Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qxw-20140331/draw.c
Examining data/qxw-20140331/qxw.c
Examining data/qxw-20140331/draw.h
Examining data/qxw-20140331/filler.c
Examining data/qxw-20140331/gui.h
Examining data/qxw-20140331/gui.c
Examining data/qxw-20140331/qxw.h
Examining data/qxw-20140331/examples/plugin_behead.c
Examining data/qxw-20140331/examples/plugin_behead_message.c
Examining data/qxw-20140331/dicts.h
Examining data/qxw-20140331/qxwplugin.h
Examining data/qxw-20140331/filler.h
Examining data/qxw-20140331/dicts.c
Examining data/qxw-20140331/common.h
FINAL RESULTS:
data/qxw-20140331/dicts.c:200:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memblkp->s+memblkl,s0);memblkl+=l0+1;
data/qxw-20140331/dicts.c:201:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(memblkp->s+memblkl,s1);memblkl+=l1+1;
data/qxw-20140331/dicts.c:324:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s0,sp); // UTF-8 form in s0
data/qxw-20140331/dicts.c:367:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfilter,dsfilters[dn]);
data/qxw-20140331/dicts.c:376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(afilter,dafilters[dn]);
data/qxw-20140331/dicts.c:426:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(owd) strcpy(t,dafilters[dn]);
data/qxw-20140331/dicts.c:478:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s0,sp);
data/qxw-20140331/dicts.c:483:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(error==NULL) {strcpy(s1,sp);} // ISO-8859-1 form in s1
data/qxw-20140331/dicts.c:615:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dfnames[0],defdictfn[i]);
data/qxw-20140331/dicts.c:617:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dfnames[0],defdictfn[i]);
data/qxw-20140331/dicts.c:744:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lmp->s+lml,s);lml+=l0;
data/qxw-20140331/dicts.c:996:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,s);
data/qxw-20140331/draw.c:991:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t0,a->cf);
data/qxw-20140331/draw.c:997:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(em>0) strcat(t0,lemdesc[lts[ln].em]);
data/qxw-20140331/draw.c:1287:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%%%%Title: %s generated by Qxw",fn);
data/qxw-20140331/draw.c:1350:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp,f?"<html><body><!-- ":"# ");
data/qxw-20140331/draw.c:1352:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp,f?" -->\n":"\n");
data/qxw-20140331/draw.c:1375:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(url,filename);
data/qxw-20140331/draw.c:1382:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url,f?"/solution":"/grid");
data/qxw-20140331/draw.c:1383:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url,f1==1?".svg":".png");
data/qxw-20140331/examples/plugin_behead.c:35:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(light,answer+1);
data/qxw-20140331/examples/plugin_behead_message.c:36:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(light,answer+1);
data/qxw-20140331/gui.c:149:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t,"Qxw: %s",titlebyauthor());
data/qxw-20140331/gui.c:191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t,"Filing system error: %s",s);
data/qxw-20140331/gui.c:197:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"\n Your work is not saved. \n Are you sure you want to %s? \n",action);
data/qxw-20140331/gui.c:242:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,filenamebase);
data/qxw-20140331/gui.c:782:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,
data/qxw-20140331/gui.c:1164:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t,strrchr(ext,'.'));
data/qxw-20140331/gui.c:1170:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,filetype);
data/qxw-20140331/gui.c:1181:31: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(strcmp(filenamebase,"")) strcpy(res,filenamebase);
data/qxw-20140331/gui.c:1183:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(res,ext);
data/qxw-20140331/gui.c:1184:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,res);
data/qxw-20140331/gui.c:1192:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res,p);
data/qxw-20140331/gui.c:1224:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(u) sprintf(s,"to %s lights: ",dname[gtype][i]);
data/qxw-20140331/gui.c:1499:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat(s,dafilters[i]);
data/qxw-20140331/gui.c:1504:50: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);}
data/qxw-20140331/gui.c:1505:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
else strcat(s,dfnames[i]);
