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[16], datebuf[16];
data/pcp-5.2.2/src/pcp/atop/atopsar.c:578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[16], datebuf[16];
data/pcp-5.2.2/src/pcp/atop/atopsar.c:846:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdate[16];
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt1[16], fmt2[16];
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1236:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fmt1, "N/A");
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1242:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fmt2, "N/A");
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char busyval[16], dupval;
data/pcp-5.2.2/src/pcp/atop/deviate.c:846:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dev->intf.intf[i],
data/pcp-5.2.2/src/pcp/atop/ifprop.h:3:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXINTNM]; /* name of interface */
data/pcp-5.2.2/src/pcp/atop/parseable.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[32], timestr[32], header[256];
data/pcp-5.2.2/src/pcp/atop/photoproc.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PNAMLEN+1];/* process name string */
data/pcp-5.2.2/src/pcp/atop/photoproc.h:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[CMDLEN+1];/* command-line string */
data/pcp-5.2.2/src/pcp/atop/photoproc.h:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char container[CLEN];/* Docker container id (12 pos) */
data/pcp-5.2.2/src/pcp/atop/photoproc.h:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfuture[3]; //
data/pcp-5.2.2/src/pcp/atop/photosyst.h:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXDKNAM]; /* empty string for last */
data/pcp-5.2.2/src/pcp/atop/photosyst.h:143:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXIFNAM]; /* empty string for last */
data/pcp-5.2.2/src/pcp/atop/photosyst.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mountdev[MAXMNTNAME]; /* mountdevice */
data/pcp-5.2.2/src/pcp/atop/photosyst.h:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char future[3];
data/pcp-5.2.2/src/pcp/atop/photosyst.h:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAXGPUTYPE+1]; // GPU type
data/pcp-5.2.2/src/pcp/atop/photosyst.h:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char busid[MAXGPUBUS+1]; // GPU bus identification
data/pcp-5.2.2/src/pcp/atop/photosyst.h:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibname[MAXIBNAME]; // InfiniBand controller
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format1[16], format2[16], branchtime[32];
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[34];
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1323:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(procsel.username);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numval[16];
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2399:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval = atol(numval);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2961:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
procsel.userid[0] = atoi(procsel.username);
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[256];
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progname[64];
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argname[64];
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char container[16];
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lvmname[64]; // logical volume selection
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dskname[64]; // disk selection
data/pcp-5.2.2/src/pcp/atop/showgeneric.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itfname[64]; // network interface selection
data/pcp-5.2.2/src/pcp/atop/showlinux.c:510:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[n+1];
data/pcp-5.2.2/src/pcp/atop/showlinux.c:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[64];
data/pcp-5.2.2/src/pcp/atop/showlinux.c:587:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[n+1];
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[300], *p = format;
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMPID, sizeof FORMPID -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMTID, sizeof FORMTID -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMCID, sizeof FORMCID -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMCPU, sizeof FORMCPU -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1195:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMMEM, sizeof FORMMEM -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMDSK, sizeof FORMDSK -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1206:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMNET, sizeof FORMNET -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1210:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMMSC, sizeof FORMMSC -1);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FORMEND, sizeof FORMEND);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:1945:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format1[8], format2[8], format3[8], format4[8], format5[8];
data/pcp-5.2.2/src/pcp/atop/showlinux.c:2379:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int value = atoi(val);
data/pcp-5.2.2/src/pcp/atop/showprocs.c:214:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagindic[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:224:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsz+2]; // long live dynamically sized auto arrays...
data/pcp-5.2.2/src/pcp/atop/showprocs.c:402:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:417:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:426:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:441:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:450:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:462:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:471:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:483:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:501:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:514:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:530:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:542:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:554:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:572:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:590:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:602:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:614:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:632:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:650:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:668:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:689:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:707:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:725:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:743:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:761:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:770:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="<";
data/pcp-5.2.2/src/pcp/atop/showprocs.c:771:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpbuf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:784:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:804:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:830:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:856:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:882:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:885:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grname[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:907:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:910:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grname[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:938:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:941:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grname[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:969:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:972:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grname[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1000:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[11];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1005:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "----/--/--");
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1016:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1021:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "--:--:--");
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1032:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[11];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1034:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " active ");
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1042:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[11];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1047:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "----/--/--");
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1058:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1060:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " active ");
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1068:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1073:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "--:--:--");
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1084:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1102:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1120:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1138:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1196:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1214:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1232:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1250:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1268:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3]="--";
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1283:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1318:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1335:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2]="E";
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1358:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[CMDLEN+1];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1385:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1397:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1415:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1435:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1453:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1471:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1483:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1500:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1514:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1532:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1544:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1560:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1574:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1592:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1604:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1621:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1635:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1654:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1666:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1682:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1696:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1715:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1728:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1745:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1757:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1773:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1785:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1802:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1814:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1859:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1860:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64], *p=tmp;
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1897:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1912:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1931:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1949:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:279:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="sys ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:290:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="user ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:301:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="#proc ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:312:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15]="#trun ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:323:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="#tslpi ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:334:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="#tslpu ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:345:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="#zombie ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:365:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="#exit ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:419:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:438:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:458:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:478:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:494:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:510:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:530:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:551:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:572:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:588:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:606:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "avgf ");
data/pcp-5.2.2/src/pcp/atop/showsys.c:611:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "curf ");
data/pcp-5.2.2/src/pcp/atop/showsys.c:616:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "curf ?MHz");
data/pcp-5.2.2/src/pcp/atop/showsys.c:654:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "avgscal ");
data/pcp-5.2.2/src/pcp/atop/showsys.c:659:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "curscal ");
data/pcp-5.2.2/src/pcp/atop/showsys.c:664:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "curscal ?%");
data/pcp-5.2.2/src/pcp/atop/showsys.c:675:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:692:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:712:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:729:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:748:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:767:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:787:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:806:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:824:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showsys.c:856:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/pcp-5.2.2/src/pcp/atop/showsys.c:890:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15] = "cycl ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:919:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15] = "cycl ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:947:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="avg1 ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:966:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="avg5 ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:985:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="avg15 ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1008:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="csw ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1021:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="clones ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1034:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="numcpu ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1047:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="intr ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1060:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1080:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "#proc ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1113:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="membusy ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1143:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="gpubusy ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1173:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="memocc ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1192:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "total ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1206:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "used ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1220:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "usavg ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1238:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tot ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1251:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="free ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1264:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="cache ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1277:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "dirty ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1290:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="buff ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1303:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="slab ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1316:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="slrec ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1329:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="shmem ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1342:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="shrss ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1355:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="shswp ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1368:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="hptot ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1381:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="hpuse ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1394:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="vmbal ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1406:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tot ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1419:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="free ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1432:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="vmcom ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1449:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="vmlim ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1467:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="scan ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1479:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="steal ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1491:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="stall ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1503:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="swin ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1515:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="swout ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[32];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1555:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1565:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1575:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1585:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1595:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1607:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32] = "ctid ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1622:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="nproc ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1638:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1667:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="mem ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1682:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:1704:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="busy ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1723:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="read ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1739:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="write ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1755:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="KiB/w ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1769:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="KiB/r ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1783:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="MBw/s ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1797:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="MBr/s ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1811:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="avq ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1825:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="avio ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1864:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcpi ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1876:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcpo ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1888:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcpao ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1900:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcppo ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1912:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcprs ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1924:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcpie ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1936:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="tcpor ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1948:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="udpnp ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1960:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="udpie ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1972:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="udpi ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:1986:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="udpo ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2008:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="ipi ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2022:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="ipo ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2036:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="ipfrw ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2050:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="deliv ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2064:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="icmpi ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2078:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="icmpo ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2096:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "ethxxxx ----";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2138:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+8, "----");
data/pcp-5.2.2/src/pcp/atop/showsys.c:2150:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="pcki ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2166:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="pcko ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2185:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="si ?bps";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2222:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:2282:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="coll ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2295:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="mlti ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2308:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="erri ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2321:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="erro ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2334:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="drpi ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2347:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="drpo ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2364:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "ethxxxx ----", tmp[32], *ps=tmp;
data/pcp-5.2.2/src/pcp/atop/showsys.c:2395:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="pcki ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2411:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="pcko ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2427:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:2455:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="lanes ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2501:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16] = "srv ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2502:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mntdev[128], *ps;
data/pcp-5.2.2/src/pcp/atop/showsys.c:2504:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mntdev, sstat->nfs.nfsmounts.nfsmnt[as->index].mountdev,
data/pcp-5.2.2/src/pcp/atop/showsys.c:2523:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pcp/atop/showsys.c:2524:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mntdev[128], *ps;
data/pcp-5.2.2/src/pcp/atop/showsys.c:2527:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mntdev, sstat->nfs.nfsmounts.nfsmnt[as->index].mountdev,
data/pcp-5.2.2/src/pcp/atop/showsys.c:2550:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="read ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2564:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="write ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2578:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="nread ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2592:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="nwrit ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2606:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="dread ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2620:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="dwrit ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2634:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="mread ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2648:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="mwrit ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2662:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="rpc ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2675:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="read ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2688:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="write ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2701:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="retxmit ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2714:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="autref ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2727:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="rpc ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2740:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="cread ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2753:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="cwrit ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2766:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="badfmt ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2779:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="badaut ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2792:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="badcln ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2805:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="nettcp ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2818:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="netudp ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2831:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32]="MBcr/s ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2846:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32]="MBcw/s ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2861:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="rchits ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2874:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="rcmiss ";
data/pcp-5.2.2/src/pcp/atop/showsys.c:2887:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]="rcnoca ";
data/pcp-5.2.2/src/pcp/atop/various.c:1240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXPATHLEN];
data/pcp-5.2.2/src/pcp/atop/various.c:1241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pcp/atop/various.c:1371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[MAXPATHLEN];
data/pcp-5.2.2/src/pcp/atop/version.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vers[64];
data/pcp-5.2.2/src/perl/PMDA/local.c:141:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(file, O_RDONLY | O_NDELAY);
data/pcp-5.2.2/src/perl/PMDA/local.c:290:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->fd = open(file->me.tail.path, O_RDONLY | O_NDELAY);
data/pcp-5.2.2/src/perl/PMDA/local.c:367:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/pmcd/src/config.c:198:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fallback[2];
data/pcp-5.2.2/src/pmcd/src/config.c:1397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmcd/src/config.c:1416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmcd/src/config.c:1810:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/pcp-5.2.2/src/pmcd/src/config.c:2174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accessPath[MAXPATHLEN];
data/pcp-5.2.2/src/pmcd/src/config.c:2178:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((configFile = fopen(fileName, "r")) == NULL) {
data/pcp-5.2.2/src/pmcd/src/config.c:2183:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
accessFile = fopen(accessPath, "r");
data/pcp-5.2.2/src/pmcd/src/config.c:2200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accessPath[MAXPATHLEN];
data/pcp-5.2.2/src/pmcd/src/config.c:2206:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile = fopen(fileName, "r");
data/pcp-5.2.2/src/pmcd/src/config.c:2242:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
accessFile = fopen(accessPath, "r");
data/pcp-5.2.2/src/pmcd/src/config.c:2409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char afileName[MAXPATHLEN];
data/pcp-5.2.2/src/pmcd/src/dofetch.c:353:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&byte, &result->timestamp, sizeof(unsigned char));
data/pcp-5.2.2/src/pmcd/src/dopdus.c:382:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmcd/src/dopdus.c:383:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char domain[MAXDOMAINNAMELEN];
data/pcp-5.2.2/src/pmcd/src/dopdus.c:384:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char machineid[MAXMACHINEIDLEN];
data/pcp-5.2.2/src/pmcd/src/dopdus.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pmcd/src/dopdus.c:836:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[1];
data/pcp-5.2.2/src/pmcd/src/dopdus.c:989:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[1];
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1012:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*names = (char **)malloc(sizeof((*names)[0]));
data/pcp-5.2.2/src/pmcd/src/pmcd.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char configFileName[MAXPATHLEN]; /* path to pmcd.conf */
data/pcp-5.2.2/src/pmcd/src/pmcd.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sockpath[MAXPATHLEN]; /* local unix domain socket path */
data/pcp-5.2.2/src/pmcd/src/pmcd.c:64:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = fopen(fatalfile, "w")) != NULL) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:67:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((log = fopen(logfile, "r")) != NULL) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pcp-5.2.2/src/pmcd/src/pmcd.c:950:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((localhost = atoi(envstr)) != 0) {
data/pcp-5.2.2/src/pmcd/src/pmcd.c:956:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxpending = atoi(envstr);
data/pcp-5.2.2/src/pmcd/src/pmcd.c:1173:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fdStr[FDNAMELEN];
data/pcp-5.2.2/src/pmcd/src/pmcd.c:1174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *stdFds[4] = {"*UNKNOWN FD*", "stdin", "stdout", "stderr"};
data/pcp-5.2.2/src/pmcd_wait/pmcd_wait.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char env[256];
data/pcp-5.2.2/src/pmchart/exportdialog.cpp:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[32];
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:157:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:160:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case StartState: strcpy(buf, "Start"); break;
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:161:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case ForwardState: strcpy(buf, "Forward"); break;
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:162:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case BackwardState: strcpy(buf, "Backward"); break;
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:163:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case EndLogState: strcpy(buf, "EndLog"); break;
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:164:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case StandbyState: strcpy(buf, "Standby"); break;
data/pcp-5.2.2/src/pmchart/groupcontrol.cpp:165:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(buf, "Dodgey"); break;
data/pcp-5.2.2/src/pmchart/main.cpp:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[32];
data/pcp-5.2.2/src/pmchart/main.cpp:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[16];
data/pcp-5.2.2/src/pmchart/main.cpp:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[8];
data/pcp-5.2.2/src/pmchart/main.cpp:720:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!OpenViewDialog::openView((const char *)configs[c].toLatin1()))
data/pcp-5.2.2/src/pmchart/pmchart.cpp:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestring[32];
data/pcp-5.2.2/src/pmchart/recorddialog.cpp:139:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localHostname[HOST_NAME_MAX];
data/pcp-5.2.2/src/pmchart/recorddialog.cpp:150:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!folio.open(QIODevice::WriteOnly)) {
data/pcp-5.2.2/src/pmchart/recorddialog.cpp:186:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!config.open(QIODevice::WriteOnly)) {
data/pcp-5.2.2/src/pmchart/timeaxis.cpp:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/pcp-5.2.2/src/pmchart/timecontrol.cpp:404:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet, msg, msg->length);
data/pcp-5.2.2/src/pmchart/view.cpp:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _fname[MAXPATHLEN];
data/pcp-5.2.2/src/pmchart/view.cpp:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXWDSZ];
data/pcp-5.2.2/src/pmchart/view.cpp:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/pcp-5.2.2/src/pmchart/view.cpp:272:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_fname, "stdin");
data/pcp-5.2.2/src/pmchart/view.cpp:276:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_fname, "r")) == NULL)
data/pcp-5.2.2/src/pmchart/view.cpp:283:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_fname, "r")) == NULL) {
data/pcp-5.2.2/src/pmchart/view.cpp:289:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_fname, "r")) == NULL) {
data/pcp-5.2.2/src/pmchart/view.cpp:294:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_fname, "r")) == NULL) {
data/pcp-5.2.2/src/pmchart/view.cpp:300:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_fname, "r")) == NULL) {
data/pcp-5.2.2/src/pmchart/view.cpp:306:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(_fname, "r")) == NULL) {
data/pcp-5.2.2/src/pmchart/view.cpp:320:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAXPATHLEN];
data/pcp-5.2.2/src/pmchart/view.cpp:1240:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localHostname[HOST_NAME_MAX];
data/pcp-5.2.2/src/pmchart/view.cpp:1266:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(path, "w")) == NULL)
data/pcp-5.2.2/src/pmclient/pmclient.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[26]; /* for pmCtime result */
data/pcp-5.2.2/src/pmclient/pmclient_fg.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[26]; /* for pmCtime result */
data/pcp-5.2.2/src/pmconfig/pmconfig.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf, ibuf, ip-len-ibuf);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:487:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, macro[i].value, macro[i].valuelen);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf, obuf, op-obuf+1);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:534:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fname, "r");
data/pcp-5.2.2/src/pmcpp/pmcpp.c:574:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:747:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/aix/aix.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/apache/apache.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char url[256];
data/pcp-5.2.2/src/pmdas/apache/apache.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uptime_s[64];
data/pcp-5.2.2/src/pmdas/apache/apache.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[BUFSIZ];
data/pcp-5.2.2/src/pmdas/apache/apache.c:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/bash/bash.c:119:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trace->timestamp, timestamp, sizeof(*timestamp));
data/pcp-5.2.2/src/pmdas/bash/bash.c:145:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&trace->timestamp, timestamp, sizeof(*timestamp));
data/pcp-5.2.2/src/pmdas/bash/bash.c:419:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/bash/event.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pidpath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/bash/event.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char script[1024];
data/pcp-5.2.2/src/pmdas/bash/event.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/pcp-5.2.2/src/pmdas/bash/event.c:105:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/pcp-5.2.2/src/pmdas/bash/event.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/bash/event.c:146:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY | O_NONBLOCK)) < 0)
data/pcp-5.2.2/src/pmdas/bash/event.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bashful->starttime, &init->starttime, sizeof(struct timeval));
data/pcp-5.2.2/src/pmdas/bash/event.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bashful->stat, &init->stat, sizeof(struct stat));
data/pcp-5.2.2/src/pmdas/bash/event.c:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/pcp-5.2.2/src/pmdas/bash/event.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/bash/event.h:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function[64];
data/pcp-5.2.2/src/pmdas/bash/event.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[512];
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX], fsname[PATH_MAX];
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:340:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:512:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) != NULL ) {
data/pcp-5.2.2/src/pmdas/cifs/pmda.c:560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/cifs/pmdacifs.h:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/pcp-5.2.2/src/pmdas/cifs/stats.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version[10] = "";
data/pcp-5.2.2/src/pmdas/cifs/stats.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/pcp-5.2.2/src/pmdas/cifs/stats.c:89:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL )
data/pcp-5.2.2/src/pmdas/cifs/stats.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX], cifs_name[256];
data/pcp-5.2.2/src/pmdas/cifs/stats.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cifs_connected[13] = {0};
data/pcp-5.2.2/src/pmdas/cifs/stats.c:145:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL )
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helptext[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:247:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(intf[n].interface, "FastEthernet");
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:269:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(p, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/pcp-5.2.2/src/pmdas/cisco/probe.c:319:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(argv[optind], "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:334:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
c.fout = fopen("/dev/null", "w");
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:621:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp.rate_in = atol(w) / 8;
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:629:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp.rate_out = atol(w) / 8;
data/pcp-5.2.2/src/pmdas/darwin/darwin.h:2:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hw_model[MODEL_SIZE];
data/pcp-5.2.2/src/pmdas/darwin/disk.h:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DEVNAMEMAX + 1];
data/pcp-5.2.2/src/pmdas/darwin/kernel.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; /* 8 is real max atm, but be conservative */
data/pcp-5.2.2/src/pmdas/darwin/kernel.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(*cpuload)[i], &cpuinfo[i],
data/pcp-5.2.2/src/pmdas/darwin/network.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMEMAX + 1];
data/pcp-5.2.2/src/pmdas/darwin/pmda.c:90:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_model[MODEL_SIZE];
data/pcp-5.2.2/src/pmdas/darwin/pmda.c:817:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mach_uname_all[(_SYS_NAMELEN*5)+8];
data/pcp-5.2.2/src/pmdas/darwin/pmda.c:1207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/darwin/pmda.c:1258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/dm/dmcache.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmcache.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmcache.h:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_mode[13];
data/pcp-5.2.2/src/pmdas/dm/dmstats.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmstats.h:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[128];
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmthin.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/dm/dmthin.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char held_root[20];
data/pcp-5.2.2/src/pmdas/dm/dmthin.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_mode[5];
data/pcp-5.2.2/src/pmdas/dm/dmthin.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discard_passdown[20];
data/pcp-5.2.2/src/pmdas/dm/dmthin.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char no_space_mode[20];
data/pcp-5.2.2/src/pmdas/dm/pmda.c:1268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/dm/pmda.c:1323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/dm/vdo.c:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/dm/vdo.c:36:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/dm/vdo.c:216:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/docker/docker.c:390:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/docker/docker.c:394:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resulting_path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/docker/docker.c:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json_query[BUFSIZ];
data/pcp-5.2.2/src/pmdas/docker/docker.c:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json_query[BUFSIZ];
data/pcp-5.2.2/src/pmdas/docker/docker.c:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json_query[BUFSIZ];
data/pcp-5.2.2/src/pmdas/docker/docker.c:672:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json[BUFSIZ];
data/pcp-5.2.2/src/pmdas/docker/docker.c:693:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, hp->json + hp->off, bytes);
data/pcp-5.2.2/src/pmdas/docker/docker.c:735:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_metrics, json, (sizeof(json_metric_desc)*json_size));
data/pcp-5.2.2/src/pmdas/docker/docker.c:745:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(json, local_metrics, (sizeof(json_metric_desc) * json_size));
data/pcp-5.2.2/src/pmdas/etw/event.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(source, target, sizeof(EVENT_RECORD));
data/pcp-5.2.2/src/pmdas/etw/event.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[DEFAULT_MAXMEM];
data/pcp-5.2.2/src/pmdas/etw/event.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmnsname[64];
data/pcp-5.2.2/src/pmdas/etw/pmda.c:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/pcp-5.2.2/src/pmdas/etw/tdhlist.c:218:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
l = (LPCSTR)((char *)pSessions[i] + pSessions[i]->LoggerNameOffset);
data/pcp-5.2.2/src/pmdas/etw/util.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[128];
data/pcp-5.2.2/src/pmdas/etw/util.c:102:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "extended info,");
data/pcp-5.2.2/src/pmdas/etw/util.c:104:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "private session,");
data/pcp-5.2.2/src/pmdas/etw/util.c:106:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "string,");
data/pcp-5.2.2/src/pmdas/etw/util.c:108:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "TraceMessage,");
data/pcp-5.2.2/src/pmdas/etw/util.c:110:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "no cputime,");
data/pcp-5.2.2/src/pmdas/etw/util.c:112:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "32bit,");
data/pcp-5.2.2/src/pmdas/etw/util.c:114:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "64bit,");
data/pcp-5.2.2/src/pmdas/etw/util.c:116:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, "classic,");
data/pcp-5.2.2/src/pmdas/etw/util.c:166:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stringBuffer[64];
data/pcp-5.2.2/src/pmdas/freebsd/disk.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[DEVSTAT_NAME_LEN+6];
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:624:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uname_string[sizeof(kernel_uname)+5];
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:881:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[16]; /* enough for cpuNN.. */
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:915:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (matchname(map[i].m_pcpname, (char *)metrictab[m].m_user)) {
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:931:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map[i].m_mib, mib, map[i].m_miblen*sizeof(map[i].m_mib[0]));
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:940:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "Info: %s (%s): sysctl metric \"%s\" -> mib ", (char *)metrictab[m].m_user, pmIDStr(metrictab[m].m_desc.pmid), map[i].m_name);
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:952:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "Error: %s (%s): cannot match name in sysctl map[]\n", (char *)metrictab[m].m_user, pmIDStr(metrictab[m].m_desc.pmid));
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:1036:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/freebsd/netif.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)ifp, (void *)ifd, sizeof(*ifp));
data/pcp-5.2.2/src/pmdas/gfs2/control.c:93:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/pcp-5.2.2/src/pmdas/gfs2/control.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16];
data/pcp-5.2.2/src/pmdas/gfs2/control.c:115:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:101:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( fp = fopen(TRACE, "w")) == NULL )
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:247:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3], target[3];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:276:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:299:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3], remote[7];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:328:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3], first[6];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:367:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3], queue[8];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:436:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinned[6];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:455:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end[6];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:470:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end[6];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:481:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[8];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:500:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[8];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:515:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[8];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8196];
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:555:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(TRACE_PIPE, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.h:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[512];
data/pcp-5.2.2/src/pmdas/gfs2/glocks.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/gfs2/glocks.c:51:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/gfs2/glocks.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3], flags[15];
data/pcp-5.2.2/src/pmdas/gfs2/glstats.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/gfs2/glstats.c:64:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL){
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:237:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char queue[8], state[3];
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:292:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3], to[3], target[3];
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:343:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[3];
data/pcp-5.2.2/src/pmdas/gfs2/pmda.c:796:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/gfs2/pmda.c:811:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/gfs2/pmda.c:1004:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/sys/kernel/debug/tracing/buffer_size_kb", "w");
data/pcp-5.2.2/src/pmdas/gfs2/pmda.c:1023:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/sys/kernel/debug/tracing/options/irq-info", "w");
data/pcp-5.2.2/src/pmdas/gfs2/pmda.c:1151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/gfs2/sbstats.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/gfs2/sbstats.c:90:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buffer, "r")) == NULL){
data/pcp-5.2.2/src/pmdas/gfs2/sbstats.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[64];
data/pcp-5.2.2/src/pmdas/gfs2/sbstats.c:216:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, sizeof(pmdaMetric));
data/pcp-5.2.2/src/pmdas/gfs2/sbstats.c:243:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[128];
data/pcp-5.2.2/src/pmdas/gfs2/worst_glock.c:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[64];
data/pcp-5.2.2/src/pmdas/gfs2/worst_glock.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, sizeof(pmdaMetric));
data/pcp-5.2.2/src/pmdas/gfs2/worst_glock.c:368:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[128];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ca_name[UMAD_CA_NAME_LEN];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:122:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char perfdata[IB_MAD_SIZE];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:123:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char portinfo[IB_MAD_SIZE];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcap[IB_ALLPORTCAPSTRLEN];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char confpath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:300:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:303:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local[128];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hcas[IBPMDA_MAX_HCAS][UMAD_CA_NAME_LEN];
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:356:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fconf = fopen (confpath, "r");
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:366:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fconf = fopen(confpath, "w");
data/pcp-5.2.2/src/pmdas/infiniband/pmda.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defconf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/infiniband/pmda.c:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/jbd2/pmda.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/jbd2/pmda.c:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/jbd2/proc_jbd2.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN], *id;
data/pcp-5.2.2/src/pmdas/jbd2/proc_jbd2.c:43:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/json/acme_json.c:80:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
meta_fd = fopen("metadata.json", "w+");
data/pcp-5.2.2/src/pmdas/json/acme_json.c:126:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_fd = fopen("data.json", "w+");
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tracefs[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char debugfs[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lockdown[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:214:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpu[64];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:273:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ktrace, buffer+1, ksize);
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:330:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pfile = fopen(path, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:333:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pe.config = atoi(fgets(temp, sizeof(temp), pfile));
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:436:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[1024];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:520:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:527:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:582:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(lockdown, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:627:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncpus = atoi(envpath);
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:655:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmetrictab, metrictab, sizeof(metrictab));
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:706:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pmsprintf(name, sizeof(name), "kvm.%s", (char *)pmetric[m].m_user);
data/pcp-5.2.2/src/pmdas/linux/filesys.c:23:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[128];
data/pcp-5.2.2/src/pmdas/linux/filesys.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/filesys.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/filesys.c:59:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(src, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[16];
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:49:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) == -1)
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, name[1024];
data/pcp-5.2.2/src/pmdas/linux/interrupts.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[128];
data/pcp-5.2.2/src/pmdas/linux/interrupts.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[128];
data/pcp-5.2.2/src/pmdas/linux/interrupts.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[128];
data/pcp-5.2.2/src/pmdas/linux/interrupts.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[128];
data/pcp-5.2.2/src/pmdas/linux/interrupts.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[128];
data/pcp-5.2.2/src/pmdas/linux/interrupts.c:680:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, sizeof(pmdaMetric));
data/pcp-5.2.2/src/pmdas/linux/ipc.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:167:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*omode = atoi(buf);
data/pcp-5.2.2/src/pmdas/linux/ipc.c:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shmid[IPC_KEYLEN];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:210:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shmp, &sbuf, sizeof(shm_stat_t));
data/pcp-5.2.2/src/pmdas/linux/ipc.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgid[IPC_KEYLEN];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:265:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mqp, &mbuf, sizeof(msg_queue_t));
data/pcp-5.2.2/src/pmdas/linux/ipc.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char semid[IPC_KEYLEN];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pcp-5.2.2/src/pmdas/linux/ipc.c:319:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(semp, &sbuf, sizeof(sem_array_t));
data/pcp-5.2.2/src/pmdas/linux/ipc.h:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[IPC_KEYLEN]; /* hex formatted slot name */
data/pcp-5.2.2/src/pmdas/linux/ipc.h:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[IPC_OWNERLEN]; /* username of owner */
data/pcp-5.2.2/src/pmdas/linux/ipc.h:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[IPC_KEYLEN]; /* hex formatted slot name */
data/pcp-5.2.2/src/pmdas/linux/ipc.h:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[IPC_OWNERLEN]; /* username of owner */
data/pcp-5.2.2/src/pmdas/linux/ipc.h:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[IPC_KEYLEN]; /* hex formatted slot name */
data/pcp-5.2.2/src/pmdas/linux/ipc.h:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[IPC_OWNERLEN]; /* username of owner */
data/pcp-5.2.2/src/pmdas/linux/ksm.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/ksm.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/ksm.c:40:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/linux/linux_table.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, table, len * sizeof(struct linux_table));
data/pcp-5.2.2/src/pmdas/linux/linux_table.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c:93:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(config, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/namespaces.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/namespaces.c:31:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(path, O_RDONLY);
data/pcp-5.2.2/src/pmdas/linux/namespaces.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char process[32];
data/pcp-5.2.2/src/pmdas/linux/namespaces.c:43:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(process, "self");
data/pcp-5.2.2/src/pmdas/linux/namespaces.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdubuf[BUFSIZ], name[MAXPATHLEN], *np;
data/pcp-5.2.2/src/pmdas/linux/numa_meminfo.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/numa_meminfo.c:81:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bandwidth_conf[PATH_MAX];
data/pcp-5.2.2/src/pmdas/linux/numa_meminfo.c:117:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/numa_meminfo.c:124:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/pmda.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uname_string[sizeof(kernel_uname)];
data/pcp-5.2.2/src/pmdas/linux/pmda.c:6270:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(buffer, "r");
data/pcp-5.2.2/src/pmdas/linux/pmda.c:8895:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctxtab[ctx].access.uid = id = atoi(value);
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9042:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numanode = atoi(proc_buddyinfo.buddys[inst].node_name);
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9139:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hz = atoi(envpath);
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9144:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_pm_ncpus = atoi(envpath);
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9149:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_pm_pageshift = ffs(atoi(envpath)) - 1;
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/pmda.c:9319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[64];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:73:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int read_buddyinfo(const char *data, char (*buf)[SPLIT_MAX], int max)
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:73:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int read_buddyinfo(const char *data, char (*buf)[SPLIT_MAX], int max)
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_buf[SPLIT_MAX][128];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node_name[128];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:147:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
values[i] = atoi(read_buf[i+1]);
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_name[128];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node_name[128];
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_name[128];
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:41:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:147:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->cache = atoi(val);
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:149:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->cache_align = atoi(val);
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:169:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cp->info, &saved, sizeof(cpuinfo_t));
data/pcp-5.2.2/src/pmdas/linux/proc_fs_nfsd.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_loadavg.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[16], access[16], buf[256];
data/pcp-5.2.2/src/pmdas/linux/proc_meminfo.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:148:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:172:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netip->ioc.speed = atoi(value);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:180:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netip->ioc.mtu = atoi(value);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:226:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netip->ioc.type = atoi(value);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr6p[8][5];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr6[40], devname[20+1];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inet[INET_ADDRSTRLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6[INET6_ADDRSTRLEN+16]; /* extra for /plen */
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_addr[HWADDRSTRLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.h:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[256]; /* sufficient for any kernel copyout */
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.h:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifrn_name[16];
data/pcp-5.2.2/src/pmdas/linux/proc_net_netstat.c:303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *indices[NETSTAT_MAX_COLUMNS];
data/pcp-5.2.2/src/pmdas/linux/proc_net_netstat.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_netstat.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[2048];
data/pcp-5.2.2/src/pmdas/linux/proc_net_raw.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/proc_net_rpc.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *indices[SNMP_MAX_COLUMNS];
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.c:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *indices[SNMP_MAX_COLUMNS];
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.c:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp6.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_net_sockstat6.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt[128] = { '\0' };
data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c:44:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fmt, "%08llx ");
data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c:48:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fmt, "%08lx ");
data/pcp-5.2.2/src/pmdas/linux/proc_net_tcp.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/proc_net_udp.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/proc_net_unix.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdadm[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:238:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:261:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:286:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:307:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXNAMELEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realname[MAXNAMELEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:372:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) >= 0) {
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:897:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXNAMELEN];
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:910:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux/proc_pressure.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_pressure.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_pressure.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_scsi.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_scsi.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/pmdas/linux/proc_scsi.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[64];
data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/proc_slabinfo.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN], *name, *sp, **bp;
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuname[32];
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:215:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(buf, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:259:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
n = sscanf((const char *)bufindex[0], ALLCPU_FMT,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:307:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(&bufindex[n][3]); /* extract CPU identifier */
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:351:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], PAGE_FMT,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:356:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], SWAP_FMT,
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:361:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], INTR_FMT, &proc_stat->intr);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:365:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], CTXT_FMT, &proc_stat->ctxt);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:369:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], BTIME_FMT, &proc_stat->btime);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:373:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], PROCESSES_FMT, &proc_stat->processes);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:377:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], RUNNING_FMT, &proc_stat->procs_running);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:381:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sscanf((const char *)bufindex[i], BLOCKED_FMT, &proc_stat->procs_blocked);
data/pcp-5.2.2/src/pmdas/linux/proc_sys_fs.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_sys_kernel.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_tty.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_tty.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[64];
data/pcp-5.2.2/src/pmdas/linux/proc_tty.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uart[64];
data/pcp-5.2.2/src/pmdas/linux/proc_uptime.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/proc_uptime.c:27:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(buf, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/linux/proc_vmstat.c:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_vmstat.c:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *endp, prot_name[64];
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zonetype[ZONE_NAMELEN];
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instname[64];
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.h:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[ZONE_NAMELEN];
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[ZONE_NAMELEN];
data/pcp-5.2.2/src/pmdas/linux/swapdev.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/sysfs_kernel.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/sysfs_kernel.c:27:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(buf, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysname[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statsname[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statsfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strvalue[64];
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:116:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(statsfile, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[16]; /* inst name */
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pacct_system_file[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pacct_private_file[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:268:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
acct_file.fd = open(path, O_TRUNC|O_CREAT, S_IRUSR);
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:270:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
acct_file.fd = open(path, O_RDONLY);
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:504:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmprec[MAX_ACCT_RECORD_SIZE_BYTES];
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:569:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acctp, tmprec, acct_file.record_size);
data/pcp-5.2.2/src/pmdas/linux_proc/acct.h:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_comm[ACCT_COMM]; /* Command Name */
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:360:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAXMNTOPTSLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:379:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opts[256];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:515:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgpath[MAXPATHLEN] = { 0 };
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:636:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:653:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:683:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], *endp;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], *endp;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:752:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], name[64];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:757:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:770:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap, &cpuacct, sizeof(cpuacct));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16 * 4096], *endp;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inst[MAXPATHLEN], *p;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:786:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:823:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:824:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:867:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], name[64];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:873:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:874:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccp, &cputime, sizeof(cputime));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:888:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccp, &cputime, sizeof(cputime));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:907:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], name[64];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:913:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:914:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccp, &cpustat, sizeof(cpustat));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:928:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccp, &cpustat, sizeof(cpustat));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:937:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:938:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:939:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], name[64];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1046:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1047:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmp, &memory, sizeof(memory));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1061:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmp, &memory, sizeof(memory));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1070:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1247:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *realname, op[8];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1279:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blkios, &blkiops, sizeof(cgroup_blkiops_t));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1307:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1454:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1457:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN], id[MAXCIDLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1525:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *escname, escbuf[MAXPATHLEN+16];
data/pcp-5.2.2/src/pmdas/linux_proc/config.c:75:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((conf = fopen(hotproc_configfile, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/linux_proc/config.c:127:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fid = mkstemp(tmpname);
data/pcp-5.2.2/src/pmdas/linux_proc/config.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[64];
data/pcp-5.2.2/src/pmdas/linux_proc/config.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gname[64];
data/pcp-5.2.2/src/pmdas/linux_proc/config.h:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256]; /* basename of exec()'d pathname */
data/pcp-5.2.2/src/pmdas/linux_proc/config.h:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psargs[256]; /* initial chars of arg list */
data/pcp-5.2.2/src/pmdas/linux_proc/contexts.c:67:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctxtab[ctx].uid = atoi(value);
data/pcp-5.2.2/src/pmdas/linux_proc/contexts.c:75:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctxtab[ctx].gid = atoi(value);
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused[128], device[128], range[64], *end;
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:55:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(path, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char devpath[256];
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ttyname[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/hotproc.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h_configfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:1516:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(buffer, "r");
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:1522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgroup[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:1611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[16]; /* see Note below */
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:1691:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pmsprintf(newname, sizeof(newname), "%06d", atoi(name));
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3843:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hz = atoi(envpath);
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3847:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_pm_system_pagesize = atoi(envpath);
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3853:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threads = atoi(envpath);
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3855:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
all_access = atoi(envpath);
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3968:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_dynamic.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[128];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_dynamic.c:371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, sizeof(pmdaMetric));
data/pcp-5.2.2/src/pmdas/linux_proc/proc_dynamic.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:124:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pidlist_append_pid(atoi(pidname), pids);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char taskpath[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:145:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:179:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:189:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:209:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:394:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:644:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vars.fname, "Unknown");
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:688:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vars.uname, "UNKNOWN");
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:698:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(vars.gname, "UNKNOWN");
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:827:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:859:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(buf, O_RDONLY)) >= 0) {
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:882:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:893:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(buf, O_RDONLY)) >= 0) {
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:921:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1037:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1108:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_RDONLY);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1123:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_RDONLY);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1126:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1159:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1198:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, n);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cid[72], *tmp;
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1937:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:2040:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retbuf, p, i);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[4096];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.c:35:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buffer, idsz);
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[idsz+1], fs->device, devsz+1);
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:100:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[128];
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realdevice[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_padding4[8]; /* yet more padding */
data/pcp-5.2.2/src/pmdas/linux_xfs/pmda.c:1702:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/pmda.c:1706:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(buffer, mode);
data/pcp-5.2.2/src/pmdas/linux_xfs/pmda.c:1962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/pmda.c:2009:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN], *dev;
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statsdev[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:366:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN], *statsdevice;
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/linux_xfs/sysfs_xfs.c:418:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/logger/event.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/logger/event.c:45:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(logfiles[i].pathname, O_RDONLY|O_NONBLOCK);
data/pcp-5.2.2/src/pmdas/logger/event.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXPATHLEN * 2];
data/pcp-5.2.2/src/pmdas/logger/event.c:126:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile = fopen(fname, "r");
data/pcp-5.2.2/src/pmdas/logger/event.c:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/pcp-5.2.2/src/pmdas/logger/event.c:381:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(logfile->pathname, O_RDONLY|O_NONBLOCK);