data/qxw-20140331/gui.c:1521:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"Allow light to be entered _%s",lemdescADVP[i]);
data/qxw-20140331/gui.c:1765:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tdfnames[j],dfnames[j]);
data/qxw-20140331/gui.c:1768:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tdsfilters[j],dsfilters[j]);
data/qxw-20140331/gui.c:1771:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tdafilters[j],dafilters[j]);
data/qxw-20140331/gui.c:1777:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dfnames[j],tdfnames[j]);
data/qxw-20140331/gui.c:1778:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dsfilters[j],tdsfilters[j]);
data/qxw-20140331/gui.c:1779:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dafilters[j],tdafilters[j]);
data/qxw-20140331/gui.c:2063:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s,st_lucc[i]?"%d (%.1f%%)":" ",st_lucc[i],100.0*st_lucc[i]/st_lc[i]); gtk_label_set_text(GTK_LABEL(st_te[i][2]),s);
data/qxw-20140331/gui.c:2064:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s,st_locc[i]?"%d (%.1f%%)":" ",st_locc[i],100.0*st_locc[i]/st_lc[i]); gtk_label_set_text(GTK_LABEL(st_te[i][3]),s);
data/qxw-20140331/gui.c:2065:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s,st_lc[i]?"%.2f:%.2f:%.2f":" " ,1.0*st_lmnc[i]/i,1.0*st_lsc[i]/st_lc[i]/i,1.0*st_lmxc[i]/i); gtk_label_set_text(GTK_LABEL(st_te[i][4]),s);
data/qxw-20140331/gui.c:2241:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(p1," Feasible character%s: %s",(strlen(p0)==1)?"":"s",p0);
data/qxw-20140331/qxw.c:175:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,t);
data/qxw-20140331/qxw.c:1096:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,p->pw_dir);
data/qxw-20140331/qxw.c:1103:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(s,"%s %d",t,&u)==2) {
data/qxw-20140331/qxw.c:1133:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,p->pw_dir);
data/qxw-20140331/qxw.c:1271:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(strlen(s0)<=strlen(s1)) strcpy(s,s0); // choose shorter of the two representations
data/qxw-20140331/qxw.c:1272:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(s,s1);
data/qxw-20140331/qxw.c:1332:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(k=0;k<MAXNMK;k++) strcpy(p->mk[k],defaultmk(k));
data/qxw-20140331/qxw.c:1432:41: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filenamebase,pw->pw_dir),strcat(filenamebase,"/");;
data/qxw-20140331/qxw.c:1436:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(p) strcpy(p,DIR_SEP_STR);
data/qxw-20140331/qxw.c:1587:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(s,"TCST %d %d %s\n",&i,&j,s0)!=3) goto ew1;
data/qxw-20140331/qxw.c:1696:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(s,"SQCT %d %d %d %s\n",&i,&j,&d,s0)!=4) goto ew1;
data/qxw-20140331/qxw.c:1847:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(gtitle[0]) strcpy(t,gtitle);
data/qxw-20140331/qxw.c:1848:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if(filenamebase[0]) strcpy(t,filenamebase);
data/qxw-20140331/qxw.c:1850:35: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(gauthor[0]) strcat(t," by "),strcat(t,gauthor);
data/qxw-20140331/qxw.c:1877:43: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(strlen(optarg)<SLEN&&nd<MAXNDICTS) strcpy(dfnames[nd++],optarg);
data/qxw-20140331/qxw.c:1920:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,argv[optind]);
data/qxw-20140331/qxw.c:1861:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((int)time(0));
data/qxw-20140331/qxw.c:1874:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for(;;) switch(getopt(argc,argv,"d:?D:")) {
data/qxw-20140331/common.h:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mk[MAXNMK][MXMK+1]; // square corner mark strings in each direction
data/qxw-20140331/common.h:137:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ufhist[NL]; // histogram of unforced letters, in word's historder
data/qxw-20140331/common.h:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char poscnt[NL]; // number of positions where each unforced letter can go, in word's historder
data/qxw-20140331/common.h:214:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ltochar[NL];
data/qxw-20140331/common.h:236:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hist[NL]; // letter histogram
data/qxw-20140331/common.h:237:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char historder[NL]; // letters in descending order of histogram frequency
data/qxw-20140331/common.h:256:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tpifname[SLEN];
data/qxw-20140331/common.h:259:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char treatmsg[NMSG][MXLT+1];
data/qxw-20140331/common.h:263:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char treatmsgAZ[NMSG][MXLT+1];
data/qxw-20140331/common.h:264:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char treatmsgAZ09[NMSG][MXLT+1];
data/qxw-20140331/common.h:266:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char msgword[NMSG][MXFL+1]; // for "one-word dictionary" created for tagging
data/qxw-20140331/dicts.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chmap[256]="\
data/qxw-20140331/dicts.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nenc[12]; // name of encoding for g_convert()
data/qxw-20140331/dicts.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bom[4]; // potential byte order mark at start of file
data/qxw-20140331/dicts.c:100:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ltochar[NL];
data/qxw-20140331/dicts.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MEMBLK];
data/qxw-20140331/dicts.c:120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfnames[MAXNDICTS][SLEN];
data/qxw-20140331/dicts.c:121:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dsfilters[MAXNDICTS][SLEN];
data/qxw-20140331/dicts.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dafilters[MAXNDICTS][SLEN];
data/qxw-20140331/dicts.c:123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lemdesc[NLEM][LEMDESCLEN]={""," (rev.)"," (cyc.)"," (cyc., rev.)","*"};
data/qxw-20140331/dicts.c:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[SLEN],s1[SLEN];
data/qxw-20140331/dicts.c:338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[SLEN]; // citation form
data/qxw-20140331/dicts.c:339:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[SLEN]; // light form
data/qxw-20140331/dicts.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfilter[SLEN+1];
data/qxw-20140331/dicts.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char afilter[SLEN+1];
data/qxw-20140331/dicts.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bom[5];
data/qxw-20140331/dicts.c:372:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"Dictionary %d\nBad file filter syntax: %.100s",dn+1,pcreerr);
data/qxw-20140331/dicts.c:381:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"Dictionary %d\nBad answer filter syntax: %.100s",dn+1,pcreerr);
data/qxw-20140331/dicts.c:389:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(dfnames[dn],"rb"); // try first in binary mode
data/qxw-20140331/dicts.c:391:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"Dictionary %d\nFile not found",dn+1);
data/qxw-20140331/dicts.c:412:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"Dictionary %d\nCannot read file encoding:\ntry UTF-8 or ISO-8859-1 encoding",dn+1);
data/qxw-20140331/dicts.c:452:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"Dictionary %d\nFile not encoded in accordance with its BOM",dn+1);
data/qxw-20140331/dicts.c:471:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"Dictionary %d\nFile does not use a recognised encoding:\ntry UTF-8 or ISO-8859-1",dn+1);
data/qxw-20140331/dicts.c:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[SLEN];
data/qxw-20140331/dicts.c:528:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"No words available from any dictionary");
data/qxw-20140331/dicts.c:619:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dsfilters[0],"^.*+(?<!'s)");
data/qxw-20140331/dicts.c:634:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpifname[SLEN]="";
data/qxw-20140331/dicts.c:641:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treatmsg[NMSG][MXLT+1];
data/qxw-20140331/dicts.c:642:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treatmsgAZ[NMSG][MXLT+1];
data/qxw-20140331/dicts.c:643:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treatmsgAZ09[NMSG][MXLT+1];
data/qxw-20140331/dicts.c:644:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgchar[NMSG];
data/qxw-20140331/dicts.c:645:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgcharAZ[NMSG];
data/qxw-20140331/dicts.c:646:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgcharAZ09[NMSG];
data/qxw-20140331/dicts.c:659:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char psq[25];
data/qxw-20140331/dicts.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MXFL+1]; // curten should never be set when adding msgword[]:s (got from msglprop); as MXLE+NMSG<=MXFL this never overflows
data/qxw-20140331/dicts.c:782:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t,s,l);
data/qxw-20140331/dicts.c:783:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(curten) memcpy(t+l,msgcharAZ09,NMSG),l+=NMSG; // append tag characters if any
data/qxw-20140331/dicts.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[MXFL+1];