data/pcp-5.2.2/src/pmdas/logger/event.h:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmnsname[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/logger/event.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/logger/logger.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN * 2];
data/pcp-5.2.2/src/pmdas/logger/logger.c:379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(metrictab, static_metrictab, sizeof(static_metrictab));
data/pcp-5.2.2/src/pmdas/logger/logger.c:384:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmetric, dynamic_metrictab, sizeof(dynamic_metrictab));
data/pcp-5.2.2/src/pmdas/logger/logger.c:532:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/lustrecomm/file_single.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[80] = { 0 };
data/pcp-5.2.2/src/pmdas/lustrecomm/file_single.c:47:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( fd = open (filename, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmdas/lustrecomm/lustrecomm.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/lustrecomm/refresh_file.c:54:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( f_s->fd = open (f_s->filename, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmdas/mailq/mailq.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char startdir[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mailq/mailq.c:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[30];
data/pcp-5.2.2/src/pmdas/mailq/mailq.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MMV_STRINGMAX];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MMV_STRINGMAX];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MMV_STRINGMAX];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MMV_STRINGMAX];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MMV_STRINGMAX];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:569:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:570:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bits[32];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:574:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "none");
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:577:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "noprefix, ");
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:579:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "process, ");
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:581:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "sentinel, ");
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:719:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(file, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmnsdir[MAXPATHLEN]; /* pcpvardir/pmns */
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statsdir[MAXPATHLEN]; /* pcptmpdir/<prefix> */
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MMV_STRINGMAX]; /* temporary fetch buffer */
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:173:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) >= 0) {
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:334:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ap->metrics[ap->mtot].m_desc.units, &units, sizeof(pmUnits));
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN], name[64], *client;
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:621:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:660:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MMV_STRINGMAX];
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:661:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:963:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atom, &v->value, sizeof(pmAtomValue));
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:969:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atom, &v->value, sizeof(pmAtomValue));
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:974:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atom, &v->value, sizeof(pmAtomValue));
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:1446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[32];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAXFSTYPE];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[MAXOPTSTR];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:155:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mount_name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:241:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(mypath, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:295:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mp->device, "none");
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:296:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mp->type, "none");
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:297:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mp->options, "none");
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:300:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(MOUNT_FILE, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:578:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uname_string[sizeof(kernel_uname)];
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:810:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[16]; /* enough for cpuNN.. */
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:844:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (matchname(map[i].m_pcpname, (char *)metrictab[m].m_user)) {
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:860:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map[i].m_mib, mib, map[i].m_miblen*sizeof(map[i].m_mib[0]));
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:869:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "Info: %s (%s): sysctl metric \"%s\" -> mib ", (char *)metrictab[m].m_user, pmIDStr(metrictab[m].m_desc.pmid), map[i].m_name);
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:881:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "Error: %s (%s): cannot match name in sysctl map[]\n", (char *)metrictab[m].m_user, pmIDStr(metrictab[m].m_desc.pmid));
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:963:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/netbsd/netif.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_name[IF_NAMESIZE];
data/pcp-5.2.2/src/pmdas/netbsd/netif.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(if_name, sdl->sdl_data, sdl->sdl_nlen);
data/pcp-5.2.2/src/pmdas/netbsd/netif.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(if_name, sdl->sdl_data, IF_NAMESIZE-1);
data/pcp-5.2.2/src/pmdas/nvidia/localnvml.h:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char busId[NVML_DEVICE_PCI_BUS_ID_BUFFER_SIZE];
data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c:132:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpuname[32], *name;
data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[NVML_DEVICE_NAME_BUFFER_SIZE+64]; /* + for pid::cardid:: */
data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c:246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nvproc->acct, &stats, sizeof(stats));
data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NVML_DEVICE_NAME_BUFFER_SIZE];
data/pcp-5.2.2/src/pmdas/openbsd/netif.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_name[IF_NAMESIZE];
data/pcp-5.2.2/src/pmdas/openbsd/netif.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(if_name, sdl->sdl_data, sdl->sdl_nlen);
data/pcp-5.2.2/src/pmdas/openbsd/netif.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(if_name, sdl->sdl_data, IF_NAMESIZE-1);
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:601:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uname_string[sizeof(kernel_uname)];
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:834:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[16]; /* enough for cpuNN.. */
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:868:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (matchname(map[i].m_pcpname, (char *)metrictab[m].m_user)) {
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:884:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map[i].m_mib, mib, map[i].m_miblen*sizeof(map[i].m_mib[0]));
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:893:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "Info: %s (%s): sysctl metric \"%s\" -> mib ", (char *)metrictab[m].m_user, pmIDStr(metrictab[m].m_desc.pmid), map[i].m_name);
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:905:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "Error: %s (%s): cannot match name in sysctl map[]\n", (char *)metrictab[m].m_user, pmIDStr(metrictab[m].m_desc.pmid));
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:995:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inst->nodes[0].index, inst->cpus.index, inst->cpus.count * sizeof(*inst->nodes[0].index));
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:177:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cpulist = fopen(buf, "r");
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char online_cpupath[PATH_MAX], *line = NULL;
data/pcp-5.2.2/src/pmdas/perfevent/architecture.c:214:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cpulist = fopen(online_cpupath, "r");
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_dir[PATH_MAX]; /* Optional path prefix for the PMU devices */
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:224:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, property_path[PATH_MAX], *ptr, *start;
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:309:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp->lo_bit = tmp->hi_bit = atoi(start);
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:314:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp->lo_bit = atoi(start);
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:315:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp->hi_bit = atoi(ptr);
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *start, *ptr, *nptr, **endptr, *str, eventname[BUF_SIZE], ev_str[BUF_SIZE], pmc_str[BUF_SIZE], *tmp_buf_str;
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_path[PATH_MAX], *buf;
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:840:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_path[PATH_MAX], events_path[PATH_MAX];
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_path[PATH_MAX];
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:886:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmu_path[PATH_MAX];
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:965:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpumask_path[PATH_MAX], *line = NULL;
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:972:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cpulist = fopen(cpumask_path, "r");
data/pcp-5.2.2/src/pmdas/perfevent/perfalloc.c:134:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR, 0)) != -1)
data/pcp-5.2.2/src/pmdas/perfevent/perfalloc.c:144:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = open(lockfile, O_RDONLY);
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char events_path[PATH_MAX], event_path[PATH_MAX], *ptr, *buf = NULL;
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *device_path, *event_file, scale_path[PATH_MAX], *buf;
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX];
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eventname[BUF_SIZE];
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:939:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *activepmus[PFM_PMU_MAX + 1];
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:40:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(perflock_filename, pcppmdasdir, strlen(pcppmdasdir));
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(perflock_filename + strlen(pcppmdasdir), PERF_LOCK_PATH, strlen( PERF_LOCK_PATH ));
data/pcp-5.2.2/src/pmdas/perfevent/perfmanager.c:229:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = open(get_perf_alloc_lockfile(), O_CREAT | O_RDWR, S_IRWXU | S_IRGRP | S_IROTH );
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:367:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*buffer = (char *)dynamic_indom_helptab[0];
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuname[32];
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpuname[32];
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:490:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(metrictab, static_metrictab, sizeof(static_metrictab) );
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:493:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmetric, static_derived_metrictab, sizeof(static_derived_metrictab));
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:509:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmetric, default_metric_settings, sizeof(default_metric_settings));
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:535:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pmetric, derived_metric_settings, sizeof(derived_metric_settings));
data/pcp-5.2.2/src/pmdas/perfevent/pmda.c:600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN * 2];
data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ],*result;
data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[BUFSIZ];
data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c:126:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fff=fopen( FILESYSTEM_ROOT "proc/cpuinfo","r");
data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msr_filename[BUFSIZ];
data/pcp-5.2.2/src/pmdas/perfevent/rapl-interface.c:308:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rapl_cpudata[arg->cpuidx].msrfd = open(msr_filename, O_RDONLY);
data/pcp-5.2.2/src/pmdas/pipe/event.c:131:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/pipe/event.c:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/pcp-5.2.2/src/pmdas/pipe/event.c:761:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, line[MAXPATHLEN * 2];
data/pcp-5.2.2/src/pmdas/pipe/event.c:767:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((config = fopen(fname, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/pipe/event.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/pipe/event.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[64]; /* event queue name */
data/pcp-5.2.2/src/pmdas/pipe/pipe.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char confdir[MAXPATHLEN], config[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/pipe/pipe.c:428:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:363:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fullpath, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:369:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(buffer);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:542:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fullpath, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idx[12];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:975:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11]; /* enough for 32-bit client seq number */
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11]; /* enough for 32-bit client seq number */
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1013:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11]; /* enough for 32-bit client seq number */
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1079:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char abi[32];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char servicelist[32];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1198:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1761:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctim[sizeof("Thu Nov 24 18:22:48 1986\n")];
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:2037:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctxtab[ctx].uid = atoi(value);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:2057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/podman/context.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64+1];
data/pcp-5.2.2/src/pmdas/podman/pmda.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/podman/pmda.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/podman/varlink.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[BUFSIZ] = {0};
data/pcp-5.2.2/src/pmdas/podman/varlink.c:423:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp->ncontainers = temp ? atoi(temp) : 0;
data/pcp-5.2.2/src/pmdas/podman/varlink.c:511:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp->ncontainers = temp? atoi(temp) : 0;
data/pcp-5.2.2/src/pmdas/process/process.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/process/process.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char process_name[1024];
data/pcp-5.2.2/src/pmdas/process/process.c:156:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(mypath, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/process/process.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_path[30];
data/pcp-5.2.2/src/pmdas/process/process.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_line[200];
data/pcp-5.2.2/src/pmdas/process/process.c:237:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(proc_path, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/process/process.c:282:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pidlist[npidlist++] = atoi(dp->d_name);
data/pcp-5.2.2/src/pmdas/roomtemp/dsread.c:98:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char sn[8];
data/pcp-5.2.2/src/pmdas/roomtemp/mlan/linuxlnk.c:289:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(port_zstr, O_RDWR|O_NONBLOCK);
data/pcp-5.2.2/src/pmdas/roomtemp/mlan/mlansesu.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portname[128];
data/pcp-5.2.2/src/pmdas/roomtemp/roomtemp.c:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sn[8];
data/pcp-5.2.2/src/pmdas/roomtemp/roomtemp.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char return_msg[128];
data/pcp-5.2.2/src/pmdas/roomtemp/roomtemp.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char return_msg[128];
data/pcp-5.2.2/src/pmdas/roomtemp/roomtemp.c:144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sntab[i].sn, p, 8); /* SN for later fetch */
data/pcp-5.2.2/src/pmdas/roomtemp/roomtemp.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/agent.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *transfer_final[MAXPATHLEN] = { "" };
data/pcp-5.2.2/src/pmdas/root/docker.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/docker.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN], *p;
data/pcp-5.2.2/src/pmdas/root/docker.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_metrics, json_metrics, JSONMETRICS_BYTES);
data/pcp-5.2.2/src/pmdas/root/docker.c:312:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/root/docker.c:317:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/root/docker.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/docker.c:348:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r")) == NULL)
data/pcp-5.2.2/src/pmdas/root/lxc.c:39:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/lxc.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/src/pmdas/root/lxc.c:135:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
values->pid = atoi(value);
data/pcp-5.2.2/src/pmdas/root/lxc.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/podman.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/podman.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN], *p;
data/pcp-5.2.2/src/pmdas/root/podman.c:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/root/podman.c:321:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dp->path, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/root/podman.c:368:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/pcp-5.2.2/src/pmdas/root/podman.c:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char socket_path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:502:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((utsfd = open("/proc/self/ns/uts", O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/root/root.c:506:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmdas/root/root.c:532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmdas/root/root.c:569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN], *name = &buffer[0];
data/pcp-5.2.2/src/pmdas/root/root.c:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN], *cgroup = NULL;
data/pcp-5.2.2/src/pmdas/root/root.c:629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPMDALEN];
data/pcp-5.2.2/src/pmdas/root/root.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.c:676:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmdas/root/root.c:854:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/root/root.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgroup[128];
data/pcp-5.2.2/src/pmdas/rpm/rpm.c:513:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pp->values, &meta, sizeof(metadata));
data/pcp-5.2.2/src/pmdas/rpm/rpm.c:545:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[EVENT_BUF_LEN]; /* space for lots of events */
data/pcp-5.2.2/src/pmdas/rpm/rpm.c:608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/rpm/rpm.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/sample/src/events.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aggr->vbuf, (void *)aggrval, sizeof(aggrval));
data/pcp-5.2.2/src/pmdas/sample/src/events.c:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hrecord1[20];
data/pcp-5.2.2/src/pmdas/sample/src/events.c:454:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char record1[20];
data/pcp-5.2.2/src/pmdas/sample/src/pmda.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[64];
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:721:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[100]; /* hack, secret max */
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:725:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fspec = fopen(mypath, "r")) != NULL) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_aggr34->vbuf, "hullo world!", strlen("hullo world!"));
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_aggr35->vbuf, "13", strlen("13"));
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1511:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((chn = (char **)realloc(chn, nmatch*sizeof(chn[0]))) == NULL) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1559:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((chn = (char **)realloc(chn, nmatch*sizeof(chn[0])+len)) == NULL) {
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1649:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[4]; /* string.bin value X00\0 */
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:3150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/sendmail/sendmail.c:179:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(statsfile, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmdas/sendmail/sendmail.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN+20];
data/pcp-5.2.2/src/pmdas/sendmail/sendmail.c:269:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("/etc/sendmail.cf", "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/sendmail/sendmail.c:270:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("/etc/mail/sendmail.cf", "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/sendmail/sendmail.c:486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/shping/pmda.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[256];
data/pcp-5.2.2/src/pmdas/shping/pmda.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/shping/pmda.c:164:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((conf = fopen(configfile, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/shping/shping.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/pcp-5.2.2/src/pmdas/shping/shping.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/pcp-5.2.2/src/pmdas/shping/shping.c:254:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDONLY, 0);
data/pcp-5.2.2/src/pmdas/shping/shping.c:258:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("shping.out", "a")) != NULL) {
data/pcp-5.2.2/src/pmdas/shping/shping.c:262:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sts = open("shping.out", O_WRONLY|O_APPEND|O_CREAT, 0644);
data/pcp-5.2.2/src/pmdas/shping/shping.c:265:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_WRONLY, 0);
data/pcp-5.2.2/src/pmdas/simple/simple.c:131:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/simple/simple.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SIMPLE_BUFSIZE];
data/pcp-5.2.2/src/pmdas/simple/simple.c:343:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(mypath, "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/smart/pmda.c:1123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], dev_name[128];
data/pcp-5.2.2/src/pmdas/smart/pmda.c:1404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/smart/pmda.c:1448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], capacity[64] = {'\0'};
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], units[64] = {'\0'};
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char health[9];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_family[41];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_model[41];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_number[21];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sector_size[64];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rotation_rate[18];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firmware_version[9];
data/pcp-5.2.2/src/pmdas/smart/smart_stats.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char critical_warning[9];
data/pcp-5.2.2/src/pmdas/solaris/data.c:1439:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
metric_insts[i].i_name = (char *)metricdesc[i].md_name;
data/pcp-5.2.2/src/pmdas/solaris/data.c:1458:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
prefetch_insts[i].i_name = (char *)methodtab[i].m_name;
data/pcp-5.2.2/src/pmdas/solaris/disk.c:90:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modname[KSTAT_STRLEN];
data/pcp-5.2.2/src/pmdas/solaris/netmib2.c:96:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/pmdas/solaris/netmib2.c:311:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afd = open("/dev/arp", O_RDWR);
data/pcp-5.2.2/src/pmdas/solaris/solaris.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uname_full[SYS_NMLN * 5];
data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10]; /* cpuXXXXX */
data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c:133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chardat[sizeof(kn->value.c) + 1];
data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chardat, kn->value.c, sizeof(kn->value.c));
data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c:186:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chardat[sizeof(kn->value.c) + 1];
data/pcp-5.2.2/src/pmdas/solaris/sysinfo.c:219:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chardat, kn->value.c, sizeof(kn->value.c));
data/pcp-5.2.2/src/pmdas/solaris/vnops.c:64:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("/etc/mnttab", "r")) == NULL)
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JSON_BUFFER_SIZE] = {'\0'};
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(label_segment, buffer, label_segment_length);
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*out)->labels, datagram->tags, labels_length);
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maximum_key_size]; // maximum key size
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, &buffer, key_size);
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_output[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:228:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(debug_output, "a+");
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)meta->pcp_name, name, len);
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-stats.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug_output[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-stats.c:157:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(debug_output, "a+");
data/pcp-5.2.2/src/pmdas/statsd/src/config-reader.c:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(config->debug_output_filename, "debug", 6);
data/pcp-5.2.2/src/pmdas/statsd/src/config-reader.c:83:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->debug_output_filename, value, length);
data/pcp-5.2.2/src/pmdas/statsd/src/dict-callbacks.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(duplicate, key, length);
data/pcp-5.2.2/src/pmdas/statsd/src/network-listener.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_buffer[6];
data/pcp-5.2.2/src/pmdas/statsd/src/network-listener.c:94:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datagram->value, buffer, count);
data/pcp-5.2.2/src/pmdas/statsd/src/network-listener.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datagram->value, end_message, length);
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:135:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*datagram)->name, &buffer[segment_start], current_segment_length + 1);
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:156:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag_key, &buffer[segment_start], current_segment_length);
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:175:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag_value, &buffer[segment_start], current_segment_length + 1);
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:185:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->key, tag_key, key_len);
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:186:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->value, tag_value, value_len);
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JSON_BUFFER_SIZE];
data/pcp-5.2.2/src/pmdas/statsd/src/parsers-utils.c:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, buffer, current_size + 2);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JSON_BUFFER_SIZE];
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, buffer, l);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JSON_BUFFER_SIZE];
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:224:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(instances[label_offset + i].i_name, buffer, instance_name_length);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:233:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(instances[label_offset].i_name, buffer, instance_name_length);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:887:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, config->debug_output_filename, length);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:904:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, basic, length);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:906:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, ragel, length);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:920:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, basic, 6);
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:924:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, ragel, 14);
data/pcp-5.2.2/src/pmdas/statsd/src/pmdastatsd.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(instance[index].i_name, buff, len);
data/pcp-5.2.2/src/pmdas/statsd/src/pmdastatsd.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20];
data/pcp-5.2.2/src/pmdas/statsd/src/pmdastatsd.c:266:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help_file_path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/statsd/src/pmdastatsd.c:267:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_file_path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/summary/pmda.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/summary/pmda.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdpath[MAXPATHLEN+5];
data/pcp-5.2.2/src/pmdas/summary/summary.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&meta[nmeta-1].desc, &desc, sizeof(pmDesc));
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:286:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int uid = atoi (& uid_str[5]); /* skip over _UID= */
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:296:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int gid = atoi (& gid_str[5]); /* skip over _GID= */
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:385:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aggr->vbuf, data, data_len);
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:506:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(value);
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:514:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(value);
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:719:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/trace/app2.c:146:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((foo = fopen("/dev/null", "rw")) == NULL) {
data/pcp-5.2.2/src/pmdas/trace/app3.c:156:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((foo = fopen("/dev/null", "rw")) == NULL) {
data/pcp-5.2.2/src/pmdas/trace/src/pmda.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/trivial/trivial.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/txmon/txmon.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mypath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/txmon/txmon.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MAXNAMESIZE]; /* tx type name */
data/pcp-5.2.2/src/pmdas/weblog/check_match.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdas/weblog/check_match.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub0[1024];
data/pcp-5.2.2/src/pmdas/weblog/check_match.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub1[1024];
data/pcp-5.2.2/src/pmdas/weblog/check_match.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub2[1024];
data/pcp-5.2.2/src/pmdas/weblog/check_match.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub3[1024];
data/pcp-5.2.2/src/pmdas/weblog/check_match.c:66:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fc = fopen(argv[1], "r")) == NULL) {
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:86:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wl_helpFile[MAXPATHLEN];
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[FILENAME_MAX];
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[FILENAME_MAX];
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emess[120];
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:553:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile = fopen(configFileName, "r");
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:956:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFp = fopen(server->access.fileName, "r");
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:1001:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFp = fopen(server->error.fileName, "r");
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1264:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fip->buf, fip->bp, nch);
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1295:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
theFile->filePtr = open(theFile->fileName, O_RDONLY);
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1441:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFd = open(theFile->fileName, O_RDONLY);
data/pcp-5.2.2/src/pmdas/weblog/weblog.h:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FIBUFSIZE];
data/pcp-5.2.2/src/pmdas/windows/helptext.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char texts[MAX_M_TEXT_LEN]; /* static callback buffer */
data/pcp-5.2.2/src/pmdas/windows/hypnotoad.h:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[MAX_M_PATH_LEN]; /* for PdhExpandCounterPath */
data/pcp-5.2.2/src/pmdas/windows/instance.c:140:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int inst = atoi(p);
data/pcp-5.2.2/src/pmdas/windows/open.c:83:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unknown[20];
data/pcp-5.2.2/src/pmdas/windows/open.c:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[20];
data/pcp-5.2.2/src/pmdas/windows/open.c:125:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[20];
data/pcp-5.2.2/src/pmdas/windows/open.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[80];
data/pcp-5.2.2/src/pmdas/windows/pmda.c:1566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helppath[MAXPATHLEN];
data/pcp-5.2.2/src/pmdumplog/pmdumplog.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timebuf[32]; /* for pmCtime result + .xxx */
data/pcp-5.2.2/src/pmdumplog/pmdumplog.c:575:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
text = (const char *)this_item[cix]->data;
data/pcp-5.2.2/src/pmdumplog/pmdumplog.c:736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmdumplog/pmdumplog.c:1050:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(rawfile, "r")) == NULL) {
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:998:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFile = fopen((const char *)configName.toLatin1(), "r");
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:1225:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer + width - 4, "...\"");
data/pcp-5.2.2/src/pmgadgets/parse.cpp:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char anon[64];
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry, longopt, sizeof(pmLongOptions));
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:317:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/pcp-5.2.2/src/pmhostname/pmhostname.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmie/src/lexicon.c:209:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(name, "r")) == NULL) {
data/pcp-5.2.2/src/pmie/src/lexicon.c:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[LEX_MAX+1]; /* for getting macro name */
data/pcp-5.2.2/src/pmie/src/lexicon.h:42:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char look[LEX_MAX + 2]; /* lookahead ring buffer */
data/pcp-5.2.2/src/pmie/src/pmie.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmie/src/pmie.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char perffile[MAXPATHLEN]; /* /var/tmp/<pid> file name */
data/pcp-5.2.2/src/pmie/src/pmie.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmie/src/pmie.c:238:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(perf->config, "<stdin>");
data/pcp-5.2.2/src/pmie/src/pmie.c:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmie_dir[MAXPATHLEN];
data/pcp-5.2.2/src/pmie/src/pmie.c:348:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(perffile, O_RDWR | O_CREAT | O_EXCL | O_TRUNC,
data/pcp-5.2.2/src/pmie/src/pmie_dump_stats.c:43:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[1], O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmie/src/pragmatics.c:49:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN+MAXHOSTNAMELEN+30];
data/pcp-5.2.2/src/pmie/src/pragmatics.c:1125:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vset->vlist[0].value.pval->vbuf, x->ring, sizeof(double));
data/pcp-5.2.2/src/pmie/src/show.c:434:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dog, "unknown");
data/pcp-5.2.2/src/pmie/src/show.c:498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[30];
data/pcp-5.2.2/src/pmie/src/show.c:949:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfr[26];
data/pcp-5.2.2/src/pmie/src/show.c:961:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfr[26];
data/pcp-5.2.2/src/pmie/src/stats.h:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmie/src/stats.h:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmie/src/stats.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultfqdn[MAXHOSTNAMELEN+1];
data/pcp-5.2.2/src/pmie/src/stomp.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/pmie/src/stomp.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config[MAXPATHLEN];
data/pcp-5.2.2/src/pmie/src/stomp.c:259:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(config, "r")) == NULL) {
data/pcp-5.2.2/src/pmie/src/stomp.c:266:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(isspace_terminate(&buffer[5]));
data/pcp-5.2.2/src/pmie/src/stomp.c:280:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(isspace_terminate(&buffer[8]));
data/pcp-5.2.2/src/pmie/src/syntax.c:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bfr[NAMEGEN_MAX];
data/pcp-5.2.2/src/pmie/src/systemlog.c:36:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(name));