data/qxw-20140331/dicts.c:909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MXLE+2]; // enough for "insert single character"
data/qxw-20140331/dicts.c:1133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*l,tfl,ntfl*sizeof(int));
data/qxw-20140331/dicts.h:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dfnames[MAXNDICTS][SLEN];
data/qxw-20140331/dicts.h:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dsfilters[MAXNDICTS][SLEN];
data/qxw-20140331/dicts.h:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char dafilters[MAXNDICTS][SLEN];
data/qxw-20140331/dicts.h:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char lemdesc[NLEM][LEMDESCLEN];
data/qxw-20140331/draw.c:120:83: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ctext(cairo_t*cc,char*s,double x,double y,double h,int fs,int ocm) {int i,m; char t[2]; double u;
data/qxw-20140331/draw.c:576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MXCT*MAXNDIR+1];
data/qxw-20140331/draw.c:813:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void drawnums(cairo_t*cc) {int c,i,x,y,n; double sc; char s[MXMK+1];
data/qxw-20140331/draw.c:823:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(s,"%d",cwperm[chartol[i]]+1);
data/qxw-20140331/draw.c:827:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",n);
data/qxw-20140331/draw.c:856:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/draw.c:984:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t0+wlen,": ");
data/qxw-20140331/draw.c:990:67: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if((int)strlen(t0)+(int)strlen(a->cf)+2>t0l-LEMDESCLEN-10) {strcat(t0,"...");break;}
data/qxw-20140331/draw.c:992:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(a->acf) strcat(t0,", ");
data/qxw-20140331/draw.c:1008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/draw.c:1009:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[MXLE+1];
data/qxw-20140331/draw.c:1010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t0[MXFL*3+100];
data/qxw-20140331/draw.c:1025:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(n>0) sprintf(s,"%d",n);
data/qxw-20140331/draw.c:1072:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"w");
data/qxw-20140331/draw.c:1128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MXMK+1];
data/qxw-20140331/draw.c:1136:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",n);
data/qxw-20140331/draw.c:1149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAXNDIR*MXCT+1];
data/qxw-20140331/draw.c:1265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/qxw-20140331/draw.c:1282:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fn,"w");
data/qxw-20140331/draw.c:1291:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fn,"w");
data/qxw-20140331/draw.c:1348:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"w");
data/qxw-20140331/draw.c:1374:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void a_exporthp(int f,int f0,int f1) {char url[SLEN+200];
data/qxw-20140331/draw.c:1376:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(url,"_files");
data/qxw-20140331/filler.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MXFL+1];
data/qxw-20140331/filler.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[MXFL+1],r[MXFL+1],*t;
data/qxw-20140331/filler.c:184:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hi[NL];
data/qxw-20140331/filler.c:246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jbm,bm,m*sizeof(ABM));
data/qxw-20140331/gui.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[SLEN+50]; // result from filedia()
data/qxw-20140331/gui.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenamebase[SLEN]; // base to use for constructing default filenames
data/qxw-20140331/gui.c:148:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void setwintitle() {char t[SLEN*3];
data/qxw-20140331/gui.c:185:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fserror() {char s[SLEN],t[SLEN*2];
data/qxw-20140331/gui.c:187:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(strerror_s(s,SLEN,errno)) strcpy(s,"general error"); // Windows version of threadsafe strerror()
data/qxw-20140331/gui.c:189:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(strerror_r(errno,s,SLEN)) strcpy(s,"general error");
data/qxw-20140331/gui.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/qxw-20140331/gui.c:207:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/qxw-20140331/gui.c:243:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".qxw");
data/qxw-20140331/gui.c:249:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void m_exportvls(GtkWidget*w,gpointer data) {char t[SLEN+50]; if(filedia(t,"Export free light paths",".fl.txt","Plain text",1)) a_exportvls(t);}