data/pcp-5.2.2/src/pmieconf/io.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ntty, &otty, sizeof(struct termio));
data/pcp-5.2.2/src/pmieconf/pmieconf.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char warn[MAXBUFLEN]; /* buffer for any warning messages */
data/pcp-5.2.2/src/pmieconf/pmieconf.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inbuf[MAXARGS][MAXBUFLEN+1]; /* input buffer */
data/pcp-5.2.2/src/pmieconf/pmieconf.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char previous[MAXVARLEN+1]; /* buffer for last rule name */
data/pcp-5.2.2/src/pmieconf/pmieconf.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastgroup[MAXVARLEN];
data/pcp-5.2.2/src/pmieconf/pmieconf.c:517:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(inbuf[2], "enabled");
data/pcp-5.2.2/src/pmieconf/pmieconf.c:518:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(inbuf[3], "yes");
data/pcp-5.2.2/src/pmieconf/pmieconf.c:526:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(inbuf[2], "enabled");
data/pcp-5.2.2/src/pmieconf/pmieconf.c:527:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(inbuf[3], "no");
data/pcp-5.2.2/src/pmieconf/pmieconf.c:650:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int command = atoi(inbuf[0]);
data/pcp-5.2.2/src/pmieconf/rate-syscalls.c:61:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", 0);
data/pcp-5.2.2/src/pmieconf/rate-syscalls.c:74:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", 0);
data/pcp-5.2.2/src/pmieconf/rate-syscalls.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&myAddr.sin_addr, servInfo->h_addr, servInfo->h_length);
data/pcp-5.2.2/src/pmieconf/rules.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[512]; /* error message buffer */
data/pcp-5.2.2/src/pmieconf/rules.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rulepath[MAXPATHLEN+1]; /* root of rules files */
data/pcp-5.2.2/src/pmieconf/rules.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmiefile[MAXPATHLEN+1]; /* pmie configuration file */
data/pcp-5.2.2/src/pmieconf/rules.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[TOKEN_LENGTH+1];
data/pcp-5.2.2/src/pmieconf/rules.c:842:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localbuf[TOKEN_LENGTH];
data/pcp-5.2.2/src/pmieconf/rules.c:1298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmieconf/rules.c:1306:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(subdir, "r")) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:1701:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sizeof(char *) * (list[i].nvalues + 1))) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:1822:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN+10];
data/pcp-5.2.2/src/pmieconf/rules.c:1846:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "w")) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:1995:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_LENGTH];
data/pcp-5.2.2/src/pmieconf/rules.c:2155:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(get_pmiefile(), "r")) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:2303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmieconf/rules.c:2332:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(proc, O_RDONLY)) < 0)
data/pcp-5.2.2/src/pmiestatus/pmiestatus.c:27:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int f = open(argv[i], O_RDONLY, 0);
data/pcp-5.2.2/src/pminfo/pminfo.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pminfo/pminfo.c:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pminfo/pminfo.c:537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pminfo/pminfo.c:557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *iname, buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pminfo/pminfo.c:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pminfo/pminfo.c:643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PM_MAXLABELJSONLEN+256];
data/pcp-5.2.2/src/pminfo/pminfo.c:660:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PM_MAXLABELJSONLEN+512];
data/pcp-5.2.2/src/pminfo/pminfo.c:684:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pminfo/pminfo.c:685:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[40+2];
data/pcp-5.2.2/src/pminfo/pminfo.c:686:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[20], *idhash;
data/pcp-5.2.2/src/pminfo/pminfo.c:717:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[20], *idhash;
data/pcp-5.2.2/src/pminfo/pminfo.c:719:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PM_MAXLABELJSONLEN], hash[64], *iname;
data/pcp-5.2.2/src/pminfo/pminfo.c:794:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[60];
data/pcp-5.2.2/src/pmjson/pmjson.c:101:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(in = fopen(infile, "r")) == NULL) {
data/pcp-5.2.2/src/pmjson/pmjson.c:107:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(out = fopen(outfile, "w")) == NULL) {
data/pcp-5.2.2/src/pmlc/actions.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_hostname[PM_LOG_MAXHOSTLEN];
data/pcp-5.2.2/src/pmlc/actions.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_tz[40]; /* $TZ at collection host */
data/pcp-5.2.2/src/pmlc/actions.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_tzlogger[40]; /* $TZ at pmlogger */
data/pcp-5.2.2/src/pmlc/actions.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startbuf[TZBUFSZ];
data/pcp-5.2.2/src/pmlc/actions.c:573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastbuf[TZBUFSZ];
data/pcp-5.2.2/src/pmlc/actions.c:574:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timenowbuf[TZBUFSZ];
data/pcp-5.2.2/src/pmlock/pmlock.c:34:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[1], O_CREAT|O_EXCL|O_RDONLY, 0)) < 0) {
data/pcp-5.2.2/src/pmlogcheck/pass0.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBase[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogcheck/pass1.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogcheck/pass3.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[32]; /* for pmCtime result + .xxx */
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[32]; /* for pmCtime result + .xxx */
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBase[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char archname[MAXPATHLEN]; /* full pathname to base of archive name */
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupdir[MAXPATHLEN]; /* path to pmlogconf groups files */
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, bytes[1024];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[256], *name;
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:454:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(filename, "r")) != NULL) {
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:776:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:990:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[BUFSIZ];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1002:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(tmpconfig, O_CREAT|O_EXCL|O_RDWR, mode)) < 0 ||
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1154:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(setupfile, "r")) != NULL) {
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1248:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char answer[64];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[16] = {0};
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[BUFSIZ];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[512];
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[16] = {0};
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1702:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(config, finaltag ? "r" : "r+")) == NULL) {
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1704:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(config, "w+");
data/pcp-5.2.2/src/pmlogconf/pmrepconf.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/pcp-5.2.2/src/pmlogconf/pmrepconf.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[16] = {0};
data/pcp-5.2.2/src/pmlogconf/pmrepconf.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[BUFSIZ];
data/pcp-5.2.2/src/pmlogconf/pmrepconf.c:588:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(config, finaltag ? "r" : "r+")) == NULL) {
data/pcp-5.2.2/src/pmlogconf/pmrepconf.c:590:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(config, "w+");
data/pcp-5.2.2/src/pmlogconf/util.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmlogconf/util.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmlogconf/util.c:303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tail[2] = { (char)trailer, '\0'};
data/pcp-5.2.2/src/pmlogextract/logger.h:102:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char emess[240];
data/pcp-5.2.2/src/pmlogextract/logio.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tail, &p[ntohl(head) - sizeof(head)], sizeof(head));
data/pcp-5.2.2/src/pmlogextract/metriclist.c:85:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->vset[0]->vlist[i].value.pval->vbuf,
data/pcp-5.2.2/src/pmlogextract/pmlogextract.c:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXNAMELEN];
data/pcp-5.2.2/src/pmlogextract/pmlogextract.c:1196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pcp-5.2.2/src/pmlogextract/pmlogextract.c:2195:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyin = fopen(configfile, "r")) == NULL) {
data/pcp-5.2.2/src/pmlogger/src/callback.c:511:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmp_names = (char **)realloc(names, numnames * sizeof(names[0]) + str_len);
data/pcp-5.2.2/src/pmlogger/src/checks.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[20], buf2[20];
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_hostname[PM_LOG_MAXHOSTLEN];
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_tz[40]; /* $TZ at collection host */
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_tzlogger[40]; /* $TZ at pmlogger */
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:603:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rqp->r_desc, dp, need);
data/pcp-5.2.2/src/pmlogger/src/error.c:49:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lineno = atoi(ip)-1;
data/pcp-5.2.2/src/pmlogger/src/logue.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/logue.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:311:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[100];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:372:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuf[100+MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:468:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmp);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:471:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(msg, O_WRONLY|O_CREAT|O_EXCL, 0600);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:517:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf, "Yes");
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:534:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lbuf, "Yes");
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[3*MAXPATHLEN+80];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:599:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(configfile, "r")) == NULL) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[26];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:708:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thishost[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:730:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("Latest", "w")) == NULL) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:786:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delta.tv_sec = atoi(endnum);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1023:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xnote[10];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1210:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(archName, archBase, strlen(archBase)+1);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rsc_buf[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1523:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sig_msg[100];
data/pcp-5.2.2/src/pmlogger/src/ports.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogger/src/ports.c:64:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*pidp = atoi(p+1);
data/pcp-5.2.2/src/pmlogger/src/ports.c:74:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*pidp = atoi(p+1);
data/pcp-5.2.2/src/pmlogger/src/ports.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char globalPath[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/ports.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localPath[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/ports.c:262:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxpending = atoi(env_str);
data/pcp-5.2.2/src/pmlogger/src/ports.c:383:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(env_str) != 0)
data/pcp-5.2.2/src/pmlogger/src/ports.c:445:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapfd = open(file, O_WRONLY | O_EXCL | O_CREAT,
data/pcp-5.2.2/src/pmlogger/src/ports.c:476:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/ports.c:508:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/ports.c:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogger/src/ports.c:699:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t pid = atoi(pidfile + i);
data/pcp-5.2.2/src/pmlogger/src/ports.c:762:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmlc_host[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmloglabel/pmloglabel.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN];
data/pcp-5.2.2/src/pmloglabel/pmloglabel.c:209:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(opts.optarg);
data/pcp-5.2.2/src/pmloglabel/pmloglabel.c:222:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(opts.optarg);
data/pcp-5.2.2/src/pmlogmv/pmlogmv.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogmv/pmlogmv.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogmv/pmlogmv.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogpaste/pmlogpaste.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostname_buffer[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmlogpaste/pmlogpaste.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + input_length, buffer, length);
data/pcp-5.2.2/src/pmlogpaste/pmlogpaste.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/pcp-5.2.2/src/pmlogpaste/pmlogpaste.c:80:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/pcp-5.2.2/src/pmlogreduce/pmlogreduce.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[26];
data/pcp-5.2.2/src/pmlogreduce/pmlogreduce.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXNAMELEN];
data/pcp-5.2.2/src/pmlogrewrite/indom.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other[1];
data/pcp-5.2.2/src/pmlogrewrite/indom.c:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_ilist, *instlist, size);
data/pcp-5.2.2/src/pmlogrewrite/indom.c:289:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_namelist, *inamelist, size);
data/pcp-5.2.2/src/pmlogrewrite/label.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmlogrewrite/label.c:205:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(*labelsets)[i].json, (void *)&tbuf[k], jsonlen);
data/pcp-5.2.2/src/pmlogrewrite/label.c:421:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pcp-5.2.2/src/pmlogrewrite/label.c:440:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/pcp-5.2.2/src/pmlogrewrite/label.c:542:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_json, lsp->json, current_label->name);
data/pcp-5.2.2/src/pmlogrewrite/label.c:543:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_json + current_label->name + current_label->namelen + delta,
data/pcp-5.2.2/src/pmlogrewrite/label.c:562:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_name, lp->new_label + 1, new_label_len);
data/pcp-5.2.2/src/pmlogrewrite/label.c:638:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_json, lsp->json, current_label->value);
data/pcp-5.2.2/src/pmlogrewrite/label.c:639:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_json + current_label->value + current_label->valuelen + delta,
data/pcp-5.2.2/src/pmlogrewrite/label.c:665:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_value, lp->new_value, new_value_len);
data/pcp-5.2.2/src/pmlogrewrite/label.c:685:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmlogrewrite/label.c:878:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PM_MAXLABELJSONLEN];
data/pcp-5.2.2/src/pmlogrewrite/logger.h:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[PM_LOG_MAXHOSTLEN];
data/pcp-5.2.2/src/pmlogrewrite/logger.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tz[PM_TZ_MAXLEN];
data/pcp-5.2.2/src/pmlogrewrite/logger.h:194:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char mess[256];
data/pcp-5.2.2/src/pmlogrewrite/logio.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tail, &p[ntohl(head) - sizeof(head)], sizeof(head));
data/pcp-5.2.2/src/pmlogrewrite/metric.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[1];
data/pcp-5.2.2/src/pmlogrewrite/metric.c:112:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*names = (char **)malloc(*numnames * sizeof(*names[1]));
data/pcp-5.2.2/src/pmlogrewrite/metric.c:121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&slen, p, LENSIZE);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bak_base[MAXPATHLEN+1]; /* basename for backup with -i */
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:398:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((yyin = fopen(configfile, "r")) == NULL) {
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:419:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[64];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1571:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dir_fd = open(dname, O_RDONLY)) < 0) {
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1578:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
tmp_f1 = mkstemp(path);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1588:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
tmp_f2 = mkstemp(bak_base);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1614:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp_f1 = open(outarch.name, O_WRONLY|O_CREAT|O_EXCL, 0600);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1625:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp_f2 = open(bak_base, O_WRONLY|O_CREAT|O_EXCL, 0600);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1984:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXNAMELEN+1];
data/pcp-5.2.2/src/pmlogrewrite/result.c:165:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pickval.ll, &inarch.rp->vset[i]->vlist[0].value.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/pmlogrewrite/result.c:168:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pickval.ull, &inarch.rp->vset[i]->vlist[0].value.pval->vbuf, sizeof(__uint64_t));
data/pcp-5.2.2/src/pmlogrewrite/result.c:171:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pickval.f, &inarch.rp->vset[i]->vlist[0].value.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/pmlogrewrite/result.c:174:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pickval.d, &inarch.rp->vset[i]->vlist[0].value.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/pmlogrewrite/result.c:215:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&jval.ll, &inarch.rp->vset[i]->vlist[j].value.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/pmlogrewrite/result.c:236:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&jval.ull, &inarch.rp->vset[i]->vlist[j].value.pval->vbuf, sizeof(__int64_t));
data/pcp-5.2.2/src/pmlogrewrite/result.c:257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&jval.f, &inarch.rp->vset[i]->vlist[j].value.pval->vbuf, sizeof(float));
data/pcp-5.2.2/src/pmlogrewrite/result.c:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&jval.d, &inarch.rp->vset[i]->vlist[j].value.pval->vbuf, sizeof(double));
data/pcp-5.2.2/src/pmlogrewrite/result.c:326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inarch.rp->vset[i]->vlist[0].value.pval->vbuf, &pickval.ll, sizeof(__int64_t));
data/pcp-5.2.2/src/pmlogrewrite/result.c:329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inarch.rp->vset[i]->vlist[0].value.pval->vbuf, &pickval.ull, sizeof(__uint64_t));
data/pcp-5.2.2/src/pmlogrewrite/result.c:332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inarch.rp->vset[i]->vlist[0].value.pval->vbuf, &pickval.f, sizeof(float));
data/pcp-5.2.2/src/pmlogrewrite/result.c:335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inarch.rp->vset[i]->vlist[0].value.pval->vbuf, &pickval.d, sizeof(double));
data/pcp-5.2.2/src/pmlogrewrite/util.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/util.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opath[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/util.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char npath[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/util.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbase[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/util.c:151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
found = (char **)realloc(found, nfound*sizeof(found[0]));
data/pcp-5.2.2/src/pmlogrewrite/util.c:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogrewrite/util.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbase[MAXPATHLEN+1];
data/pcp-5.2.2/src/pmlogsize/data.c:302:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp->value.pval, vsp->vlist[j].value.pval, vlen);
data/pcp-5.2.2/src/pmlogsize/data.c:325:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp->value.pval, vsp->vlist[j].value.pval, vlen);
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logBase[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:189:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thres = atoi(opts.optarg);
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:236:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pcp-5.2.2/src/pmlogsummary/pmlogsummary.c:109:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timebuf[32]; /* for pmCtime result + .xxx */
data/pcp-5.2.2/src/pmns/pmnsdel.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmnsfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmns/pmnsdel.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfname[MAXPATHLEN];
data/pcp-5.2.2/src/pmns/pmnsdel.c:189:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outf = fopen(outfname, "w")) == NULL) {
data/pcp-5.2.2/src/pmns/pmnsmerge.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[40];
data/pcp-5.2.2/src/pmns/pmnsmerge.c:82:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(argv[i], "r")) == NULL) {
data/pcp-5.2.2/src/pmns/pmnsmerge.c:281:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outf = fopen(argv[argc-1], "w+")) == NULL) {
data/pcp-5.2.2/src/pmpost/pmpost.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notices[MAXPATHLEN];
data/pcp-5.2.2/src/pmpost/pmpost.c:130:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(notices, O_WRONLY|O_APPEND, 0)) < 0) {
data/pcp-5.2.2/src/pmpost/pmpost.c:131:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(notices, O_WRONLY|O_CREAT|O_APPEND, 0664)) < 0) {
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MY_BUFLEN];
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:572:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fdStr[FDNAMELEN];
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:573:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *stdFds[4] = {"*UNKNOWN FD*", "stdin", "stdout", "stderr"};
data/pcp-5.2.2/src/pmproxy/src/http.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *out, escape[4] = {0};
data/pcp-5.2.2/src/pmproxy/src/http.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[64];
data/pcp-5.2.2/src/pmproxy/src/http.c:320:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ", GET");
data/pcp-5.2.2/src/pmproxy/src/http.c:322:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ", PUT");
data/pcp-5.2.2/src/pmproxy/src/http.c:324:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ", HEAD");
data/pcp-5.2.2/src/pmproxy/src/http.c:326:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ", POST");
data/pcp-5.2.2/src/pmproxy/src/http.c:328:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ", TRACE");
data/pcp-5.2.2/src/pmproxy/src/http.c:330:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(p, ", OPTIONS");
data/pcp-5.2.2/src/pmproxy/src/http.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmproxy/src/http.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmproxy/src/http.c:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length[32]; /* hex length */
data/pcp-5.2.2/src/pmproxy/src/http.c:1025:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chunked_transfer_size = atoi(option);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sockpath[MAXPATHLEN]; /* local unix domain socket path */
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:51:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = fopen(fatalfile, "w")) != NULL) {
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:54:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((log = fopen(logfile, "r")) != NULL) {
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:262:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*maxpending = atoi(option);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:344:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((localhost = atoi(envstr)) != 0) {
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:350:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxpending = atoi(envstr);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newlogfile[MAXPATHLEN];
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[11]; /* enough for a 32-bit pid */
data/pcp-5.2.2/src/pmproxy/src/search.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmproxy/src/server.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file, path[MAXPATHLEN];
data/pcp-5.2.2/src/pmproxy/src/server.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/pcp-5.2.2/src/pmproxy/src/server.c:541:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
keepalive = atoi(option);
data/pcp-5.2.2/src/pmproxy/src/webapi.c:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmidstr[20], indomstr[20];
data/pcp-5.2.2/src/pmproxy/src/webapi.c:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmidstr[20];
data/pcp-5.2.2/src/pmproxy/src/webapi.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indomstr[20];
data/pcp-5.2.2/src/pmproxy/src/webapi.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmidstr[20], indomstr[20];
data/pcp-5.2.2/src/pmquery/main.cpp:253:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::ReadOnly)) {
data/pcp-5.2.2/src/pmseries/pmseries.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct_buf[32];
data/pcp-5.2.2/src/pmseries/pmseries.c:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/pmseries/pmseries.c:758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/pmseries/pmseries.c:970:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/pmseries/pmseries.c:996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PM_MAXERRMSGLEN];
data/pcp-5.2.2/src/pmseries/pmseries.c:1138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tzbuffer[128];
data/pcp-5.2.2/src/pmstat/pmstat.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/pcp-5.2.2/src/pmstat/pmstat.c:502:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[26];
data/pcp-5.2.2/src/pmstore/pmstore.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *namelist[1];
data/pcp-5.2.2/src/pmtime/console.cpp:34:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/pmtime/console.cpp:56:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/pcp-5.2.2/src/pmtime/main.cpp:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/pcp-5.2.2/src/pmtime/pmtimearch.cpp:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[64];
data/pcp-5.2.2/src/pmtime/pmtimearch.cpp:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctimebuf[32], msecbuf[5];
data/pcp-5.2.2/src/pmtime/pmtimearch.cpp:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[64];
data/pcp-5.2.2/src/pmtime/pmtimelive.cpp:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctimebuf[32], msecbuf[5];
data/pcp-5.2.2/src/pmtime/pmtimelive.cpp:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[64];
data/pcp-5.2.2/src/pmtime/showboundsdialog.cpp:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctimebuf[32];
data/pcp-5.2.2/src/pmtime/showboundsdialog.cpp:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctimebuf[32];
data/pcp-5.2.2/src/pmtime/timelord.cpp:40:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[32];
data/pcp-5.2.2/src/pmtime/timelord.cpp:43:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "Disconnected State");
data/pcp-5.2.2/src/pmtime/timelord.cpp:45:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "ClientConnectSET State");
data/pcp-5.2.2/src/pmtime/timelord.cpp:47:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "ServerConnectACK State");
data/pcp-5.2.2/src/pmtime/timelord.cpp:49:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "ServerNeedACK State");
data/pcp-5.2.2/src/pmtime/timelord.cpp:51:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "ClientReady State");
data/pcp-5.2.2/src/pmtime/timelord.cpp:53:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "Unknown State");
data/pcp-5.2.2/src/pmval/pmval.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbfr[26];
data/pcp-5.2.2/src/pmval/pmval.c:739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbfr[26];
data/pcp-5.2.2/src/pmval/pmval.c:822:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(opts->optarg) == 0)
data/pcp-5.2.2/src/pmview/barmod.cpp:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/pmview/launch.cpp:366:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char launch_path[MAXPATHLEN];
data/pcp-5.2.2/src/pmview/main.cpp:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theBuffer[theBufferLen];
data/pcp-5.2.2/src/pmview/main.cpp:209:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(yyin = fopen(configfile, "r"))) {
data/pcp-5.2.2/src/pmview/main.cpp:226:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(configfile);
data/pcp-5.2.2/src/pmview/main.cpp:232:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(configfile, O_RDWR|O_APPEND|O_CREAT|O_EXCL, 0600);
data/pcp-5.2.2/src/pmview/metriclist.cpp:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[48];
data/pcp-5.2.2/src/pmview/modlist.cpp:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pcp-5.2.2/src/pmview/pmview.cpp:170:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
passes = atoi(sval);
data/pcp-5.2.2/src/pmview/pmview.cpp:179:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
viewer()->setAntialiasing(smooth, atoi(sval));
data/pcp-5.2.2/src/pmview/pmview.cpp:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestring[32];
data/pcp-5.2.2/src/pmview/scenefileobj.cpp:110:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int fd = atoi(_sceneFileName+1);
data/pcp-5.2.2/src/pmview/scenefileobj.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _sceneFileName[MAXPATHLEN];
data/pcp-5.2.2/src/pmview/stackmod.cpp:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pcp-5.2.2/src/pmview/text.cpp:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2] = { ' ', '\0' };
data/pcp-5.2.2/src/python/pmapi.c:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argstring[2] = { (char)opt, '\0' };
data/pcp-5.2.2/src/python/pmapi.c:735:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *arg, argstring[2] = { (char)opt, '\0' };
data/pcp-5.2.2/src/python/pmda.c:1446:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[32];
data/pcp-5.2.2/src/win32ctl/eventlog/pcp-eventlog.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pcp-5.2.2/src/win32ctl/eventlog/pcp-eventlog.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[32*1024];
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pcpdir[MAXPATHLEN+16]; /* PCP_DIR environment variable */
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pcpconf[MAXPATHLEN+16]; /* PCP_CONF string for putenv */
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pcpdirenv[MAXPATHLEN+16]; /* PCP_DIR string for putenv */
data/pcp-5.2.2/src/win32ctl/services/pcp-services.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAXPATHLEN];
data/pcp-5.2.2/src/win32ctl/setevent/pcp-setevent.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/pcp-5.2.2/src/win32ctl/setevent/pcp-setevent.c:51:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if ((pid = (pid_t)atoi(argv[2])) < 1)
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *names[MAXBATCH];
data/pcp-5.2.2/qa/pmdas/github-56/trivial.c:46:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char ** namebuf = malloc(sizeof(char *) + strlen(metric) + 1);
data/pcp-5.2.2/qa/qt/qmc_group/qmc_group.cpp:175:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cout << keywords[keyText] << sep << strlen(buf) << endl;
data/pcp-5.2.2/qa/src/addctxdm.c:48:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/qa/src/aggrstore.c:101:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[optind+1]);
data/pcp-5.2.2/qa/src/anon-sa.c:44:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &sa_magic, sizeof(sa_magic)) < 0) {
data/pcp-5.2.2/qa/src/anon-sa.c:83:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fd, hostname, sizeof(hostname))) < 0) {
data/pcp-5.2.2/qa/src/anon-sa.c:89:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(hostname);
data/pcp-5.2.2/qa/src/badmmv.c:76:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(header->magic, "MMV", 4);
data/pcp-5.2.2/qa/src/badmmv.c:107:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(header->magic, "MMV", 4);
data/pcp-5.2.2/qa/src/badmmv.c:118:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(header->magic, "MMv", 4);
data/pcp-5.2.2/qa/src/chain.c:132:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(0, pbuf, sizeof(pbuf));
data/pcp-5.2.2/qa/src/clientid.c:72:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *)malloc(strlen(argv[a])+strlen(TAG)+1);
data/pcp-5.2.2/qa/src/clientid.c:72:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *)malloc(strlen(argv[a])+strlen(TAG)+1);
data/pcp-5.2.2/qa/src/context_fd_leak.c:94:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[1]) + 1;
data/pcp-5.2.2/qa/src/countmark.c:37:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(in, buf, sizeof(*len))) != sizeof(*len)) {
data/pcp-5.2.2/qa/src/countmark.c:51:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(in, &buf[sizeof(*len)], htonl(*len)-sizeof(*len))) != htonl(*len)-sizeof(*len)) {
data/pcp-5.2.2/qa/src/crashpmcd.c:48:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(fd, buf, sizeof(buf));
data/pcp-5.2.2/qa/src/drain-server.c:119:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((sts = read(newfd, &c, 1)) == 1)
data/pcp-5.2.2/qa/src/dumb_pmda.c:14:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define __pmRead read
data/pcp-5.2.2/qa/src/exectest.c:118:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(pin)) != EOF) {
data/pcp-5.2.2/qa/src/exectest.c:138:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fin)) != EOF) {
data/pcp-5.2.2/qa/src/exectest.c:165:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fin)) != EOF) {
data/pcp-5.2.2/qa/src/exectest.c:176:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(pin)) != EOF) {
data/pcp-5.2.2/qa/src/fetchloop.c:36:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("dometric: namelist[]", strlen(name)+1, PM_FATAL_ERR);
data/pcp-5.2.2/qa/src/fetchloop.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = '\0';
data/pcp-5.2.2/qa/src/grind_conv.c:105:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iv.vbp = (pmValueBlock *)malloc(PM_VAL_HDR_SIZE+strlen(vp));
data/pcp-5.2.2/qa/src/grind_conv.c:106:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iv.vbp->vlen = PM_VAL_HDR_SIZE+strlen(vp);
data/pcp-5.2.2/qa/src/grind_conv.c:108:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(iv.vbp->vbuf, vp, strlen(vp));
data/pcp-5.2.2/qa/src/hrunpack.c:66:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(avp->cp);
data/pcp-5.2.2/qa/src/iohack.c:27:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = write(fd, str, (int)strlen(str));
data/pcp-5.2.2/qa/src/iohack.c:28:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len != strlen(str)) {
data/pcp-5.2.2/qa/src/iohack.c:29:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(ferr, "write(%d, ...): botch, len=%d not %d\n", fd, len, (int)strlen(str));
data/pcp-5.2.2/qa/src/iohack.c:41:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &c, 1);
data/pcp-5.2.2/qa/src/keycache2.c:97:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mykeylen = strlen(name);
data/pcp-5.2.2/qa/src/keycache2.c:129:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mykeylen = strlen(name);
data/pcp-5.2.2/qa/src/keycache2.c:151:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mykeylen = strlen(name);
data/pcp-5.2.2/qa/src/keycache2.c:238:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mykeylen = strlen(name);
data/pcp-5.2.2/qa/src/mkfiles.c:42:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(argv[1]);
data/pcp-5.2.2/qa/src/mmv_ondisk.c:15:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(header->magic, "MMV", 4);
data/pcp-5.2.2/qa/src/multithread3.c:151:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(pmns, strlen(pmns), 1, f) != 1) {
data/pcp-5.2.2/qa/src/multithread3.c:204:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(pmns, strlen(pmns), 1, f) != 1) {
data/pcp-5.2.2/qa/src/multithread8.c:45:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(f, "%s: %s: %d", fn, namelist[i], (int)strlen(tmp));
data/pcp-5.2.2/qa/src/multithread8.c:51:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(f, " & %d", (int)strlen(tmp));
data/pcp-5.2.2/qa/src/multithread8.c:60:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(f, " %s: %d", pmInDomStr_r(desclist[i].indom, strbuf, sizeof(strbuf)), (int)strlen(tmp));
data/pcp-5.2.2/qa/src/multithread8.c:66:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(f, " & %d", (int)strlen(tmp));
data/pcp-5.2.2/qa/src/multithread9.c:52:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*((int *)closure) += strlen(name);
data/pcp-5.2.2/qa/src/nvidia-ml.c:195:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, dev->name, length);
data/pcp-5.2.2/qa/src/pdu-server.c:320:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/pcp-5.2.2/qa/src/pdu-server.c:350:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, buffer, length);
data/pcp-5.2.2/qa/src/pdu-server.c:353:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, buffer, sizeof(buf)-2);
data/pcp-5.2.2/qa/src/pdu-server.c:355:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, &buffer[length-18], sizeof(buf)-2);
data/pcp-5.2.2/qa/src/pducheck.c:812:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((e = __pmParseLabelSet(TEMP, strlen(TEMP), PM_LABEL_ITEM, &labels)) < 0) {
data/pcp-5.2.2/qa/src/proc_test.c:194:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(msg);
data/pcp-5.2.2/qa/src/proc_test.c:209:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(msg);
data/pcp-5.2.2/qa/src/proc_test.c:243:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ndigit = (int)strlen(directp->d_name);
data/pcp-5.2.2/qa/src/proc_test.c:437:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, x, strlen(x)) != 0 ||
data/pcp-5.2.2/qa/src/proc_test.c:438:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(name[strlen(x)] != '\0' && name[strlen(x)] != ' ')) {
data/pcp-5.2.2/qa/src/proc_test.c:438:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(name[strlen(x)] != '\0' && name[strlen(x)] != ' ')) {
data/pcp-5.2.2/qa/src/proc_test.c:444:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(q, x, strlen(x)) != 0 ||
data/pcp-5.2.2/qa/src/proc_test.c:445:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(q[strlen(x)] != '\0' && q[strlen(x)] != ' ')) {
data/pcp-5.2.2/qa/src/proc_test.c:445:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(q[strlen(x)] != '\0' && q[strlen(x)] != ' ')) {
data/pcp-5.2.2/qa/src/qa_timezone.c:29:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tz) > PM_TZ_MAXLEN) {
data/pcp-5.2.2/qa/src/read-bf.c:37:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(0, &extbits, sizeof(ext_bits_t));
data/pcp-5.2.2/qa/src/rootclient.c:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(contain);