data/qxw-20140331/gui.c:250:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void m_importvls(GtkWidget*w,gpointer data) {char t[SLEN+50]; if(filedia(t,"Import free light paths",".fl.txt","Plain text",0)) a_importvls(t);}
data/qxw-20140331/gui.c:686:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsq[i][j].ctbm[0],gsq[i][j].ctbm[k],sizeof(p));
data/qxw-20140331/gui.c:687:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsq[i][j].ctbm[k],p,sizeof(p));
data/qxw-20140331/gui.c:781:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void m_helpabout(GtkWidget*w,gpointer data) {char s[2560];
data/qxw-20140331/gui.c:1171:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(t," files");
data/qxw-20140331/gui.c:1182:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(res,"untitled");
data/qxw-20140331/gui.c:1203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100],t[MXCT*(NL+4)];
data/qxw-20140331/gui.c:1225:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(s,"Contents of cell: ");
data/qxw-20140331/gui.c:1467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/gui.c:1493:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Use dictionary _%d (",i+1);
data/qxw-20140331/gui.c:1495:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(strlen(dafilters[i])==0) strcat(s,"<empty>");
data/qxw-20140331/gui.c:1498:66: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(strlen(dafilters[i])>25) {strncat(s,dafilters[i],22); strcat(s,"...");}
data/qxw-20140331/gui.c:1504:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);}
data/qxw-20140331/gui.c:1594:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[(NL+4)*MXFL+1],*p;
data/qxw-20140331/gui.c:1692:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Error loading custom plug-in\n%.200s",p);
data/qxw-20140331/gui.c:1726:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/gui.c:1727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdfnames[MAXNDICTS][SLEN]; // Temporary versions of dictionary names, etc
data/qxw-20140331/gui.c:1728:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdsfilters[MAXNDICTS][SLEN];
data/qxw-20140331/gui.c:1729:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdafilters[MAXNDICTS][SLEN];
data/qxw-20140331/gui.c:1740:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"<b>%d</b>",i+1);
data/qxw-20140331/gui.c:1904:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for(i=0,p=s;i<vls[v].l;i++) sprintf(p,"%d,%d\n",vls[v].x[i],vls[v].y[i]),p+=strlen(p);
data/qxw-20140331/gui.c:1942:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vls[v].x,x,i*sizeof(int));
data/qxw-20140331/gui.c:1943:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vls[v].y,y,i*sizeof(int));
data/qxw-20140331/gui.c:2056:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/gui.c:2061:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",i); gtk_label_set_text(GTK_LABEL(st_te[i][0]),s);
data/qxw-20140331/gui.c:2062:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d",st_lc[i]); gtk_label_set_text(GTK_LABEL(st_te[i][1]),s);
data/qxw-20140331/gui.c:2070:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," Total lights: %d",nw); gtk_label_set_text(GTK_LABEL(st_r[0]),s);
data/qxw-20140331/gui.c:2071:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(nw>0) sprintf(s," Mean length: %.1f",(double)nc/nw);
data/qxw-20140331/gui.c:2072:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (s," Mean length: -"); gtk_label_set_text(GTK_LABEL(st_r[1]),s);
data/qxw-20140331/gui.c:2073:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(nc>0 ) sprintf(s," Checked light letters: %d/%d (%.1f%%)",st_sc,nc,100.0*st_sc/nc);
data/qxw-20140331/gui.c:2074:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (s," Checked light letters: -"); gtk_label_set_text(GTK_LABEL(st_r[2]),s);
data/qxw-20140331/gui.c:2075:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(ne0>0) sprintf(s," Checked grid cells: %d/%d (%.1f%%)",st_ce,ne0,100.0*st_ce/ne0);
data/qxw-20140331/gui.c:2076:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (s," Checked grid cells: -"); gtk_label_set_text(GTK_LABEL(st_r[3]),s);
data/qxw-20140331/gui.c:2077:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," Lights with double unches: %d",st_2u-st_3u); gtk_label_set_text(GTK_LABEL(st_r[4]),s);
data/qxw-20140331/gui.c:2078:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," Lights with triple, quadruple etc. unches: %d",st_3u); gtk_label_set_text(GTK_LABEL(st_r[5]),s);
data/qxw-20140331/gui.c:2079:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," Lights too long for filler: %d",st_tlf); gtk_label_set_text(GTK_LABEL(st_r[6]),s);