data/pcp-5.2.2/qa/src/scanmeta.c:297:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(names[i], cp, len);
data/pcp-5.2.2/qa/src/scanmeta.c:491:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(in, &hdr, sizeof(hdr))) != sizeof(hdr)) {
data/pcp-5.2.2/qa/src/scanmeta.c:524:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(in, buf, len)) != len) {
data/pcp-5.2.2/qa/src/sortinst.c:165:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = strlen(sortlines[cur]);
data/pcp-5.2.2/qa/src/storepmcd.c:94:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = PM_VAL_HDR_SIZE + strlen(name) + 1;
data/pcp-5.2.2/qa/src/stripmark.c:45:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(in, buf, sizeof(*len))) != sizeof(*len)) {
data/pcp-5.2.2/qa/src/stripmark.c:59:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(in, &buf[sizeof(*len)], htonl(*len)-sizeof(*len))) != htonl(*len)-sizeof(*len)) {
data/pcp-5.2.2/qa/src/sum16.c:17:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp)) != EOF) {
data/pcp-5.2.2/qa/src/torture_cache.c:546:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nbuf, xxx, ncount+3);
data/pcp-5.2.2/qa/src/unpack.c:67:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(avp->cp);
data/pcp-5.2.2/qa/src/write-bf.c:37:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(0, &extbits, sizeof(ext_bits_t));
data/pcp-5.2.2/qa/src/xval.c:229:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vbp->vlen = PM_VAL_HDR_SIZE + strlen(vbp->vbuf) + 1;
data/pcp-5.2.2/qa/src/xval.c:529:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vbp->vlen = PM_VAL_HDR_SIZE + strlen(bv.cp);
data/pcp-5.2.2/src/collectl2pcp/collectl2pcp.c:265:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f = fields_new(buf, strlen(buf)+1);
data/pcp-5.2.2/src/collectl2pcp/disk.c:36:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(metric, subtree, sizeof(metric) - 1);
data/pcp-5.2.2/src/collectl2pcp/disk.c:37:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(metric, leaf, sizeof(metric) - strlen(metric) - 1);
data/pcp-5.2.2/src/collectl2pcp/disk.c:37:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(metric, leaf, sizeof(metric) - strlen(metric) - 1);
data/pcp-5.2.2/src/collectl2pcp/header.c:37:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f = fields_new(buf, strlen(buf)+1);
data/pcp-5.2.2/src/collectl2pcp/header.c:82:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/pcp-5.2.2/src/collectl2pcp/header.c:91:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/pcp-5.2.2/src/collectl2pcp/proc.c:242:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command, " ");
data/pcp-5.2.2/src/collectl2pcp/util.c:38:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(h->pattern, tag, strlen(h->pattern)-1) == 0)
data/pcp-5.2.2/src/dbpmda/src/dso.c:500:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buffer) + 1; /* length of value */
data/pcp-5.2.2/src/dbpmda/src/pmda.c:210:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s_un.sun_path, fname, sizeof(s_un.sun_path)-1);
data/pcp-5.2.2/src/dbpmda/src/pmda.c:212:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)offsetof(struct sockaddr_un, sun_path) + (int)strlen(s_un.sun_path)+1;
data/pcp-5.2.2/src/dbpmda/src/pmda.c:863:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = !buffer ? 0 : strlen(buffer) + 1; /* value length */
data/pcp-5.2.2/src/dbpmda/src/pmda.c:922:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atom.cp = (char *)malloc(strlen(param.name) + 1);
data/pcp-5.2.2/src/dbpmda/src/util.c:127:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(s1) + (int)strlen(s2) + 1;
data/pcp-5.2.2/src/dbpmda/src/util.c:127:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(s1) + (int)strlen(s2) + 1;
data/pcp-5.2.2/src/external/dict.c:1083:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/pcp-5.2.2/src/external/ini.c:36:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = s + strlen(s);
data/pcp-5.2.2/src/external/ini.c:73:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, size - 1);
data/pcp-5.2.2/src/external/ini.c:120:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(line);
data/pcp-5.2.2/src/external/ini.c:135:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(line + offset);
data/pcp-5.2.2/src/external/ini.c:266:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx.num_left = strlen(string);
data/pcp-5.2.2/src/external/jsonsl.c:818:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_len = strlen(in);
data/pcp-5.2.2/src/external/jsonsl.c:881:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
component->len = strlen(component->pstr);
data/pcp-5.2.2/src/external/jsonsl.c:930:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
my_copy = (char *)malloc(strlen(path) + 1);
data/pcp-5.2.2/src/external/jsonsl.c:960:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origlen = strlen(path) + 1;
data/pcp-5.2.2/src/external/sds.c:153:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t initlen = (init == NULL) ? 0 : strlen(init);
data/pcp-5.2.2/src/external/sds.c:183:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t reallen = strlen(s);
data/pcp-5.2.2/src/external/sds.c:407:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sdscatlen(s, t, strlen(t));
data/pcp-5.2.2/src/external/sds.c:434:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sdscpylen(s, t, strlen(t));
data/pcp-5.2.2/src/external/sds.c:519:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(fmt)*2;
data/pcp-5.2.2/src/external/sds.c:622:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (next == 's') ? strlen(str) : sdslen(str);
data/pcp-5.2.2/src/libpcp/src/access.c:633:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrSize = strlen(path);
data/pcp-5.2.2/src/libpcp/src/access.c:867:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errmsg, hoststrerror(), PM_MAXERRMSGLEN); /* THREADSAFE */
data/pcp-5.2.2/src/libpcp/src/access.c:983:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("AddGroup name", strlen(name)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/access.c:1101:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("AddUser name", strlen(name)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:189:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr->sockaddr.local.sun_path, path, buflen);
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:222:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(mask->sockaddr.local.sun_path);
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:314:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) >= sizeof(addr->sockaddr.local.sun_path))
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:338:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp1, cp, size);
data/pcp-5.2.2/src/libpcp/src/auxconnect.c:1606:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(socket, buffer, length);
data/pcp-5.2.2/src/libpcp/src/auxserver.c:250:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("AddInterface: cannot strdup interface", strlen(address), PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1192:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strchr("@/", notify_socket[0])) == NULL || strlen(notify_socket) < 2) {
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1205:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(su.sun_path, notify_socket, sizeof(su.sun_path)-1);
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1212:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov.iov_len = strlen(msg);
data/pcp-5.2.2/src/libpcp/src/auxserver.c:1215:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(notify_socket);
data/pcp-5.2.2/src/libpcp/src/avahi.c:437:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = sizeof("PCP..on.") + strlen(host) +
data/pcp-5.2.2/src/libpcp/src/avahi.c:438:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(s->serviceSpec); /* includes room for the nul */
data/pcp-5.2.2/src/libpcp/src/avahi.c:448:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = sizeof("_._tcp") + strlen(s->serviceSpec); /* includes room for the nul */
data/pcp-5.2.2/src/libpcp/src/avahi.c:738:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = sizeof("_._tcp") + strlen(service); /* includes room for the nul */
data/pcp-5.2.2/src/libpcp/src/avahi.c:759:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timeoutBegin += strlen(",timeout="); /* skip over it */
data/pcp-5.2.2/src/libpcp/src/config.c:203:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) >= 8 &&
data/pcp-5.2.2/src/libpcp/src/config.c:211:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_path = (char *)malloc(strlen(pcp_dir) + strlen(start) + 1);
data/pcp-5.2.2/src/libpcp/src/config.c:211:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_path = (char *)malloc(strlen(pcp_dir) + strlen(start) + 1);
data/pcp-5.2.2/src/libpcp/src/config.c:213:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmNativePath", strlen(pcp_dir) + strlen(start) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/config.c:213:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmNativePath", strlen(pcp_dir) + strlen(start) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/config.c:216:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_path, pcp_dir, strlen(pcp_dir) + 1);
data/pcp-5.2.2/src/libpcp/src/config.c:216:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(new_path, pcp_dir, strlen(pcp_dir) + 1);
data/pcp-5.2.2/src/libpcp/src/config.c:220:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(new_path, start, strlen(start) + 1);
data/pcp-5.2.2/src/libpcp/src/config.c:220:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(new_path, start, strlen(start) + 1);
data/pcp-5.2.2/src/libpcp/src/config.c:243:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vend = &val[strlen(val)-1];
data/pcp-5.2.2/src/libpcp/src/config.c:317:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen("/etc/pcp.conf") + 1, "/etc/pcp.conf");
data/pcp-5.2.2/src/libpcp/src/config.c:476:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/pcp-5.2.2/src/libpcp/src/connect.c:64:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__pmSend(fd, MY_VERSION, strlen(MY_VERSION), 0) != strlen(MY_VERSION)) {
data/pcp-5.2.2/src/libpcp/src/connect.c:64:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__pmSend(fd, MY_VERSION, strlen(MY_VERSION), 0) != strlen(MY_VERSION)) {
data/pcp-5.2.2/src/libpcp/src/connect.c:95:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__pmSend(fd, buf, strlen(buf), 0) != strlen(buf)) {
data/pcp-5.2.2/src/libpcp/src/connect.c:95:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__pmSend(fd, buf, strlen(buf), 0) != strlen(buf)) {
data/pcp-5.2.2/src/libpcp/src/connect.c:193:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(name);
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:91:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(configFileName, config, sizeof(configFileName));
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:230:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->data ? strlen(node->data)+1 : 0,
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:536:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmLocalPMDA name", strlen(name)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:547:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmLocalPMDA init", strlen(init)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/connectlocal.c:629:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmSpecLocalPMDA dup spec", strlen(spec)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/context.c:279:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, resp->vset[0]->vlist[0].value.pval->vbuf, buflen);
data/pcp-5.2.2/src/libpcp/src/context.c:298:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, name, buflen-1);
data/pcp-5.2.2/src/libpcp/src/context.c:306:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ctxp->c_archctl->ac_log->l_label.ill_hostname, buflen-1);
data/pcp-5.2.2/src/libpcp/src/context.c:644:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirsize = strlen(dirname) + 1; /* room for the path separator */
data/pcp-5.2.2/src/libpcp/src/context.c:706:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (current);
data/pcp-5.2.2/src/libpcp/src/context.c:742:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix = direntp->d_name + strlen(direntp->d_name) + 1;
data/pcp-5.2.2/src/libpcp/src/context.c:900:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("initArchive", strlen(current) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/context.c:904:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("initArchive", strlen(label.ll_hostname) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/context.c:908:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("initArchive", strlen(label.ll_tz) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/context.c:1859:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reslen = strlen(number)+1;
data/pcp-5.2.2/src/libpcp/src/context.c:1864:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result, number, strlen(number)+1);
data/pcp-5.2.2/src/libpcp/src/context.c:1864:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(result, number, strlen(number)+1);
data/pcp-5.2.2/src/libpcp/src/context.c:1868:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reslen += 1 + strlen(number) + 1;
data/pcp-5.2.2/src/libpcp/src/context.c:1874:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, ",", 2);
data/pcp-5.2.2/src/libpcp/src/context.c:1875:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, number, strlen(number)+1);
data/pcp-5.2.2/src/libpcp/src/context.c:1875:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, number, strlen(number)+1);
data/pcp-5.2.2/src/libpcp/src/discovery.c:36:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(serviceSpec) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/discovery.c:204:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errmsg, p, sizeof(errmsg));
data/pcp-5.2.2/src/libpcp/src/discovery.c:321:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(protocol) + sizeof("://");
data/pcp-5.2.2/src/libpcp/src/discovery.c:322:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(host) + sizeof(":65535");
data/pcp-5.2.2/src/libpcp/src/err.c:211:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, buflen);
data/pcp-5.2.2/src/libpcp/src/err.c:235:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "No error", buflen);
data/pcp-5.2.2/src/libpcp/src/err.c:257:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, PR_ErrorToString(error, PR_LANGUAGE_EN), buflen);
data/pcp-5.2.2/src/libpcp/src/err.c:313:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, unknown, strlen(unknown)) != 0)
data/pcp-5.2.2/src/libpcp/src/err.c:321:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, bp, buflen);
data/pcp-5.2.2/src/libpcp/src/err.c:329:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, tbp, buflen);
data/pcp-5.2.2/src/libpcp/src/err.c:334:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, unknown, strlen(unknown)) != 0)
data/pcp-5.2.2/src/libpcp/src/err.c:341:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, errtab[i].errmess, buflen);
data/pcp-5.2.2/src/libpcp/src/exec.c:168:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmProcessAddArg: arg strdup", strlen(arg)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/exec.c:275:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &path[strlen(ep->argv[0])-1];
data/pcp-5.2.2/src/libpcp/src/exec.c:285:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name)+1;
data/pcp-5.2.2/src/libpcp/src/exec.c:461:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(type) != 1 || (type[0] != 'r' && type[0] != 'w' )) {
data/pcp-5.2.2/src/libpcp/src/exec.c:561:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &path[strlen(ep->argv[0])-1];
data/pcp-5.2.2/src/libpcp/src/exec.c:571:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name)+1;
data/pcp-5.2.2/src/libpcp/src/exec.c:686:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(type) != 1 || (type[0] != 'r' && type[0] != 'w' )) {
data/pcp-5.2.2/src/libpcp/src/exec.c:856:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmProcessUnpickArgs", strlen(command)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/getopt.c:338:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(arg); /* for noMem below */
data/pcp-5.2.2/src/libpcp/src/getopt.c:347:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(arg);
data/pcp-5.2.2/src/libpcp/src/getopt.c:352:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (*archives) + 1 + strlen(arg) + 1;
data/pcp-5.2.2/src/libpcp/src/getopt.c:352:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (*archives) + 1 + strlen(arg) + 1;
data/pcp-5.2.2/src/libpcp/src/getopt.c:356:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(*archives, ",");
data/pcp-5.2.2/src/libpcp/src/getopt.c:418:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = (char *)start + strlen(start);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1481:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (namelen == (unsigned int) strlen(p->long_opt)) {
data/pcp-5.2.2/src/libpcp/src/getopt.c:1520:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1549:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1562:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1567:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1664:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int)(nameend - d->__nextchar) == strlen(p->long_opt)) {
data/pcp-5.2.2/src/libpcp/src/getopt.c:1689:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1703:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1715:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/getopt.c:1722:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen(d->__nextchar);
data/pcp-5.2.2/src/libpcp/src/instance.c:262:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = result->namelist[i] ? strlen(result->namelist[i]) : 0;
data/pcp-5.2.2/src/libpcp/src/instance.c:282:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = result->namelist[i] ? strlen(result->namelist[i]) : 0;
data/pcp-5.2.2/src/libpcp/src/instance.c:285:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, len ? result->namelist[i] : "\0", len+1);
data/pcp-5.2.2/src/libpcp/src/instance.c:378:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += sizeof(char *) + strlen(nametmp[i]) + 1;
data/pcp-5.2.2/src/libpcp/src/instance.c:396:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(nametmp[i]) + 1;
data/pcp-5.2.2/src/libpcp/src/interp.c:225:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(acp->ac_log->l_name) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/interp.c:265:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(acp->ac_log->l_name) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/io.c:170:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(infd, buffer, sizeof(buffer))) > 0) {
data/pcp-5.2.2/src/libpcp/src/io.c:190:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/libpcp/src/io.c:196:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp/src/io.c:216:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp/src/io.c:237:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp/src/io.c:346:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, tmpname, flen);
data/pcp-5.2.2/src/libpcp/src/io_stdio.c:77:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(fp);
data/pcp-5.2.2/src/libpcp/src/io_xz.c:599:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(xz->fd, header, 1);
data/pcp-5.2.2/src/libpcp/src/io_xz.c:620:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(xz->fd, &header[1], block.header_size-1);
data/pcp-5.2.2/src/libpcp/src/io_xz.c:671:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(xz->fd, buf, sizeof buf);
data/pcp-5.2.2/src/libpcp/src/labels.c:136:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(hp->data);
data/pcp-5.2.2/src/libpcp/src/labels.c:255:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bytes = strlen(extras)) + 1 >= PM_MAXLABELJSONLEN)
data/pcp-5.2.2/src/libpcp/src/labels.c:934:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!a || (na = strlen(a)) == 0)
data/pcp-5.2.2/src/libpcp/src/labels.c:943:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!b || (nb = strlen(b)) == 0)
data/pcp-5.2.2/src/libpcp/src/labels.c:945:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((sts = nb = __pmParseLabels(b, strlen(b),
data/pcp-5.2.2/src/libpcp/src/labels.c:1227:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256_update(&ctx, (unsigned char *)machineid, strlen(machineid));
data/pcp-5.2.2/src/libpcp/src/labels.c:1304:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1133:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += LENSIZE + (int)strlen(names[i]);
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1154:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = (int)strlen(names[i]);
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1489:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen = strlen(buffer) + 1;
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1550:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (int)strlen(namelist[i]) + 1;
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1569:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(namelist[i])+1;
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1831:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strsize += strlen(idp->namelist[j])+1;
data/pcp-5.2.2/src/libpcp/src/logmeta.c:1845:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(nlist[i]) + 1;
data/pcp-5.2.2/src/libpcp/src/logportmap.c:175:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(files[0]->d_name);
data/pcp-5.2.2/src/libpcp/src/logportmap.c:177:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((j = (int)strlen(files[i]->d_name)) > len)
data/pcp-5.2.2/src/libpcp/src/logportmap.c:402:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(host) + 2 + 1;
data/pcp-5.2.2/src/libpcp/src/logutil.c:545:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lcp->l_label.ill_hostname, host, PM_LOG_MAXHOSTLEN-1);
data/pcp-5.2.2/src/libpcp/src/logutil.c:836:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, name, MAXPATHLEN);
data/pcp-5.2.2/src/libpcp/src/logutil.c:851:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, name, MAXPATHLEN);
data/pcp-5.2.2/src/libpcp/src/logutil.c:877:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = (int)strlen(base);
data/pcp-5.2.2/src/libpcp/src/p_instance.c:43:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += PM_PDU_SIZE_BYTES(strlen(name));
data/pcp-5.2.2/src/libpcp/src/p_instance.c:56:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp->namelen = (int)strlen(name);
data/pcp-5.2.2/src/libpcp/src/p_instance.c:99:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(np, pp->name, namelen);
data/pcp-5.2.2/src/libpcp/src/p_instance.c:145:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += PM_PDU_SIZE_BYTES(strlen(result->namelist[i]));
data/pcp-5.2.2/src/libpcp/src/p_instance.c:164:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip->namelen = (int)strlen(result->namelist[i]);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:220:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(namelist[i]);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:242:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (int)strlen(namelist[i]);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:261:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (int)strlen(namelist[i]);
data/pcp-5.2.2/src/libpcp/src/p_pmns.c:457:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (int)strlen(name);
data/pcp-5.2.2/src/libpcp/src/p_text.c:92:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buffer);
data/pcp-5.2.2/src/libpcp/src/p_text.c:152:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bp, pp->buffer, buflen);
data/pcp-5.2.2/src/libpcp/src/pdu.c:254:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = read(fd, buf, len);
data/pcp-5.2.2/src/libpcp/src/pmns.c:785:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((path = (char *)malloc(strlen(np->name)+1)) == NULL)
data/pcp-5.2.2/src/libpcp/src/pmns.c:790:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((path = (char *)malloc(strlen(base)+strlen(np->name)+2)) == NULL)
data/pcp-5.2.2/src/libpcp/src/pmns.c:790:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((path = (char *)malloc(strlen(base)+strlen(np->name)+2)) == NULL)
data/pcp-5.2.2/src/libpcp/src/pmns.c:793:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, ".");
data/pcp-5.2.2/src/libpcp/src/pmns.c:832:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nch += (int)strlen(xp->name)+1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:849:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = (int)strlen(xp->name);
data/pcp-5.2.2/src/libpcp/src/pmns.c:1136:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(np->name, name_p, nch);
data/pcp-5.2.2/src/libpcp/src/pmns.c:1300:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((np->name = (char *)malloc(strlen(tokbuf)+1)) == NULL) {
data/pcp-5.2.2/src/libpcp/src/pmns.c:1494:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, f, sizeof(fname));
data/pcp-5.2.2/src/libpcp/src/pmns.c:1793:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmLookupName", strlen(namelist[i])+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2090:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += strlen((*offspring)[j]) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2094:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += strlen(x_offspring[i]) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2111:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(n_offspring[j]) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2119:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(n_offspring[j]) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2215:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmGetChildrenStatus", strlen(name)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/libpcp/src/pmns.c:2317:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += sizeof(**offspring) + strlen(tnp->name) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2356:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(tnp->name) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2715:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(tmp[n-1])+1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2736:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen(sp)+1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2805:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(tmp[0]) + strlen(tmp[0])+1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2860:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name) + 1 + strlen(enfants[j]) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2860:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name) + 1 + strlen(enfants[j]) + 1;
data/pcp-5.2.2/src/libpcp/src/pmns.c:2869:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newname, ".");
data/pcp-5.2.2/src/libpcp/src/pmns.c:2901:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmTraversePMNS_local: strdup name", strlen(name)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/rtime.c:198:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int need = 2 * (int)strlen(spec) + (int)strlen(msg) + 8;
data/pcp-5.2.2/src/libpcp/src/rtime.c:198:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int need = 2 * (int)strlen(spec) + (int)strlen(msg) + 8;
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:208:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return path + strlen(nss_method);
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:362:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:615:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(value) - 1;
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:749:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = value ? strlen(value) : 0;
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:772:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = password ? strlen(password) : 0;
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:831:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = (unsigned) strlen(*result);
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1089:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, payload, length);
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1100:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, method, sizeof(buffer));
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1102:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buffer);
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1132:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, method, sizeof(buffer));
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1134:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
method_length = strlen(buffer);
data/pcp-5.2.2/src/libpcp/src/secureconnect.c:1557:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, buffer, length);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:170:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(passfile, secure_server.password_file, MAXPATHLEN-1);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:256:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return path + strlen(nss_method);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:282:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(secure_server.database_path, db, MAXPATHLEN-2);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:286:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(secure_server.cert_nickname, cert_nickname, MAX_CERT_NAME_LENGTH-2);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:289:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(secure_server.cert_nickname, SECURE_SERVER_CERTIFICATE, MAX_CERT_NAME_LENGTH-2);
data/pcp-5.2.2/src/libpcp/src/secureserver.c:579:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(username);
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:370:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(target);
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:471:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, option, buflen);
data/pcp-5.2.2/src/libpcp/src/shellprobe.c:477:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(end, end + 1, strlen(end) + 1);
data/pcp-5.2.2/src/libpcp/src/spec.c:49:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = 2 * (int)strlen(spec) + 1 + 6 + (int)strlen(msg) + 2;
data/pcp-5.2.2/src/libpcp/src/spec.c:49:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = 2 * (int)strlen(spec) + 1 + 6 + (int)strlen(msg) + 2;
data/pcp-5.2.2/src/libpcp/src/spec.c:113:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mark == NULL) mark = &scan[strlen(scan)-1];
data/pcp-5.2.2/src/libpcp/src/spec.c:341:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, name, namelen);
data/pcp-5.2.2/src/libpcp/src/spec.c:535:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/pcp-5.2.2/src/libpcp/src/spec.c:550:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(absolute_path + 1, path, len);
data/pcp-5.2.2/src/libpcp/src/spec.c:859:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, start, buflen);
data/pcp-5.2.2/src/libpcp/src/stuffvalue.c:224:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
body = strlen(avp->cp) + 1;
data/pcp-5.2.2/src/libpcp/src/tz.c:137:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(tzn);
data/pcp-5.2.2/src/libpcp/src/tz.c:151:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tzbuffer, tzn, PM_TZ_MAXLEN);
data/pcp-5.2.2/src/libpcp/src/tz.c:189:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(wildabbr);
data/pcp-5.2.2/src/libpcp/src/tz.c:211:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(wildabbr);
data/pcp-5.2.2/src/libpcp/src/tz.c:303:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(tz) > PM_TZ_MAXLEN) {
data/pcp-5.2.2/src/libpcp/src/tz.c:321:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(end, ptz, zeros-ptz);
data/pcp-5.2.2/src/libpcp/src/tz.c:327:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tb) > PM_TZ_MAXLEN) {
data/pcp-5.2.2/src/libpcp/src/tz.c:351:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, __pmTimezone(), (size_t)buflen);
data/pcp-5.2.2/src/libpcp/src/tz.c:385:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(tz);
data/pcp-5.2.2/src/libpcp/src/units.c:72:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(avp->cp);
data/pcp-5.2.2/src/libpcp/src/units.c:94:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = &buf[strlen(buf)];
data/pcp-5.2.2/src/libpcp/src/units.c:102:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = &buf[strlen(buf)];
data/pcp-5.2.2/src/libpcp/src/units.c:975:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(ival->value.pval->vbuf);
data/pcp-5.2.2/src/libpcp/src/units.c:1012:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = &buf[strlen(buf)];
data/pcp-5.2.2/src/libpcp/src/units.c:1020:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp = &buf[strlen(buf)];
data/pcp-5.2.2/src/libpcp/src/units.c:1222:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define streqskip(q) (((ptr+strlen(q) <= str_end) && \
data/pcp-5.2.2/src/libpcp/src/units.c:1223:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncasecmp(ptr,q,strlen(q))==0) && \
data/pcp-5.2.2/src/libpcp/src/units.c:1224:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((isspace((int)(*(ptr+strlen(q))))) || \
data/pcp-5.2.2/src/libpcp/src/units.c:1225:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*(ptr+strlen(q))=='^') || \
data/pcp-5.2.2/src/libpcp/src/units.c:1226:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ptr+strlen(q)==str_end))) \
data/pcp-5.2.2/src/libpcp/src/units.c:1227:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? (ptr += strlen(q), 1) : 0)
data/pcp-5.2.2/src/libpcp/src/units.c:1324:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = __pmParseUnitsStrPart(str, str + strlen(str), ÷nd, ÷nd_mult, errMsg);
data/pcp-5.2.2/src/libpcp/src/units.c:1335:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = __pmParseUnitsStrPart(slash + 1, str + strlen(str), &divisor, &divisor_mult, errMsg);
data/pcp-5.2.2/src/libpcp/src/util.c:338:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errmsg, p, sizeof(errmsg));
data/pcp-5.2.2/src/libpcp/src/util.c:558:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (started++) strcat(buf, ",");
data/pcp-5.2.2/src/libpcp/src/util.c:562:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (started++) strcat(buf, ",");
data/pcp-5.2.2/src/libpcp/src/util.c:566:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (started++) strcat(buf, ",");
data/pcp-5.2.2/src/libpcp/src/util.c:570:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (started++) strcat(buf, ",");
data/pcp-5.2.2/src/libpcp/src/util.c:574:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (started++) strcat(buf, ",");
data/pcp-5.2.2/src/libpcp/src/util.c:637:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dataSize = (finalString + strlen(finalString) + 1) - initialString;
data/pcp-5.2.2/src/libpcp/src/util.c:648:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newSize = ptrSize + sizeof(**list) + dataSize + strlen(item) + 1;
data/pcp-5.2.2/src/libpcp/src/util.c:665:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
finalString += strlen(finalString) + 1;
data/pcp-5.2.2/src/libpcp/src/util.c:994:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(a.cp) + 2;
data/pcp-5.2.2/src/libpcp/src/util.c:1418:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pend = (char *)&p[strlen(p)];
data/pcp-5.2.2/src/libpcp/src/util.c:1428:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pend-p == strlen(debug_map[i].name) &&
data/pcp-5.2.2/src/libpcp/src/util.c:1613:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmfstate", strlen(xconfirm)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/util.c:1748:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmflush", strlen(xconfirm)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp/src/util.c:1894:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, servInfoName, sizeof(host));
data/pcp-5.2.2/src/libpcp/src/util.c:1898:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vblen = strlen(host) + strlen(id) + 2;
data/pcp-5.2.2/src/libpcp/src/util.c:1898:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vblen = strlen(host) + strlen(id) + 2;
data/pcp-5.2.2/src/libpcp/src/util.c:1910:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vblen += strlen(ipaddr) + 3;
data/pcp-5.2.2/src/libpcp/src/util.c:1913:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vblen += strlen(host) + strlen(id) + 2;
data/pcp-5.2.2/src/libpcp/src/util.c:1913:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vblen += strlen(host) + strlen(id) + 2;
data/pcp-5.2.2/src/libpcp/src/util.c:1928:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pmvb->vbuf, " ");
data/pcp-5.2.2/src/libpcp/src/util.c:1930:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pmvb->vbuf, "(");
data/pcp-5.2.2/src/libpcp/src/util.c:1959:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += strlen(argv[a]) + 1;
data/pcp-5.2.2/src/libpcp/src/util.c:1967:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(clientID, " ");
data/pcp-5.2.2/src/libpcp/src/util.c:2037:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, dir, sizeof(path));
data/pcp-5.2.2/src/libpcp/src/util.c:2093:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s, n);
data/pcp-5.2.2/src/libpcp/src/util.c:2148:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*dp)-sizeof(dp->d_name)+strlen(dp->d_name)+1)) == NULL) {
data/pcp-5.2.2/src/libpcp/src/util.c:2165:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tp->d_name, dp->d_name, strlen(dp->d_name)+1);
data/pcp-5.2.2/src/libpcp/src/win32.c:203:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = *size, length = strlen(command);
data/pcp-5.2.2/src/libpcp/src/win32.c:245:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(cmdline);
data/pcp-5.2.2/src/libpcp/src/win32.c:438:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(cmdline);
data/pcp-5.2.2/src/libpcp/src/win32.c:445:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(command);
data/pcp-5.2.2/src/libpcp/src/win32.c:713:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sublen = strlen(substr);
data/pcp-5.2.2/src/libpcp/src/win32.c:714:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(string) - sublen + 1;
data/pcp-5.2.2/src/libpcp/src/win32.c:1040:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ebuf = (char *)malloc(strlen(name) + strlen(value) + 2)) == NULL)
data/pcp-5.2.2/src/libpcp/src/win32.c:1040:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ebuf = (char *)malloc(strlen(name) + strlen(value) + 2)) == NULL)
data/pcp-5.2.2/src/libpcp/src/win32.c:1043:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ebuf, name, strlen(name)+1);
data/pcp-5.2.2/src/libpcp/src/win32.c:1043:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(ebuf, name, strlen(name)+1);
data/pcp-5.2.2/src/libpcp/src/win32.c:1044:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(ebuf, "=", 1);
data/pcp-5.2.2/src/libpcp/src/win32.c:1045:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ebuf, value, strlen(value));
data/pcp-5.2.2/src/libpcp/src/win32.c:1045:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(ebuf, value, strlen(value));
data/pcp-5.2.2/src/libpcp/src/win32.c:1059:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ebuf = (char *)malloc(strlen(name) + 2)) == NULL)
data/pcp-5.2.2/src/libpcp/src/win32.c:1063:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ebuf, name, strlen(name)+1);
data/pcp-5.2.2/src/libpcp/src/win32.c:1063:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(ebuf, name, strlen(name)+1);
data/pcp-5.2.2/src/libpcp/src/win32.c:1064:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(ebuf, "=", 1);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:122:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tbuf, "/");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:128:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:130:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:133:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:138:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:140:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:143:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:305:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &tbuf[strlen(tbuf)];
data/pcp-5.2.2/src/libpcp_gui/src/record.c:306:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tbuf, ".");
data/pcp-5.2.2/src/libpcp_gui/src/record.c:335:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rp->base = malloc(strlen(base)+1+strlen(host)+3)) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:335:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rp->base = malloc(strlen(base)+1+strlen(host)+3)) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:338:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &rp->base[strlen(rp->base)];
data/pcp-5.2.2/src/libpcp_gui/src/record.c:346:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rp->logfile = malloc(strlen(rp->base)+5)) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:351:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rp->config = malloc(strlen(rp->base)+8)) == NULL)
data/pcp-5.2.2/src/libpcp_gui/src/record.c:367:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = strlen(rp->public.logfile);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:437:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(msg);
data/pcp-5.2.2/src/libpcp_gui/src/record.c:548:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir[strlen(dir)-1] = '\0';
data/pcp-5.2.2/src/libpcp_gui/src/timeclient.c:36:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(in, &portname, sizeof(portname)) < 0)
data/pcp-5.2.2/src/libpcp_gui/src/timestate.c:154:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tzlen = strlen(tz) + 1;
data/pcp-5.2.2/src/libpcp_gui/src/timestate.c:157:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmtime->length += tzlen + strlen(tz_label) + 1;
data/pcp-5.2.2/src/libpcp_gui/src/timestate.c:282:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmtime->data + strlen(pmtime->data) + 1);
data/pcp-5.2.2/src/libpcp_import/src/import.c:304:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, msg, buflen);
data/pcp-5.2.2/src/libpcp_import/src/import.c:327:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiStart", strlen(archive)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/import.c:382:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np += strlen(np)+1;
data/pcp-5.2.2/src/libpcp_import/src/import.c:422:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiStart: pmi_text content", strlen(old_current->text[t].content) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/import.c:497:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiSetHostname", strlen(value)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/import.c:509:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiSetTimezone", strlen(value)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/import.c:618:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiAddMetric: name", strlen(name)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/import.c:693:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idp->namebuf = (char *)realloc(idp->namebuf, idp->namebuflen+strlen(instance)+1);
data/pcp-5.2.2/src/libpcp_import/src/import.c:695:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiAddInstance: namebuf", idp->namebuflen+strlen(instance)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/import.c:698:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idp->namebuflen += strlen(instance)+1;
data/pcp-5.2.2/src/libpcp_import/src/import.c:704:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np += strlen(np)+1;
data/pcp-5.2.2/src/libpcp_import/src/import.c:896:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmiPutText: content", strlen(content)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/libpcp_import/src/stuff.c:158:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsize = strlen(value)+1;
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:64:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IWGRP | S_IWOTH);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:66:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:292:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(hdr->magic, "MMV", 4);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:368:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inlist1->external, insts[j].external, MMV_NAMEMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:381:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inlist1->external, insts[j].external, MMV_NAMEMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:401:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mlist1[i].name, st1[i].name, MMV_NAMEMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:414:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mlist1[i].name, st2[i].name, MMV_NAMEMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:505:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, insts[k].external, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:515:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, st2[i].name, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:543:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, st1[i].shorttext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:550:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, st1[i].helptext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:563:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, st2[i].shorttext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:573:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, st2[i].helptext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:582:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, in1[i].shorttext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:589:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, in1[i].helptext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:598:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, in2[i].shorttext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:605:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(slist[stridx].payload, in2[i].helptext, MMV_STRINGMAX);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:642:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(indom->shorttext);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:649:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(indom->helptext);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:659:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(metric->name);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:711:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(indom->shorttext);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:718:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(indom->helptext);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:726:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(instance->external);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:742:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(metric->name);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:942:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + strlen(value) + 5 > MMV_LABELMAX) {
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:942:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + strlen(value) + 5 > MMV_LABELMAX) {
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:948:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = name ? strlen(name) : 0;
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:961:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = value ? strlen(value) : 0;
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1471:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s->payload, string, size);
data/pcp-5.2.2/src/libpcp_mmv/src/mmv_stats.c:1564:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(e->name) > e->hashlen)
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:580:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((h->hstate & CACHE_STRINGS) == 0 && strlen(name) == 0) {
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:638:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmInDomStr_r(h->indom, strbuf, sizeof(strbuf)), (int)strlen(name), name);
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1112:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mykeylen = strlen(name);
data/pcp-5.2.2/src/libpcp_pmda/src/cache.c:1394:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mykeylen = strlen(name);
data/pcp-5.2.2/src/libpcp_pmda/src/callback.c:408:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (inst == PM_IN_NULL && (namelen = (int)strlen(name)) > 0) {
data/pcp-5.2.2/src/libpcp_pmda/src/dynamic.c:100:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dynamic[ndynamic].prefixlen = strlen(prefix);
data/pcp-5.2.2/src/libpcp_pmda/src/events.c:317:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(avp->cp);
data/pcp-5.2.2/src/libpcp_pmda/src/help.c:81:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(hp->dir_fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
data/pcp-5.2.2/src/libpcp_pmda/src/open.c:242:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)offsetof(struct sockaddr_un, sun_path) + (int)strlen(myaddr.sun_path);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pdu.name, name, len);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:139:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, pdu->name, length);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:167:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pdu.name, name, namelen);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:170:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pdu.args, args, argslen);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:236:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pdu.name, name, namelen);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:369:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, pdu->name, pdu->namelen);
data/pcp-5.2.2/src/libpcp_pmda/src/pduroot.c:373:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(args, pdu->args, pdu->argslen);
data/pcp-5.2.2/src/libpcp_pmda/src/root.c:49:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socketpath, path, sizeof(socketpath));
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:97:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(node->name);
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:131:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += strlen(node->name);
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:151:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(parent->name) + 1;
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:186:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(node->name) + 1;
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:207:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(node->name);
data/pcp-5.2.2/src/libpcp_pmda/src/tree.c:228:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length += strlen(parent->name) + 1;
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:195:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/pcp-5.2.2/src/libpcp_qed/src/qed_app.cpp:210:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/pcp-5.2.2/src/libpcp_qed/src/qed_fileiconprovider.cpp:105:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int count = file.read(block, sizeof(block)-1);
data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp:109:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my.tzData, (const char *)tzstring.toLatin1(), tzlen+1);
data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp:110:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my.tzData + tzlen+1, (const char *)tzlabel.toLatin1(), lablen+1);
data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp:143:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)message->data, (const char *)tzstring.toLatin1(), tzlen+1);
data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp:144:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)message->data + tzlen+1,
data/pcp-5.2.2/src/libpcp_qed/src/qed_timecontrol.cpp:335:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = socket->read(my.buffer + offset, need);
data/pcp-5.2.2/src/libpcp_qwt/src/qwt_sampling_thread.cpp:103:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( qRound( 1000.0 * msecs ) );
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:29:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tag, tag_len);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:44:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tag, tag_len);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:59:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tag, tag_len);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:74:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tag, tag_len);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:89:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tag, tag_len);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:108:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, tag, tag_len);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:122:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(tmp);
data/pcp-5.2.2/src/libpcp_trace/src/ftrace.c:125:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msg, tmp, msg_len);
data/pcp-5.2.2/src/libpcp_trace/src/p_data.c:169:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*tag, cp, taglen);
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:125:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(tag)+1) >= MAXTAGNAMELEN)
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:207:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(tag)+1) >= MAXTAGNAMELEN)
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:273:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(tag)+1) >= MAXTAGNAMELEN)
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:316:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
taglength = (unsigned int)strlen(label)+1;
data/pcp-5.2.2/src/libpcp_trace/src/trace.c:348:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = __pmtracesenddata(__pmfd, (char *)label, (int)strlen(label)+1,
data/pcp-5.2.2/src/libpcp_web/src/discover.c:235:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/pcp-5.2.2/src/libpcp_web/src/discover.c:236:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suflen = strlen(suffix);
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1025:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = read(p->fd, &hdr, sizeof(__pmLogHdr));
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1066:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nb = read(p->fd, buf, len)) != len) {
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1402:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dlen = strlen(dirpath);
data/pcp-5.2.2/src/libpcp_web/src/discover.c:1585:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(names[i], cp, len);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:253:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, url + up->field_data[UF_HOST].off, length);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:322:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host, url + up->field_data[UF_HOST].off, hostlen);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:426:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(curl);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:432:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(url, curl, bytes);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:436:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, suffix, length);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:503:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp->type_buffer, offset, length);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:523:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp->body_buffer + cp->offset, offset, length);
data/pcp-5.2.2/src/libpcp_web/src/http_client.c:699:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sts = http_parser_parse_url(url, strlen(url), 0, &parser_url)) != 0) {
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:39:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) == length && strncmp(js + tok->start, s, length) == 0)
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:88:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, js + tok->start, length);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:106:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, js + tok->start, length);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:124:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, js + tok->start, length);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:142:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, js + tok->start, length);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:160:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, js + tok->start, length);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:178:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, js + tok->start, length);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:386:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, buffer, buffer_size);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:436:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(json + json_length, buffer, bytes);
data/pcp-5.2.2/src/libpcp_web/src/json_helpers.c:614:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(json + json_length, buffer, bytes);
data/pcp-5.2.2/src/libpcp_web/src/load.c:101:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"cache metric name", (__int64_t)strlen(name)+1);
data/pcp-5.2.2/src/libpcp_web/src/load.c:736:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(path);
data/pcp-5.2.2/src/libpcp_web/src/load.c:743:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(host);
data/pcp-5.2.2/src/libpcp_web/src/net.c:535:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
data/pcp-5.2.2/src/libpcp_web/src/query.c:1102:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmwebapi_string_hash(hash, name, strlen(name));
data/pcp-5.2.2/src/libpcp_web/src/query.c:1137:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmwebapi_string_hash(hash, np->right->value, strlen(np->right->value));
data/pcp-5.2.2/src/libpcp_web/src/query.c:2583:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:90:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:963:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1040:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(c->errstr, '\0', strlen(c->errstr));
data/pcp-5.2.2/src/libpcp_web/src/redis.c:1229:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = c->funcs->read(c, buf, sizeof(buf));
data/pcp-5.2.2/src/libpcp_web/src/redis.h:259:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct redisContext *, char *, size_t);
data/pcp-5.2.2/src/libpcp_web/src/schema.c:56:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&shactx, text, strlen((char *)text));
data/pcp-5.2.2/src/libpcp_web/src/schema.c:933:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, indom, strlen(indom));
data/pcp-5.2.2/src/libpcp_web/src/schema.c:935:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, pmid, strlen(pmid));
data/pcp-5.2.2/src/libpcp_web/src/schema.c:937:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, sem, strlen(sem));
data/pcp-5.2.2/src/libpcp_web/src/schema.c:941:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, type, strlen(type));
data/pcp-5.2.2/src/libpcp_web/src/schema.c:943:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, units, strlen(units));
data/pcp-5.2.2/src/libpcp_web/src/search.c:239:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, name, strlen(name));
data/pcp-5.2.2/src/libpcp_web/src/search.c:241:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, typestr, strlen(typestr));
data/pcp-5.2.2/src/libpcp_web/src/search.c:244:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, indom, strlen(indom));
data/pcp-5.2.2/src/libpcp_web/src/search.c:248:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, oneline, strlen(oneline));
data/pcp-5.2.2/src/libpcp_web/src/search.c:252:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = redis_param_str(cmd, helptext, strlen(helptext));
data/pcp-5.2.2/src/libpcp_web/src/util.c:1059:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(name);
data/pcp-5.2.2/src/libpcp_web/src/util.c:1196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(names[i]);
data/pcp-5.2.2/src/libpcp_web/src/webgroup.c:1341:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(name);
data/pcp-5.2.2/src/newhelp/newhelp.c:184:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(p) - 1;
data/pcp-5.2.2/src/pcp/atop/atop.c:839:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(linebuf);
data/pcp-5.2.2/src/pcp/atop/atop.c:844:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
nr = sscanf(linebuf, "%19s %255[^#]",
data/pcp-5.2.2/src/pcp/atop/atopsar.c:120:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
return strncat(flaglist, sarflags, pricnt+32);
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1561:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(dp->name)) > 14)
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1657:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(ss->nfs.nfsmounts.nfsmnt[i].mountdev)) > 38)
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1896:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(busyval, "?"); /* speed unknown */
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1920:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(ss->intf.intf[i].name)) > 6)
data/pcp-5.2.2/src/pcp/atop/atopsar.c:1982:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(ss->intf.intf[i].name)) > 6)
data/pcp-5.2.2/src/pcp/atop/ifprop.c:114:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ip->name, insts[i], MAXINTNM-1);
data/pcp-5.2.2/src/pcp/atop/parseable.c:96:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p, *ep = pd + strlen(pd);
data/pcp-5.2.2/src/pcp/atop/photoproc.c:32:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(task->gen.cmdline, nametail ? nametail : name, CMDLEN);
data/pcp-5.2.2/src/pcp/atop/photosyst.c:166:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in->name, name, sizeof(in->name));
data/pcp-5.2.2/src/pcp/atop/photosyst.c:190:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ib->ibname, name, sizeof(ib->ibname));
data/pcp-5.2.2/src/pcp/atop/photosyst.c:205:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsk->name, name, sizeof(dsk->name));
data/pcp-5.2.2/src/pcp/atop/photosyst.c:219:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsk->name, name, sizeof(dsk->name));
data/pcp-5.2.2/src/pcp/atop/photosyst.c:233:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsk->name, name, sizeof(dsk->name));
data/pcp-5.2.2/src/pcp/atop/photosyst.c:248:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp->mountdev, name, sizeof(mp->mountdev)-1);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1365:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
procsel.prognamesz = strlen(procsel.progname);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1408:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(procsel.container))
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1538:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
procsel.argnamesz = strlen(procsel.argname);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1580:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
syssel.lvmnamesz = strlen(syssel.lvmname);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1605:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
syssel.dsknamesz = strlen(syssel.dskname);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:1630:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
syssel.itfnamesz = strlen(syssel.itfname);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2923:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(procsel.username, val, sizeof procsel.username -1);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2982:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(procsel.progname, val, sizeof procsel.progname -1);
data/pcp-5.2.2/src/pcp/atop/showgeneric.c:2983:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
procsel.prognamesz = strlen(procsel.progname);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:508:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n=strlen(pairs);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:554:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numdigits = strlen(linebuf);
data/pcp-5.2.2/src/pcp/atop/showlinux.c:564:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(idprocpdefs[i]->head) < numdigits)
data/pcp-5.2.2/src/pcp/atop/showlinux.c:585:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n=strlen(pairs);
data/pcp-5.2.2/src/pcp/atop/showprocs.c:1366:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cmdlen = strlen(pline);
data/pcp-5.2.2/src/pcp/atop/showsys.c:1064:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(sstat->gpu.gpu[as->index].busid)) > 9)
data/pcp-5.2.2/src/pcp/atop/showsys.c:1084:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(sstat->gpu.gpu[as->index].type)) > 12)
data/pcp-5.2.2/src/pcp/atop/showsys.c:1532:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpbuf) > 9) // reformat needed?
data/pcp-5.2.2/src/pcp/atop/showsys.c:1688:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen(as->perdsk[as->index].name)) > 12)
data/pcp-5.2.2/src/pcp/atop/showsys.c:2380:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ps);
data/pcp-5.2.2/src/pcp/atop/showsys.c:2510:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mntdev, "?");
data/pcp-5.2.2/src/pcp/atop/showsys.c:2535:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ps);
data/pcp-5.2.2/src/pcp/atop/various.c:133:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register int ilen = strlen(itim);
data/pcp-5.2.2/src/pcp/atop/various.c:753:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(str) + 2;
data/pcp-5.2.2/src/pcp/atop/various.c:850:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nodenamelen = strlen(sysname.nodename);
data/pcp-5.2.2/src/pcp/atop/various.c:988:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, atom.cp, buflen);
data/pcp-5.2.2/src/pcp/atop/various.c:1018:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, atom.cp, buflen);
data/pcp-5.2.2/src/pcp/atop/various.c:1244:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sts, len = (name? strlen(name) : 0);
data/pcp-5.2.2/src/pcp/atop/various.c:1260:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, name, sizeof tmp);
data/pcp-5.2.2/src/perl/PMDA/local.c:38:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(string) + strlen(suffix) + 1;
data/pcp-5.2.2/src/perl/PMDA/local.c:38:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(string) + strlen(suffix) + 1;
data/pcp-5.2.2/src/perl/PMDA/local.c:50:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(prefix) + strlen(string) + 1;
data/pcp-5.2.2/src/perl/PMDA/local.c:50:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(prefix) + strlen(string) + 1;
data/pcp-5.2.2/src/pmcd/src/config.c:74:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define TokenIs(str) ((tokenend - token) == strlen(str) && \
data/pcp-5.2.2/src/pmcd/src/config.c:75:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncasecmp(token, str, strlen(str)))
data/pcp-5.2.2/src/pmcd/src/config.c:109:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(copy, token, len);
data/pcp-5.2.2/src/pmcd/src/config.c:160:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linesize = (int)strlen(linebuf);
data/pcp-5.2.2/src/pmcd/src/config.c:225:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "len = %d\nline = \"%s\"\n", (int)strlen(linebuf), linebuf);
data/pcp-5.2.2/src/pmcd/src/config.c:448:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdLen += strlen(argv[i]) + 1; /* +1 for space separator or null */
data/pcp-5.2.2/src/pmcd/src/config.c:638:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (token[strlen(token)-1] == '\n')
data/pcp-5.2.2/src/pmcd/src/config.c:639:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token[strlen(token)-1] = '\0';
data/pcp-5.2.2/src/pmcd/src/config.c:1404:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->data ? strlen(node->data)+1 : 0,
data/pcp-5.2.2/src/pmcd/src/config.c:1423:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node->data ? strlen(node->data)+1 : 0)) < 0)
data/pcp-5.2.2/src/pmcd/src/config.c:1634:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)offsetof(struct sockaddr_un, sun_path) + (int)strlen(addr.sun_path);
data/pcp-5.2.2/src/pmcd/src/config.c:1699:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aPtr->pmDomainLabel, strlen(aPtr->pmDomainLabel),
data/pcp-5.2.2/src/pmcd/src/config.c:1700:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
args, strlen(args), &pid, &inFd, &outFd)) < 0) {
data/pcp-5.2.2/src/pmcd/src/config.c:1982:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmcd config: pathName", strlen(name), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmcd/src/dopdus.c:962:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
travNL_strlen += strlen(name) + 1;
data/pcp-5.2.2/src/pmcd/src/dopdus.c:971:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
travNL_ptr += strlen(name) + 1;
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1017:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
travNL_strlen = strlen(start) + 1;
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1131:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_len = travNL_strlen - strlen(namelist[0]) - 1;
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_len += strlen(offspring[j]) + 1;
data/pcp-5.2.2/src/pmcd/src/dopdus.c:1156:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/pcp-5.2.2/src/pmcd/src/pmcd.c:70:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(log)) != EOF)
data/pcp-5.2.2/src/pmcd/src/pmcd.c:139:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(configFileName, endptr, sizeof(configFileName)-1);
data/pcp-5.2.2/src/pmcd/src/pmcd.c:149:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(configFileName, opts.optarg, sizeof(configFileName)-1);
data/pcp-5.2.2/src/pmcd/src/pmcd.c:938:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/pcp-5.2.2/src/pmchart/exportdialog.cpp:237:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(suffix, (const char *)format.toLatin1(), sizeof(suffix)-1);
data/pcp-5.2.2/src/pmchart/main.cpp:102:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/pcp-5.2.2/src/pmchart/main.cpp:117:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/pcp-5.2.2/src/pmchart/namespace.cpp:217:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 0) {
data/pcp-5.2.2/src/pmchart/namespace.cpp:218:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1 + strlen(suffix) + 1;
data/pcp-5.2.2/src/pmchart/namespace.cpp:218:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1 + strlen(suffix) + 1;
data/pcp-5.2.2/src/pmchart/timecontrol.cpp:110:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my.tzData, (const char *)tzstring.toLatin1(), tzlen+1);
data/pcp-5.2.2/src/pmchart/timecontrol.cpp:111:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my.tzData + tzlen+1, (const char *)tzlabel.toLatin1(), lablen+1);
data/pcp-5.2.2/src/pmchart/timecontrol.cpp:143:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)message->data, (const char *)tzstring.toLatin1(), tzlen+1);
data/pcp-5.2.2/src/pmchart/timecontrol.cpp:144:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)message->data + tzlen+1,
data/pcp-5.2.2/src/pmchart/timecontrol.cpp:335:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = socket->read(my.buffer + offset, need);
data/pcp-5.2.2/src/pmchart/view.cpp:134:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmchart/view.cpp:151:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(f)) == EOF) break;
data/pcp-5.2.2/src/pmchart/view.cpp:319:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(f) == '#' && fgetc(f) == '!') {
data/pcp-5.2.2/src/pmchart/view.cpp:319:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(f) == '#' && fgetc(f) == '!') {
data/pcp-5.2.2/src/pmchart/view.cpp:917:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pms.inst[0] = (char *)realloc(pms.inst[0], strlen(pms.inst[0]) + strlen(w) + 2);
data/pcp-5.2.2/src/pmchart/view.cpp:917:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pms.inst[0] = (char *)realloc(pms.inst[0], strlen(pms.inst[0]) + strlen(w) + 2);
data/pcp-5.2.2/src/pmchart/view.cpp:920:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pms.inst[0], " ");
data/pcp-5.2.2/src/pmcpp/pmcpp.c:169:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&ibuf[1], "define", strlen("define")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:170:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = &ibuf[strlen("?define")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:173:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(&ibuf[1], "undef", strlen("undef")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:174:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = &ibuf[strlen("?undef")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:177:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(&ibuf[1], "ifdef", strlen("ifdef")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:178:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = &ibuf[strlen("?ifdef")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:181:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(&ibuf[1], "ifndef", strlen("ifndef")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:182:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = &ibuf[strlen("?ifndef")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:185:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(&ibuf[1], "endif", strlen("endif")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:186:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = &ibuf[strlen("?endif")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:189:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(&ibuf[1], "else", strlen("else")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:190:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip = &ibuf[strlen("?else")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:328:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(macro[nmacro].name, name, namelen);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:337:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(macro[nmacro].value, value, valuelen);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:494:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(op, tp, len);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:663:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(opts.optarg)+9 >= ibuflen) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:735:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmcpp: dir name alloc", strlen(currfile->fname)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:859:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&ibuf[1], "include", strlen("include")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:871:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &ibuf[strlen("?include")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:912:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmcpp: include file name alloc", strlen(p)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmcpp/pmcpp.c:920:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(&ibuf[1], "shell", strlen("shell")) == 0) {
data/pcp-5.2.2/src/pmcpp/pmcpp.c:932:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &ibuf[strlen("?shell")];
data/pcp-5.2.2/src/pmcpp/pmcpp.c:979:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmcpp: shell file name alloc", strlen(p)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/aix/cpu.c:48:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(id.name, "");
data/pcp-5.2.2/src/pmdas/aix/cpu.c:115:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(id.name, "");
data/pcp-5.2.2/src/pmdas/aix/disk.c:48:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(id.name, "");
data/pcp-5.2.2/src/pmdas/aix/disk.c:118:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(id.name, "");
data/pcp-5.2.2/src/pmdas/aix/netif.c:48:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(id.name, "");
data/pcp-5.2.2/src/pmdas/aix/netif.c:126:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(id.name, "");
data/pcp-5.2.2/src/pmdas/bash/event.c:87:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 16 + strlen(script); /* pid and script name */
data/pcp-5.2.2/src/pmdas/bash/event.c:114:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, buffer, sizeof(buffer));
data/pcp-5.2.2/src/pmdas/bash/event.c:269:19: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
buffer = (char *)memalign(getpagesize(), bufsize);
data/pcp-5.2.2/src/pmdas/bash/event.c:287:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(process->fd, buffer + offset, bufsize - 1 - offset);
data/pcp-5.2.2/src/pmdas/bash/util.c:47:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, s + length, vsz);
data/pcp-5.2.2/src/pmdas/bash/util.c:82:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, start, len + 1);
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:232:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(q, intf_tab[i].type, strlen(intf_tab[i].type)) == 0)
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:243:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
intf[n].interface = (char *)malloc(strlen("FastEthernet")+strlen(q)+1);
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:243:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
intf[n].interface = (char *)malloc(strlen("FastEthernet")+strlen(q)+1);
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:244:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((intf[n].interface = (char *)malloc(strlen("FastEthernet")+strlen(q)+1)) == NULL) {
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:244:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((intf[n].interface = (char *)malloc(strlen("FastEthernet")+strlen(q)+1)) == NULL) {
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:245:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("main.cisco", strlen("FastEthernet")+strlen(q)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/cisco/pmda.c:245:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("main.cisco", strlen("FastEthernet")+strlen(q)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/cisco/probe.c:46:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/pcp-5.2.2/src/pmdas/cisco/probe.c:56:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:66:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(&line[1], "Encapsulation FRAME-RELAY", strlen("Encapsulation FRAME-RELAY")) == 0) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:74:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && (strlen(p) < strlen(prompt) ||
data/pcp-5.2.2/src/pmdas/cisco/probe.c:74:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && (strlen(p) < strlen(prompt) ||
data/pcp-5.2.2/src/pmdas/cisco/probe.c:75:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(&p[strlen(p)-strlen(prompt)], prompt)) != 0) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:75:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(&p[strlen(p)-strlen(prompt)], prompt)) != 0) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:77:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/cisco/probe.c:198:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= strlen(prompt) &&
data/pcp-5.2.2/src/pmdas/cisco/probe.c:198:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= strlen(prompt) &&
data/pcp-5.2.2/src/pmdas/cisco/probe.c:199:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(&w[strlen(w)-strlen(prompt)], prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/probe.c:199:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(&w[strlen(w)-strlen(prompt)], prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/probe.c:203:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(intf_tab[i].name);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:118:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:134:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_prompt = strlen(prompt);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:139:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:228:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_prompt = strlen(cp->prompt);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:234:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:234:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:249:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(w);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:283:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_prompt = strlen(cp->prompt);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:293:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:293:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:308:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0) {
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:308:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0) {
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:351:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_prompt = strlen(cp->prompt);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:381:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:381:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:422:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_prompt = strlen(cp->prompt);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:565:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(intf_tab[i].name);
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:576:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/cisco/telnet.c:576:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) >= len_prompt && strncmp(&w[strlen(w)-len_prompt], cp->prompt, len_prompt) == 0)
data/pcp-5.2.2/src/pmdas/darwin/disk.c:77:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
all->read += disk->read;
data/pcp-5.2.2/src/pmdas/darwin/disk.c:137:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&disk->read);
data/pcp-5.2.2/src/pmdas/darwin/disk.h:26:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__uint64_t read;
data/pcp-5.2.2/src/pmdas/darwin/disk.h:44:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__uint64_t read;
data/pcp-5.2.2/src/pmdas/darwin/network.c:134:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( stats->interfaces[i].name, sdl->sdl_data, n );
data/pcp-5.2.2/src/pmdas/darwin/pmda.c:910:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = mach_disk.disks[inst].read;
data/pcp-5.2.2/src/pmdas/darwin/pmda.c:952:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = mach_disk.read;
data/pcp-5.2.2/src/pmdas/dm/vdo.c:37:10: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int i = fscanf(fp, "%63s", buffer);
data/pcp-5.2.2/src/pmdas/docker/docker.c:707:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
json_query, strlen(json_query))) < 0) {
data/pcp-5.2.2/src/pmdas/docker/docker.c:712:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
http_data.json_len = strlen(http_data.json);
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:147:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
StringLength = wcslen((LPWSTR)pData);
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:163:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
StringLength = strlen((LPSTR)pData);
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:340:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ByteLength = (wcslen((LPWSTR)((PBYTE)pMapInfo +
data/pcp-5.2.2/src/pmdas/etw/tdhconsume.c:614:38: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; *pKeyword != 0; pKeyword += (wcslen(pKeyword) + 1))
data/pcp-5.2.2/src/pmdas/etw/util.c:117:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = '\0';
data/pcp-5.2.2/src/pmdas/freebsd/freebsd.c:1004:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("freebsd_init: CPU_INDOM strdup iname", strlen(iname), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/gfs2/ftrace.c:208:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp.data, data, sizeof(temp.data)-1);
data/pcp-5.2.2/src/pmdas/gfs2/latency.c:209:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(latency_data.data, data, sizeof(latency_data.data)-1);
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:466:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(capdest[i].cap) + commalen;
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:546:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int umask;
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:580:24: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if (pst->needupdate & umask) {
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:586:25: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
pst->needupdate ^= umask;
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:701:25: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
pst->validstate ^= umask;
data/pcp-5.2.2/src/pmdas/infiniband/ib.c:702:33: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
} else if (!(pst->validstate & umask)) {
data/pcp-5.2.2/src/pmdas/json/acme_json.c:174:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(working);
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:267:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(group_fd[i], buffer, bufsize)) < 0) {
data/pcp-5.2.2/src/pmdas/kvm/kvmstat.c:532:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/pcp-5.2.2/src/pmdas/linux/filesys.c:26:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, options, sizeof(buffer));
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:60:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(prefix, "Debian ", sizeof(prefix));
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:70:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(distro_name, prefix, len + sbuf.st_size);
data/pcp-5.2.2/src/pmdas/linux/getinfo.c:73:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(fd, distro_name + len, (int)sbuf.st_size);
data/pcp-5.2.2/src/pmdas/linux/linux_table.c:63:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->field_len = strlen(t->field);
data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c:73:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(start, VERSION_STR, strlen(VERSION_STR)) &&
data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c:74:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!(strncmp(ptr, SUPP_VERSION, strlen(SUPP_VERSION))))
data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c:106:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c:107:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/pcp-5.2.2/src/pmdas/linux/mem_bandwidth.c:110:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_ptr = start_ptr + strlen(line) - 1;
data/pcp-5.2.2/src/pmdas/linux/pmda.c:4908:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ &proc_locks.posix.read,
data/pcp-5.2.2/src/pmdas/linux/pmda.c:4917:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ &proc_locks.flock.read,
data/pcp-5.2.2/src/pmdas/linux/pmda.c:4926:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ &proc_locks.lease.read,
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:32:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(data);
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:45:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(data);
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:62:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(tmp_buf);
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:78:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(data);
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:168:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc_buddyinfo->buddys[i+j].node_name, node_name,
data/pcp-5.2.2/src/pmdas/linux/proc_buddyinfo.c:171:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc_buddyinfo->buddys[i+j].zone_name, zone_name,
data/pcp-5.2.2/src/pmdas/linux/proc_cpuinfo.c:59:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s) - 1;
data/pcp-5.2.2/src/pmdas/linux/proc_locks.c:33:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((sts = sscanf(buf, "%*d: %15s %*s %15s %*d", type, access)) != 2)
data/pcp-5.2.2/src/pmdas/linux/proc_locks.h:18:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int read;
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:66:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name, IF_NAMESIZE);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:76:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name, IF_NAMESIZE);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name, IF_NAMESIZE);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:94:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iwreq.ifr_ifrn.ifrn_name, name, IF_NAMESIZE);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:129:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name, IF_NAMESIZE);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:151:10: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int i = fscanf(fp, "%63s", buffer);
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:243:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(netip->hw_addr, value, sizeof(netip->hw_addr));
data/pcp-5.2.2/src/pmdas/linux/proc_net_dev.c:491:12: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (fscanf(fp, "%4s%4s%4s%4s%4s%4s%4s%4s %x %x %x %x %20s\n",
data/pcp-5.2.2/src/pmdas/linux/proc_net_snmp6.c:124:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->field_len = strlen(t->field);
data/pcp-5.2.2/src/pmdas/linux/proc_net_softnet.c:51:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt[strlen(fmt)] = '\0';
data/pcp-5.2.2/src/pmdas/linux/proc_net_tcp.c:47:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = read(fileno(fp), buf + remnant, BUFSIZ - remnant - 1);
data/pcp-5.2.2/src/pmdas/linux/proc_net_udp.c:49:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = read(fileno(fp), buf + remnant, BUFSIZ - remnant - 1);
data/pcp-5.2.2/src/pmdas/linux/proc_net_unix.c:53:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = read(fileno(fp), buf + remnant, BUFSIZ - remnant - 1);
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p, m = strlen(dname) - 1;
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:374:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, path, sizeof(path)-1) > 0) {
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:377:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, path, namelen-1);
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:397:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, dentry->d_name, namelen-1);
data/pcp-5.2.2/src/pmdas/linux/proc_partitions.c:438:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, dentry->d_name, namelen);
data/pcp-5.2.2/src/pmdas/linux/proc_pressure.c:42:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fmt, type, 4);
data/pcp-5.2.2/src/pmdas/linux/proc_stat.c:228:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((i = read(fd, statbuf + n, size)) > 0)
data/pcp-5.2.2/src/pmdas/linux/proc_tty.c:40:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(port, buf, (int)(p - buf));
data/pcp-5.2.2/src/pmdas/linux/proc_uptime.c:30:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf, sizeof(buf));
data/pcp-5.2.2/src/pmdas/linux/proc_zoneinfo.c:92:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fseek(fp, -(long)(strlen(buf)), 1);
data/pcp-5.2.2/src/pmdas/linux/sysfs_kernel.c:32:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(fd, buf, sizeof(buf))) <= 0)
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:65:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(sysdev, "st", 2) != 0 || !isdigit(sysdev[strlen(sysdev)-1]))
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:95:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(device->devname, sysdev, sizeof(device->devname)-1);
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:111:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tslen = strlen(ts);
data/pcp-5.2.2/src/pmdas/linux/sysfs_tapestats.c:123:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, strvalue, sizeof(strvalue)) <= 0) {
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:194:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &tmprec, sizeof(tmprec)) < sizeof(tmprec))
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:462:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pacct_system_file, tmppath, sizeof(pacct_system_file)-1);
data/pcp-5.2.2/src/pmdas/linux_proc/acct.c:546:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(acct_file.fd, tmprec, acct_file.record_size) < acct_file.record_size) {
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:363:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, options, sizeof(buffer));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:387:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, fs->options, sizeof(buffer));
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:394:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out, ",");
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:396:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out += strlen(s) + 1; /* +1 => cater for comma */
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:399:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = opts + strlen(s);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:427:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endp = cgroup + strlen(cgroup) + 1;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:439:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cid, p, len);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:444:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cid, p + 1, len);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:511:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length, mntlen = strlen(mnt) + 1;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:519:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cgpath);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:522:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(proc_statspath) + mntlen;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:616:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fmt, type, 4);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:674:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buffer);
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1236:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ "Read", &blkiops.read },
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.c:1282:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total->read += blkiops.read;
data/pcp-5.2.2/src/pmdas/linux_proc/cgroups.h:248:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__uint64_t read;
data/pcp-5.2.2/src/pmdas/linux_proc/config.c:126:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmdas/linux_proc/config.c:128:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:101:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
return strcpy(devpath, "?");
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:125:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ttyname, "?");
data/pcp-5.2.2/src/pmdas/linux_proc/getinfo.c:141:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ttyname, &fullpath[5], sizeof(ttyname));
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:1911:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atom->cp[strlen(atom->cp)-1] = '\0';
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:2948:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.io_merged.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:2963:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.io_queued.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:2978:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.io_service_bytes.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:2993:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.io_serviced.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3008:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.io_service_time.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3023:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.io_wait_time.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3046:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.throttle_io_service_bytes.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3061:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkdev->stats.throttle_io_serviced.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3077:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.io_merged.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3092:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.io_queued.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3107:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.io_service_bytes.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3122:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.io_serviced.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3137:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.io_service_time.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3152:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.io_wait_time.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3175:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.throttle_io_service_bytes.read;
data/pcp-5.2.2/src/pmdas/linux_proc/pmda.c:3190:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
atom->ull = blkio->total.throttle_io_serviced.read;
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:648:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cmd);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:650:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vars.fname, cmd, sizeof(vars.fname));
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:657:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vars.psargs, statentry->name+7, sizeof(vars.psargs));
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:684:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vars.uname, pwe->pw_name, sizeof(vars.uname));
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:694:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vars.gname, gre->gr_name, sizeof(vars.gname));
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:861:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((k = read(fd, buf+numlen, sizeof(buf)-numlen)) > 0) {
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:907:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((k = read(fd, buf+2, sizeof(buf)-4)) > 0) {
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:952:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ep->instname, ep->name, len);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1190:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(fd, buf, sizeof(buf))) <= 0)
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1864:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(target, ";", 2);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1873:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(target, s, len);
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1942:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((n = read(fd, buf, sizeof(buf))) < 0)
data/pcp-5.2.2/src/pmdas/linux_proc/proc_pid.c:1978:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((n = read(fd, buf, sizeof(buf))) < 0)
data/pcp-5.2.2/src/pmdas/linux_proc/proc_runq.c:37:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sz = read(fd, buf, sizeof(buf));
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:63:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devsz = strlen(fs->device);
data/pcp-5.2.2/src/pmdas/linux_xfs/filesys.c:103:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, options, sizeof(buffer));
data/pcp-5.2.2/src/pmdas/logger/event.c:36:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pathlen = strlen(logfiles[i].pathname);
data/pcp-5.2.2/src/pmdas/logger/event.c:59:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cmd, logfiles[i].pathname, sizeof(cmd));
data/pcp-5.2.2/src/pmdas/logger/event.c:146:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/pcp-5.2.2/src/pmdas/logger/event.c:161:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/pcp-5.2.2/src/pmdas/logger/event.c:189:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > MAXPATHLEN) {
data/pcp-5.2.2/src/pmdas/logger/event.c:225:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > MAXPATHLEN) {
data/pcp-5.2.2/src/pmdas/logger/event.c:242:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logfile->pmnsname, name, sizeof(logfile->pmnsname));
data/pcp-5.2.2/src/pmdas/logger/event.c:244:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logfile->pathname, ptr, sizeof(logfile->pathname));
data/pcp-5.2.2/src/pmdas/logger/event.c:290:19: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
buffer = (char *)memalign(getpagesize(), bufsize);
data/pcp-5.2.2/src/pmdas/logger/event.c:307:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(logfile->fd, buffer + offset, bufsize - 1 - offset);
data/pcp-5.2.2/src/pmdas/logger/util.c:36:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = str + strlen(str) - 1;
data/pcp-5.2.2/src/pmdas/lustrecomm/file_single.c:64:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (fd, b, sizeof(b))) < 0 ){
data/pcp-5.2.2/src/pmdas/lustrecomm/refresh_file.c:64:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (f_s->datap && (i = read (f_s->fd, f_s->datap, f_s->datas)) >= f_s->datas ){
data/pcp-5.2.2/src/pmdas/mailq/mailq.c:386:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("_delay[i].i_name", strlen(namebuf), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/mmv/acme.c:110:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(working);
data/pcp-5.2.2/src/pmdas/mmv/mmvdump.c:712:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file, argv[1], MAXPATHLEN);
data/pcp-5.2.2/src/pmdas/mmv/src/mmv.c:1455:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(progname, "pmda", 4) == 0 && strlen(progname) > 4 &&
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:266:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mounts[mount_number].i_name = malloc(strlen(mount_name) + 1);
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:324:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp->type, type, MAXFSTYPE-1);
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:327:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp->device, device, MAXPATHLEN-1);
data/pcp-5.2.2/src/pmdas/mounts/mounts.c:328:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mp->options, options, MAXOPTSTR-1);
data/pcp-5.2.2/src/pmdas/netbsd/netbsd.c:931:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("netbsd_init: CPU_INDOM strdup iname", strlen(iname), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/nvidia/nvidia.c:170:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("gcard instname", strlen(gpuname), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/openbsd/openbsd.c:963:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("openbsd_init: CPU_INDOM strdup iname", strlen(iname), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:292:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(buf, "config1", strlen("config1"))) {
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:294:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(buf, "config2", strlen("config2"))) {
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:424:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(ev_str, pmctmp->name, strlen(ev_str)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:482:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = buf + strlen(buf) - 1;
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:487:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:500:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:513:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:525:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:537:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:549:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:561:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:573:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:596:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = buf + strlen(buf) - 1;
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:602:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:615:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:627:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:639:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:651:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:663:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:675:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/parse_events.c:687:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(eventname, pmctmp->name, strlen(pmctmp->name)))
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:161:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_ptr = config_str + strlen(config_str - 1);
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:163:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(start_token, "event=", strlen("event=")))
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:165:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(start_token, "umask=", strlen("umask=")))
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:181:22: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
if (event_sel && umask)
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:182:20: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
*config = (umask << 8) | event_sel;
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:235:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(event_file, entry->d_name, MAX_EVENT_NAME-1);
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:715:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(eventname))) {
data/pcp-5.2.2/src/pmdas/perfevent/perfinterface.c:1175:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(info->fd, info->values, sizeof(info->values));
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:38:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perflock_filename = malloc( strlen(pcppmdasdir) + strlen( PERF_LOCK_PATH ) + 1);
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:38:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perflock_filename = malloc( strlen(pcppmdasdir) + strlen( PERF_LOCK_PATH ) + 1);
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:40:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(perflock_filename, pcppmdasdir, strlen(pcppmdasdir));
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:41:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(perflock_filename + strlen(pcppmdasdir), PERF_LOCK_PATH, strlen( PERF_LOCK_PATH ));
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:41:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(perflock_filename + strlen(pcppmdasdir), PERF_LOCK_PATH, strlen( PERF_LOCK_PATH ));
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:42:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perflock_filename[ strlen(pcppmdasdir) + strlen( PERF_LOCK_PATH ) ] = '\0';
data/pcp-5.2.2/src/pmdas/perfevent/perflock.c:42:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perflock_filename[ strlen(pcppmdasdir) + strlen( PERF_LOCK_PATH ) ] = '\0';
data/pcp-5.2.2/src/pmdas/pipe/event.c:176:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paramlen = strlen(paramtab[n-1]);
data/pcp-5.2.2/src/pmdas/pipe/event.c:187:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(q, paramtab[n-1], paramlen);
data/pcp-5.2.2/src/pmdas/pipe/event.c:192:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(q, " ", 2);
data/pcp-5.2.2/src/pmdas/pipe/event.c:195:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(paramtab[j]);
data/pcp-5.2.2/src/pmdas/pipe/event.c:206:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(q, paramtab[j], len+1);
data/pcp-5.2.2/src/pmdas/pipe/event.c:338:19: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
buffer = (char *)memalign(getpagesize(), bufsize);
data/pcp-5.2.2/src/pmdas/pipe/event.c:355:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(pipe->fd, buffer + offset, bufsize - 1 - offset);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:365:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sep = fscanf(fp, "%63s", buffer);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:533:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmie iname", strlen(dp->d_name), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:841:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ports[i].name), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:861:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ports[i].name), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:887:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pmies[i].name), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:908:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pmies[i].name), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:933:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(agent[i].pmDomainLabel), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:954:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(agent[i].pmDomainLabel), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:984:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buf), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1008:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buf), PM_RECOV_ERR);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1138:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(services[i]);
data/pcp-5.2.2/src/pmdas/pmcd/src/pmcd.c:1780:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(atom.cp);
data/pcp-5.2.2/src/pmdas/podman/varlink.c:132:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(link->signal_fd, &info, sizeof(info));
data/pcp-5.2.2/src/pmdas/podman/varlink.c:165:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = temp? strlen(temp) : 0;
data/pcp-5.2.2/src/pmdas/podman/varlink.c:168:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd, " ");
data/pcp-5.2.2/src/pmdas/process/process.c:181:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
processes[process_number].i_name = malloc(strlen(process_name) + 1);
data/pcp-5.2.2/src/pmdas/roomtemp/mlan/linuxlnk.c:209:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sts = read(fd,&inbuf[cnt],1)) != 1) {
data/pcp-5.2.2/src/pmdas/roomtemp/mlan/linuxlnk.c:404:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, ERR_MSG_57600, strlen(ERR_MSG_57600));
data/pcp-5.2.2/src/pmdas/roomtemp/mlan/linuxlnk.c:413:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, ERR_MSG_115200, strlen(ERR_MSG_115200));
data/pcp-5.2.2/src/pmdas/root/docker.c:114:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(base);
data/pcp-5.2.2/src/pmdas/root/docker.c:122:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path + childlen, base, bytes + 1);
data/pcp-5.2.2/src/pmdas/root/docker.c:213:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = docker_cgroup_search(path, strlen(path), cgroup, cp);
data/pcp-5.2.2/src/pmdas/root/docker.c:395:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qlength = strlen(query);
data/pcp-5.2.2/src/pmdas/root/docker.c:396:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilength = strlen(instname);
data/pcp-5.2.2/src/pmdas/root/lxc.c:45:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, lxc, sizeof(path));
data/pcp-5.2.2/src/pmdas/root/podman.c:98:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = strlen(base);
data/pcp-5.2.2/src/pmdas/root/podman.c:106:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path + childlen, base, bytes + 1);
data/pcp-5.2.2/src/pmdas/root/podman.c:159:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
podman_cgroup_search(name, strlen(name), cgroup, cp);
data/pcp-5.2.2/src/pmdas/root/podman.c:342:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0) {
data/pcp-5.2.2/src/pmdas/root/podman.c:446:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qlength = strlen(query);
data/pcp-5.2.2/src/pmdas/root/podman.c:447:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilength = strlen(instname);
data/pcp-5.2.2/src/pmdas/root/root.c:519:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(buffer);
data/pcp-5.2.2/src/pmdas/root/root.c:614:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cgroup);
data/pcp-5.2.2/src/pmdas/root/root.c:635:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/pcp-5.2.2/src/pmdas/root/root.c:864:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_path, opts.optarg, sizeof(socket_path));
data/pcp-5.2.2/src/pmdas/rpm/rpm.c:573:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_count = read(fd, buffer, EVENT_BUF_LEN);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1222:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocsz = roundup(strlen("13")+1, 8);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1224:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(_string, "13", strlen("13")+1);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1224:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(_string, "13", strlen("13")+1);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1229:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocsz = roundup(PM_VAL_HDR_SIZE + strlen("hullo world!"), 8);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1231:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_aggr34->vlen = PM_VAL_HDR_SIZE + strlen("hullo world!");
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1233:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(_aggr34->vbuf, "hullo world!", strlen("hullo world!"));
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1234:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocsz = roundup(PM_VAL_HDR_SIZE + strlen("13"), 8);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1236:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_aggr35->vlen = PM_VAL_HDR_SIZE + strlen("13");
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1238:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(_aggr35->vbuf, "13", strlen("13"));
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1346:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(idp->it_set[i].i_name) >= len &&
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1416:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(pfx)+strlen(dynamic_ones[i].name)+1;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1416:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(pfx)+strlen(dynamic_ones[i].name)+1;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1435:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(pfx);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1437:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(dynamic_ones[i].name);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1470:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(p);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1528:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(chn[nmatch-1], &q[namelen+1], tlen);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1540:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = pfxlen + strlen(dynamic_ones[i].name) + 2;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1545:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(chn[nmatch-1], name, pfxlen);
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1568:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(chn[j])+1;
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:1993:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)sivb->vbuf, si.dummy, sizeof(struct sysinfo));
data/pcp-5.2.2/src/pmdas/sample/src/sample.c:2494:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atom.ul = strlen(_ghosts[inst-1].i_name);
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:63:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(device_info->model_family) == 0)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:82:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(device_info->sector_size) == 0)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:89:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(device_info->rotation_rate) == 0)
data/pcp-5.2.2/src/pmdas/smart/smart_stats.c:96:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(device_info->firmware_version) == 0)
data/pcp-5.2.2/src/pmdas/solaris/vnops.c:84:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mp = malloc(sizeof(*mp) + strlen(m.mnt_mountp) + 1);
data/pcp-5.2.2/src/pmdas/solaris/zpool_perdisk.c:47:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(pname) + strlen(cname) + 2;
data/pcp-5.2.2/src/pmdas/solaris/zpool_perdisk.c:47:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(pname) + strlen(cname) + 2;
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c:144:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tags_length = strlen(tags) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c:172:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t label_segment_length = strlen(buffer) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metric-labels.c:195:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t labels_length = strlen(datagram->tags) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:215:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config->debug_output_filename) == 0) {
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:301:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(datagram->name) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-metrics.c:304:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*out)->name, datagram->name, len);
data/pcp-5.2.2/src/pmdas/statsd/src/aggregator-stats.c:144:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config->debug_output_filename) == 0) {
data/pcp-5.2.2/src/pmdas/statsd/src/config-reader.c:57:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(value) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/dict-callbacks.c:45:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(key) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/dict-callbacks.c:62:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return dictGenCaseHashFunction((unsigned char*)key, strlen((char*)key));
data/pcp-5.2.2/src/pmdas/statsd/src/network-listener.c:115:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(end_message) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:71:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(buffer);
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:86:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t count = strlen(buffer) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:177:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_len = strlen(tag_key) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/parser-basic.c:178:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_len = strlen(tag_value) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/pmda-callbacks.c:884:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(config->debug_output_filename) + 1;
data/pcp-5.2.2/src/pmdas/statsd/src/utils.c:72:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t segment_length = strlen(src);
data/pcp-5.2.2/src/pmdas/statsd/src/utils.c:113:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t segment_length = strlen(src);
data/pcp-5.2.2/src/pmdas/statsd/src/utils.c:148:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t segment_length = strlen(src);
data/pcp-5.2.2/src/pmdas/summary/pmda.c:71:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]) + 1;
data/pcp-5.2.2/src/pmdas/summary/pmda.c:83:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command, " ");
data/pcp-5.2.2/src/pmdas/systemd/systemd.c:204:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursor, strlen(cursor)+1 /* \0 */, ×tamp);
data/pcp-5.2.2/src/pmdas/trace/app2.c:153:2: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(foo);
data/pcp-5.2.2/src/pmdas/trace/app3.c:163:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(foo);
data/pcp-5.2.2/src/pmdas/txmon/txmon.c:348:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sp->type, argv[opts.optind++], MAXNAMESIZE);
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:207:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:225:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:248:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:255:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:286:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/weblog/pmda.c:293:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF) {
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1269:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(fip->filePtr, fip->bend, FIBUFSIZE-nch);
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1611:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(sprocData->inFD[0], &i, sizeof(i));
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1785:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc->methodStr, &line[pmatch[wl_regexTable[accessFile->format].methodPos].rm_so],
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1790:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc->sizeStr, &line[pmatch[wl_regexTable[accessFile->format].sizePos].rm_so],
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1796:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc->c_statusStr, &line[pmatch[wl_regexTable[accessFile->format].c_statusPos].rm_so],
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:1801:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(proc->s_statusStr, &line[pmatch[wl_regexTable[accessFile->format].s_statusPos].rm_so],
data/pcp-5.2.2/src/pmdas/weblog/weblog.c:2357:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = read(thisFD, &dummy, sizeof(dummy));
data/pcp-5.2.2/src/pmdas/windows/helptext.c:75:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
*buf = windows_fmt(strncpy(texts, &metricdesc[i].pat[0], sizeof(texts)));
data/pcp-5.2.2/src/pmdas/windows/helptext.c:81:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
*buf = windows_fmt(strncpy(texts, text, sizeof(texts)));
data/pcp-5.2.2/src/pmdas/windows/instance.c:86:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p, q - p);
data/pcp-5.2.2/src/pmdas/windows/instance.c:170:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p, q - p);
data/pcp-5.2.2/src/pmdas/windows/instance.c:225:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p, q - p);
data/pcp-5.2.2/src/pmdas/windows/instance.c:275:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p, q - p);
data/pcp-5.2.2/src/pmdas/windows/instance.c:335:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, p, q - p);
data/pcp-5.2.2/src/pmdas/windows/open.c:100:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char *)realloc(name, strlen(name)+strlen(suff)+1);
data/pcp-5.2.2/src/pmdas/windows/open.c:100:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char *)realloc(name, strlen(name)+strlen(suff)+1);
data/pcp-5.2.2/src/pmdas/windows/open.c:220:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
windows_build = name + strlen(name) + 1;
data/pcp-5.2.2/src/pmdas/windows/pdhlist.c:58:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr) + 1;
data/pcp-5.2.2/src/pmdate/pmdate.c:142:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need = strlen(argv[1]) + 256;
data/pcp-5.2.2/src/pmdumplog/pmdumplog.c:878:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
check = fgetc(f);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:279:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:291:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:363:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, ctime(&curTime), 20);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:394:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(timeStr);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:445:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, (const char *)str.toLatin1(), width);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:532:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, (const char *)str.toLatin1(), width);
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:751:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opts.optarg) == 2 && opts.optarg[0] == '\\') {
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:763:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(opts.optarg) > 1) {
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:1207:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer+1, (const char *)metric->stringValue(i).toLatin1(),
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:1223:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer+1, (const char *)metric->stringValue(i).toLatin1(),
data/pcp-5.2.2/src/pmdumptext/pmdumptext.cpp:1231:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer+1, (const char *)metric->stringValue(i).toLatin1(),
data/pcp-5.2.2/src/pmfind/pmfind.c:114:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
existingLen = strlen(options);
data/pcp-5.2.2/src/pmfind/pmfind.c:123:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optionLen = strlen(option);
data/pcp-5.2.2/src/pmfind/pmfind.c:126:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argLen = strlen(arg);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:64:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("short_options", strlen(start), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:73:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("short_usage", strlen(start), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:209:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("argname", strlen(token), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:213:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("longopt", strlen(start), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:216:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("message", strlen(token), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("argname", strlen(token), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:250:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("longopt", strlen(start), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:253:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("message", strlen(start), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:271:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("argname", strlen(token), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:279:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("message", strlen(start), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmgetopt/pmgetopt.c:329:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buffer);
data/pcp-5.2.2/src/pmie/src/dstruct.c:390:9: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
p = memalign(align, size);
data/pcp-5.2.2/src/pmie/src/dstruct.c:421:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("pmie.sdup", strlen(p), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmie/src/lexicon.c:175:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(lin->stream);
data/pcp-5.2.2/src/pmie/src/lexicon.c:214:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->name = (char *) alloc(strlen(name) + 1);
data/pcp-5.2.2/src/pmie/src/lexicon.c:253:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lin->name = (char *) alloc(strlen(name) + 1);
data/pcp-5.2.2/src/pmie/src/lexicon.c:519:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lt2->key) == i &&
data/pcp-5.2.2/src/pmie/src/lexicon.c:604:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yylval.s = (char *) alloc(strlen(&token[0]) + 1);
data/pcp-5.2.2/src/pmie/src/pmie.c:138:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pcp-5.2.2/src/pmie/src/pmie.c:145:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/pcp-5.2.2/src/pmie/src/pmie.c:372:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(perf->logfile, path, sizeof(perf->logfile));
data/pcp-5.2.2/src/pmie/src/pmie.c:376:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(perf->defaultfqdn, "(uninitialized)", sizeof(perf->defaultfqdn));
data/pcp-5.2.2/src/pmie/src/pmie_dump_stats.c:47:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sts = read(fd, &stats, sizeof(stats))) != sizeof(stats)) {
data/pcp-5.2.2/src/pmie/src/pragmatics.c:119:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(perf->defaultfqdn, symName(*host), sizeof(perf->defaultfqdn));
data/pcp-5.2.2/src/pmie/src/pragmatics.c:171:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (indomlen == 0) indomlen = strlen(indomname);
data/pcp-5.2.2/src/pmie/src/pragmatics.c:172:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mylen == 0) mylen = strlen(myname);
data/pcp-5.2.2/src/pmie/src/pragmatics.c:534:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp) == 0) {
data/pcp-5.2.2/src/pmie/src/pragmatics.c:540:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("host name copy", strlen(tmp)+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmie/src/show.c:120:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((slen = strlen(string1)) == 0)
data/pcp-5.2.2/src/pmie/src/show.c:307:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dog, " ");
data/pcp-5.2.2/src/pmie/src/show.c:312:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dog, "unknown", BOOLEAN_SPACE);
data/pcp-5.2.2/src/pmie/src/show.c:313:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dog += strlen("unknown");
data/pcp-5.2.2/src/pmie/src/show.c:319:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dog, "false", BOOLEAN_SPACE);
data/pcp-5.2.2/src/pmie/src/show.c:320:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dog += strlen("false");
data/pcp-5.2.2/src/pmie/src/show.c:323:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dog, "true", BOOLEAN_SPACE);
data/pcp-5.2.2/src/pmie/src/show.c:324:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dog += strlen("true");
data/pcp-5.2.2/src/pmie/src/show.c:327:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dog, "unknown", BOOLEAN_SPACE);
data/pcp-5.2.2/src/pmie/src/show.c:328:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dog += strlen("unknown");
data/pcp-5.2.2/src/pmie/src/show.c:349:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen((char *)x->smpls[0].ptr);
data/pcp-5.2.2/src/pmie/src/show.c:377:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen += strlen(*cp) + 2;
data/pcp-5.2.2/src/pmie/src/show.c:389:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dog += strlen(*cp);
data/pcp-5.2.2/src/pmie/src/show.c:418:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dog, " ");
data/pcp-5.2.2/src/pmie/src/show.c:435:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dog += strlen("unknown");
data/pcp-5.2.2/src/pmie/src/show.c:438:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dog, "?");
data/pcp-5.2.2/src/pmie/src/show.c:461:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dog, "!");
data/pcp-5.2.2/src/pmie/src/stomp.c:391:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stomp_write(msg, strlen(msg)) < 0)
data/pcp-5.2.2/src/pmie/src/symbol.c:175:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy = (char *) alloc(strlen(name) + 1);
data/pcp-5.2.2/src/pmie/src/syntax.c:364:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x->tspan = strlen(str);
data/pcp-5.2.2/src/pmie/src/syntax.c:819:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int) strlen(s) + 1;
data/pcp-5.2.2/src/pmie/src/systemlog.c:175:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->ring = (char *)alloc(sizeof(int)+strlen(tag)+1);
data/pcp-5.2.2/src/pmieconf/io.c:103:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(0, &c, 1) != 1) {
data/pcp-5.2.2/src/pmieconf/pmieconf.c:800:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inbuf[c], argv[opts.optind++], MAXBUFLEN);
data/pcp-5.2.2/src/pmieconf/rate-syscalls.c:66:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, &c, 1);
data/pcp-5.2.2/src/pmieconf/rules.c:472:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s = alloc_string(strlen(value)+1)) == NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:719:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s = alloc_string(strlen(value)+1)) == NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:750:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sts = strlen(value)+1;
data/pcp-5.2.2/src/pmieconf/rules.c:805:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = (strlen(s) + len + 1);
data/pcp-5.2.2/src/pmieconf/rules.c:823:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(s, append, len);
data/pcp-5.2.2/src/pmieconf/rules.c:863:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(localbuf, mark, sptr - mark);
data/pcp-5.2.2/src/pmieconf/rules.c:891:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s = append_string(s, r, strlen(r))) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:905:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = append_string(s, mark, strlen(mark));
data/pcp-5.2.2/src/pmieconf/rules.c:925:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1038:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*attr = alloc_string(strlen(token)+1)) == NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:1058:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*value = alloc_string(strlen(token)+1)) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:1128:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*name = alloc_string(strlen(token)+1)) == NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:1164:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s = alloc_string(strlen(value)+1)) == NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:1170:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s = alloc_string(strlen(value)+1)) == NULL)
data/pcp-5.2.2/src/pmieconf/rules.c:1269:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1843:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname[strlen(fname)] = '/'; /* stitch together */
data/pcp-5.2.2/src/pmieconf/rules.c:1898:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1903:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(f) != '/') return 0;
data/pcp-5.2.2/src/pmieconf/rules.c:1904:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(f) != '/') return 0;
data/pcp-5.2.2/src/pmieconf/rules.c:1921:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1924:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1936:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1954:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/pcp-5.2.2/src/pmieconf/rules.c:1959:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(f) != '/') return 0;
data/pcp-5.2.2/src/pmieconf/rules.c:1960:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getc(f) != '/') return 0;
data/pcp-5.2.2/src/pmieconf/rules.c:1974:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(str);
data/pcp-5.2.2/src/pmieconf/rules.c:2075:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(rule = alloc_string(strlen(token)+1)) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:2084:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(attrib = alloc_string(strlen(token)+1)) == NULL) {
data/pcp-5.2.2/src/pmieconf/rules.c:2101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(value = alloc_string(strlen(token)+1)) == NULL) {
data/pcp-5.2.2/src/pmiestatus/pmiestatus.c:46:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(f, &ps, sizeof(ps)) != sizeof(ps)) {
data/pcp-5.2.2/src/pminfo/pminfo.c:633:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&shactx, (unsigned char *)labels, strlen(labels));
data/pcp-5.2.2/src/pminfo/pminfo.c:651:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&shactx, (unsigned char *)buffer, strlen(buffer));
data/pcp-5.2.2/src/pminfo/pminfo.c:666:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&shactx, (unsigned char *)buffer, strlen(buffer));
data/pcp-5.2.2/src/pmlc/actions.c:111:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("Error copying host name", strlen(lasthost), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlc/actions.c:116:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("Error copying host name", strlen(lsp->ls_fqdn), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlc/actions.c:163:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("Error copying host name", strlen(hostname), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlc/actions.c:664:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
startbuf[strlen(startbuf)-1] = '\0'; /* zap the '\n' at the end */
data/pcp-5.2.2/src/pmlc/actions.c:667:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastbuf[strlen(lastbuf)-1] = '\0';
data/pcp-5.2.2/src/pmlc/actions.c:670:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timenowbuf[strlen(timenowbuf)-1] = '\0';
data/pcp-5.2.2/src/pmlogcheck/pass0.c:142:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logBase, fname, sizeof(logBase));
data/pcp-5.2.2/src/pmlogcheck/pass0.c:146:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = logBase + strlen(logBase) + 1;
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:109:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(archbasename);
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:126:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logBase, dp->d_name, sizeof(logBase));
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:250:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, namelist[i]->d_name, sizeof(path));
data/pcp-5.2.2/src/pmlogcheck/pmlogcheck.c:308:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(archname, archbasename, sizeof(archname) - 1);
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:581:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = trim(p + strlen(group->metric));
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:626:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((length = strlen(group->value)) > 0)
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1001:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IWGRP|S_IWOTH);
data/pcp-5.2.2/src/pmlogconf/pmlogconf.c:1011:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmlogconf/util.c:114:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_length = strlen(value);
data/pcp-5.2.2/src/pmlogconf/util.c:115:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:126:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_length = strlen(value);
data/pcp-5.2.2/src/pmlogconf/util.c:127:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:143:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_length = strlen(value);
data/pcp-5.2.2/src/pmlogconf/util.c:144:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:155:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_length = strlen(value);
data/pcp-5.2.2/src/pmlogconf/util.c:156:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:167:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_length = strlen(value);
data/pcp-5.2.2/src/pmlogconf/util.c:168:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:179:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_length = strlen(value);
data/pcp-5.2.2/src/pmlogconf/util.c:180:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:191:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:204:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t given_length = strlen(given);
data/pcp-5.2.2/src/pmlogconf/util.c:247:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
callback(line, strlen(line), arg);
data/pcp-5.2.2/src/pmlogconf/util.c:317:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(s = realloc(string, strlen(string) + length)))
data/pcp-5.2.2/src/pmlogextract/pmlogextract.c:498:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_hostname, f_iap->label.ll_hostname, PM_LOG_MAXHOSTLEN);
data/pcp-5.2.2/src/pmlogger/src/callback.c:486:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(names[i]) + 1;
data/pcp-5.2.2/src/pmlogger/src/callback.c:509:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(tp->t_namelist[i]) + 1;
data/pcp-5.2.2/src/pmlogger/src/callback.c:526:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += (strlen(names[j]) + 1);
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:1299:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ls.ls_hostname, logctl.l_label.ill_hostname, end);
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:1312:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ls.ls_fqdn, pmcd_host_conn, end);
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:1316:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ls.ls_tz, logctl.l_label.ill_tz, end);
data/pcp-5.2.2/src/pmlogger/src/dopdu.c:1320:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ls.ls_tzlogger, tzlogger, end);
data/pcp-5.2.2/src/pmlogger/src/events.c:78:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_size = strlen("event_param")+3+1+4+1+4+1;
data/pcp-5.2.2/src/pmlogger/src/logue.c:150:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(path, "/", 2);
data/pcp-5.2.2/src/pmlogger/src/logue.c:151:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path, archName, MAXPATHLEN-strlen(path));
data/pcp-5.2.2/src/pmlogger/src/logue.c:151:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, archName, MAXPATHLEN-strlen(path));
data/pcp-5.2.2/src/pmlogger/src/logue.c:223:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((instname = (char **)malloc(sizeof(char *)+strlen(path)+1)) == NULL) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:241:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ptr);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:338:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = (int)strlen(p);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:458:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("do_dialog", strlen(pmGetConfig("PCP_XCONFIRM_PROG"))+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:663:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("save_args", strlen(argv[i]) + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:673:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv_saved[mflag]) > 2) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:695:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("save_args", strlen("-mreexec") + 1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:721:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dir, logdir, strlen(logdir)) != 0) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:797:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(sysconf)+strlen("/config/pmlogger/")+strlen(opts.optarg)+1;
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:797:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(sysconf)+strlen("/config/pmlogger/")+strlen(opts.optarg)+1;
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:797:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(sysconf)+strlen("/config/pmlogger/")+strlen(opts.optarg)+1;
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1049:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("main: archName", strlen(argv[opts.optind])+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1055:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("main: strdup archBase", strlen(argv[opts.optind])+1, PM_FATAL_ERR);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1106:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pmcd_host) == 0) {
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1210:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(archName, archBase, strlen(archBase)+1);
data/pcp-5.2.2/src/pmlogger/src/pmlogger.c:1456:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(rsc_fd, &myc, 1) <= 0) {
data/pcp-5.2.2/src/pmlogger/src/ports.c:558:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
baselen = strlen(path) + 1;
data/pcp-5.2.2/src/pmlogger/src/ports.c:855:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hostName == NULL || strlen(hostName) > MAXHOSTNAMELEN-1) {
data/pcp-5.2.2/src/pmloglabel/pmloglabel.c:316:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(golden.ill_hostname, host, PM_LOG_MAXHOSTLEN-1);
data/pcp-5.2.2/src/pmloglabel/pmloglabel.c:321:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(golden.ill_tz, tz, PM_TZ_MAXLEN-1);
data/pcp-5.2.2/src/pmlogpaste/pmlogpaste.c:247:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append_input(argv[opt], strlen(argv[opt]));
data/pcp-5.2.2/src/pmlogreduce/logio.c:58:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_hostname, ilabel.ll_hostname, PM_LOG_MAXHOSTLEN);
data/pcp-5.2.2/src/pmlogreduce/logio.c:60:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_tz, ilabel.ll_tz, PM_TZ_MAXLEN);
data/pcp-5.2.2/src/pmlogrewrite/indom.c:241:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(&strbuf[ntohl(ip[i])]) + 1;
data/pcp-5.2.2/src/pmlogrewrite/indom.c:253:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/pcp-5.2.2/src/pmlogrewrite/indom.c:406:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
need += strlen(inamelist[j]) + 1;
data/pcp-5.2.2/src/pmlogrewrite/indom.c:417:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/pcp-5.2.2/src/pmlogrewrite/label.c:256:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label_len = label != NULL ? strlen(label) : 0;
data/pcp-5.2.2/src/pmlogrewrite/label.c:257:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = value != NULL ? strlen(value) : 0;
data/pcp-5.2.2/src/pmlogrewrite/label.c:497:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target_label_len = strlen(lp->old_label);
data/pcp-5.2.2/src/pmlogrewrite/label.c:521:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_label_len = strlen(lp->new_label) - 2;
data/pcp-5.2.2/src/pmlogrewrite/label.c:595:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target_value_len = strlen(lp->old_value);
data/pcp-5.2.2/src/pmlogrewrite/label.c:617:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_value_len = strlen(lp->new_value);
data/pcp-5.2.2/src/pmlogrewrite/label.c:897:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_label_len = strlen(new_label);
data/pcp-5.2.2/src/pmlogrewrite/metric.c:130:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*names)[i], p, slen);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:157:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_hostname, global.hostname, PM_LOG_MAXHOSTLEN);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:159:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_hostname, inarch.label.ll_hostname, PM_LOG_MAXHOSTLEN);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:162:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_tz, global.tz, PM_TZ_MAXLEN);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:164:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lp->ill_tz, inarch.label.ll_tz, PM_TZ_MAXLEN);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1567:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, argv[argc-1], sizeof(path));
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1569:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dname, dirname(path), sizeof(dname));
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1577:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1579:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1587:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1589:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1594:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, argv[argc-1], sizeof(path));
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1596:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, basename(path), sizeof(fname));
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1598:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dname, dirname(path), sizeof(dname));
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1613:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1615:6: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1624:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmlogrewrite/pmlogrewrite.c:1626:6: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmlogrewrite/util.c:110:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, old, sizeof(path));
data/pcp-5.2.2/src/pmlogrewrite/util.c:117:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, old, sizeof(path));
data/pcp-5.2.2/src/pmlogrewrite/util.c:130:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logbase, dp->d_name, sizeof(logbase));
data/pcp-5.2.2/src/pmlogrewrite/util.c:139:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &dp->d_name[strlen(obase)];
data/pcp-5.2.2/src/pmlogrewrite/util.c:158:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmLogRename: strdup", strlen(p)+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/pmlogrewrite/util.c:221:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, name, sizeof(path));
data/pcp-5.2.2/src/pmlogrewrite/util.c:225:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmLogRemove: dirname strdup", strlen(dirname(path))+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/pmlogrewrite/util.c:235:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, name, sizeof(path));
data/pcp-5.2.2/src/pmlogrewrite/util.c:239:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("__pmLogRemove: basename strdup", strlen(basename(path))+1, PM_RECOV_ERR);
data/pcp-5.2.2/src/pmlogrewrite/util.c:253:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logbase, dp->d_name, sizeof(logbase));
data/pcp-5.2.2/src/pmlogrewrite/util.c:265:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = &dp->d_name[strlen(logbase)];
data/pcp-5.2.2/src/pmlogrewrite/util.c:284:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &dp->d_name[strlen(base)];
data/pcp-5.2.2/src/pmlogrewrite/util.c:312:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s1) + strlen(s2) + 1;
data/pcp-5.2.2/src/pmlogrewrite/util.c:312:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s1) + strlen(s2) + 1;
data/pcp-5.2.2/src/pmlogrewrite/util.c:331:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 2 + 1;
data/pcp-5.2.2/src/pmlogsize/meta.c:208:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indomp->dup_bytes += 2*sizeof(__pmPDU) + strlen(indomp->inst_tab[k].name) + 1;
data/pcp-5.2.2/src/pmlogsize/meta.c:210:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indomp->bytes += 2*sizeof(__pmPDU) + strlen(indomp->inst_tab[k].name) + 1;
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:67:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argbasename);
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:84:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logBase, dp->d_name, sizeof(logBase));
data/pcp-5.2.2/src/pmlogsize/pmlogsize.c:256:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, filelist[i]->d_name, sizeof(path));
data/pcp-5.2.2/src/pmns/pmnsdel.c:55:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(np->name) == nch && strncmp(name, np->name, (int)nch) == 0)
data/pcp-5.2.2/src/pmns/pmnsdel.c:117:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pmnsfile, p, MAXPATHLEN);
data/pcp-5.2.2/src/pmns/pmnsdel.c:141:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pmnsfile, opts.optarg, MAXPATHLEN);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:95:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*p == '\0' || strncmp(p, STAMP, strlen(STAMP)) != 0)
data/pcp-5.2.2/src/pmns/pmnsmerge.c:97:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(STAMP);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:133:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(np->name) == nch && strncmp(name, np->name, (int)nch) == 0)
data/pcp-5.2.2/src/pmns/pmnsmerge.c:152:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(np->name, name, nch);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:186:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char *)malloc(strlen(path)+strlen(p->name)+2);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:186:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char *)malloc(strlen(path)+strlen(p->name)+2);
data/pcp-5.2.2/src/pmns/pmnsmerge.c:191:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, ".");
data/pcp-5.2.2/src/pmns/pmnsmerge.c:211:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask((mode_t)022); /* anything else is pretty silly */
data/pcp-5.2.2/src/pmns/pmnsutil.c:43:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = (char *)malloc(strlen(path)+strlen(q->name)+2);
data/pcp-5.2.2/src/pmns/pmnsutil.c:43:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newpath = (char *)malloc(strlen(path)+strlen(q->name)+2);
data/pcp-5.2.2/src/pmns/pmnsutil.c:50:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newpath, ".");
data/pcp-5.2.2/src/pmpost/pmpost.c:112:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0002);
data/pcp-5.2.2/src/pmprobe/pmprobe.c:89:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("strdup name", strlen(name), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmprobe/pmprobe.c:257:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(namelist[batchidx + b]) + 32; /* approx PDU len, per name */
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:311:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__pmSend(fd, MY_VERSION, strlen(MY_VERSION), 0) != strlen(MY_VERSION)) {
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:311:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (__pmSend(fd, MY_VERSION, strlen(MY_VERSION), 0) != strlen(MY_VERSION)) {
data/pcp-5.2.2/src/pmproxy/src/deprecated.c:340:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmNoMem("PMCD.hostname", strlen(buf), PM_FATAL_ERR);
data/pcp-5.2.2/src/pmproxy/src/openmetrics.c:29:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(hp->data);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:57:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(log)) != EOF)
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:335:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/pcp-5.2.2/src/pmproxy/src/pmproxy.c:369:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newlogfile, logfile, MAXPATHLEN-1);
data/pcp-5.2.2/src/pmproxy/src/secure.c:72:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIO_set_nbio(client->secure.read, 1);
data/pcp-5.2.2/src/pmproxy/src/secure.c:74:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SSL_set_bio(client->secure.ssl, client->secure.read, client->secure.write);
data/pcp-5.2.2/src/pmproxy/src/secure.c:101:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sts = BIO_write_ex(client->secure.read, buf->base + bytes, nread - bytes, &bytes);
data/pcp-5.2.2/src/pmproxy/src/secure.c:337:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((length = strlen(version)) > 20)
data/pcp-5.2.2/src/pmproxy/src/server.h:117:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BIO *read;
data/pcp-5.2.2/src/pmquery/main.cpp:57:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(prefix, " ", 2);
data/pcp-5.2.2/src/pmquery/main.cpp:58:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(prefix, option, total);
data/pcp-5.2.2/src/pmquery/main.cpp:65:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(arg) + 1;
data/pcp-5.2.2/src/pmquery/main.cpp:77:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string, arg, length);
data/pcp-5.2.2/src/pmquery/main.cpp:84:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += 1 + strlen(arg) + 1;
data/pcp-5.2.2/src/pmsearch/pmsearch.c:151:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = sdscatlen(value, on, strlen(on));
data/pcp-5.2.2/src/pmsearch/pmsearch.c:153:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = sdscatlen(value, off, strlen(off));
data/pcp-5.2.2/src/pmsearch/pmsearch.c:160:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = sdscatlen(value, start, strlen(start));
data/pcp-5.2.2/src/pmsearch/pmsearch.c:172:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = sdscatlen(value, end, strlen(end));
data/pcp-5.2.2/src/pmseries/pmseries.c:1299:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[c]) != 40)
data/pcp-5.2.2/src/pmstat/pmstat.c:219:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((length = strlen(name)) == 0)
data/pcp-5.2.2/src/pmstat/pmstat.c:555:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%-7s", strlen(fn) <= 7 ? fn : fn + strlen(fn) - 7);
data/pcp-5.2.2/src/pmstat/pmstat.c:555:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%-7s", strlen(fn) <= 7 ? fn : fn + strlen(fn) - 7);
data/pcp-5.2.2/src/pmtime/pmtimearch.cpp:580:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
emit tzPulse(&my.pmtime, tz->tz(), strlen(tz->tz()) + 1,
data/pcp-5.2.2/src/pmtime/pmtimearch.cpp:581:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tz->tzlabel(), strlen(tz->tzlabel()) + 1);
data/pcp-5.2.2/src/pmtime/pmtimearch.cpp:603:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((label = strdup(string + strlen(string) + 1)) == NULL) {
data/pcp-5.2.2/src/pmtime/pmtimelive.cpp:254:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
emit tzPulse(&my.pmtime, tz->tz(), strlen(tz->tz()) + 1,
data/pcp-5.2.2/src/pmtime/pmtimelive.cpp:255:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tz->tzlabel(), strlen(tz->tzlabel()) + 1);
data/pcp-5.2.2/src/pmtime/pmtimelive.cpp:277:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((label = strdup(string + strlen(string) + 1)) == NULL) {
data/pcp-5.2.2/src/pmtime/timelord.cpp:145:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = my.socket->read((char *)&packet, sizeof(PmTime::Packet));
data/pcp-5.2.2/src/pmtime/timelord.cpp:166:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if ((len = my.socket->read(payload, sz)) != sz) {
data/pcp-5.2.2/src/pmtrace/pmtrace.c:135:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = strlen(api.host) + 20;
data/pcp-5.2.2/src/pmval/pmval.c:448:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ip->name) > cols) {
data/pcp-5.2.2/src/pmval/pmval.c:452:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ip->name) > cols-3)
data/pcp-5.2.2/src/pmval/pmval.c:1095:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context.hostname) == 0) {
data/pcp-5.2.2/src/pmview/barmod.cpp:470:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) && str[0] == theBarId)
data/pcp-5.2.2/src/pmview/launch.cpp:369:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(launch_path, env, sizeof(launch_path)-1);
data/pcp-5.2.2/src/pmview/launch.cpp:388:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sts = write(fd, str, strlen(str))) != (int)strlen(str)) {
data/pcp-5.2.2/src/pmview/launch.cpp:388:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sts = write(fd, str, strlen(str))) != (int)strlen(str)) {
data/pcp-5.2.2/src/pmview/launch.cpp:390:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< " not " << strlen(str) << endl;
data/pcp-5.2.2/src/pmview/launch.cpp:396:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sts = write(fd, str, strlen(str))) != (int)strlen(str)) {
data/pcp-5.2.2/src/pmview/launch.cpp:396:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sts = write(fd, str, strlen(str))) != (int)strlen(str)) {
data/pcp-5.2.2/src/pmview/launch.cpp:398:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< " not " << strlen(str)
data/pcp-5.2.2/src/pmview/main.cpp:225:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmview/main.cpp:227:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmview/main.cpp:231:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
cur_umask = umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/pcp-5.2.2/src/pmview/main.cpp:233:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(cur_umask);
data/pcp-5.2.2/src/pmview/metriclist.cpp:207:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (theMetric->source && strlen(theMetric->source) > 0) {
data/pcp-5.2.2/src/pmview/modlist.cpp:164:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) && str[0] == theModListId) {
data/pcp-5.2.2/src/pmview/stackmod.cpp:496:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) && str[0] == theStackId)
data/pcp-5.2.2/src/python/pmda.c:492:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(set) < 2)
data/pcp-5.2.2/src/telnet-probe/telnet-probe.c:148:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(stdin)) != EOF) {
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:176:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metric = (char *)malloc(strlen(ZBX_PCP_METRIC_PREFIX) + strlen(name) + 1);
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:176:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metric = (char *)malloc(strlen(ZBX_PCP_METRIC_PREFIX) + strlen(name) + 1);
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:196:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int prefixlen = strlen(prefix);
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:258:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *metric[] = { request->key + strlen(ZBX_PCP_METRIC_PREFIX) };
data/pcp-5.2.2/src/zabbix-agent/src/zbxpcp.c:305:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(request->nparam == 1 && !strlen(inst))) {
ANALYSIS SUMMARY:
Hits = 5209
Lines analyzed = 480022 in approximately 12.96 seconds (37050 lines/second)
Physical Source Lines of Code (SLOC) = 354448
Hits@level = [0] 10924 [1] 1310 [2] 2893 [3] 410 [4] 582 [5] 14
Hits@level+ = [0+] 16133 [1+] 5209 [2+] 3899 [3+] 1006 [4+] 596 [5+] 14
Hits/KSLOC@level+ = [0+] 45.5158 [1+] 14.6961 [2+] 11.0002 [3+] 2.83822 [4+] 1.68149 [5+] 0.039498
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.