data/qxw-20140331/gui.c:2080:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," Total free lights: %d",nvl); gtk_label_set_text(GTK_LABEL(st_r[7]),s);
data/qxw-20140331/gui.c:2081:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s," Free lights too long for filler: %d",st_vltlf); gtk_label_set_text(GTK_LABEL(st_r[8]),s);
data/qxw-20140331/gui.c:2082:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(st_tmtlf) sprintf(s," There are too many treated lights to use filler discretionary modes");
data/qxw-20140331/gui.c:2083:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(s," ");
data/qxw-20140331/gui.c:2098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/gui.c:2117:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d (%.1f%%)",v,(v*100.0)/u);
data/qxw-20140331/gui.c:2224:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void updatefeas(void) {int i; char t0[MXFL*3+100],t1[MXLE+50],*u[2],p0[SLEN],p1[SLEN];
data/qxw-20140331/gui.c:2234:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t1,"%+.1f",log10(ansp[lts[llistp[i]].ans]->score)); // negative ans values cannot occur here
data/qxw-20140331/gui.c:2240:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(strlen(p0)==0) sprintf(p1," No feasible characters");
data/qxw-20140331/gui.h:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char filename[SLEN+50];
data/qxw-20140331/gui.h:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char filenamebase[SLEN];
data/qxw-20140331/qxw.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gtitle[SLEN]="";
data/qxw-20140331/qxw.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gauthor[SLEN]="";
data/qxw-20140331/qxw.c:103:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char log2lut[65536];
data/qxw-20140331/qxw.c:617:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgword[NMSG][MXFL+1];
data/qxw-20140331/qxw.c:736:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unch[MXLE];
data/qxw-20140331/qxw.c:1083:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN],t[SLEN];
data/qxw-20140331/qxw.c:1088:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s,"\\Qxw\\Qxw.ini");
data/qxw-20140331/qxw.c:1097:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s,"/.qxw/preferences");
data/qxw-20140331/qxw.c:1101:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(s,"r");if(!fp) return;
data/qxw-20140331/qxw.c:1119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN];
data/qxw-20140331/qxw.c:1123:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s,"\\Qxw");
data/qxw-20140331/qxw.c:1125:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s,"\\Qxw.ini");
data/qxw-20140331/qxw.c:1134:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s,"/.qxw");
data/qxw-20140331/qxw.c:1136:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s,"/preferences");
data/qxw-20140331/qxw.c:1140:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(s,"w");if(!fp) return;
data/qxw-20140331/qxw.c:1160:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char utpifname[UNDOS][SLEN];
data/qxw-20140331/qxw.c:1163:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char utreatmsg[UNDOS][NMSG][MXLT+1];
data/qxw-20140331/qxw.c:1172:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define USAVE(p) memcpy(u##p+uhead,p,sizeof(p))
data/qxw-20140331/qxw.c:1173:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define USAVES(p) memcpy(u##p+uhead,&p,sizeof(p))
data/qxw-20140331/qxw.c:1262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[NL+4],s1[NL+4];
data/qxw-20140331/qxw.c:1439:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filenamebase,"untitled");
data/qxw-20140331/qxw.c:1452:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p,s[SLEN*4],s0[SLEN*4],*t,c;
data/qxw-20140331/qxw.c:1460:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"r");
data/qxw-20140331/qxw.c:1502:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(s[5]=='v'&&isdigit(s[6])&&atoi(s+6)>SAVE_VERSION) wf=1; // check if the file was saved using a newer version
data/qxw-20140331/qxw.c:1705:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"Error loading custom plug-in\n%.100s",p);
data/qxw-20140331/qxw.c:1726:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,s0[MXCT*(NL+4)];
data/qxw-20140331/qxw.c:1731:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(filename,"w");
data/qxw-20140331/qxw.c:1784:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[SLEN*4];
data/qxw-20140331/qxw.c:1789:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fn,"r");
data/qxw-20140331/qxw.c:1816:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vls,tvls,d*sizeof(struct vl));
data/qxw-20140331/qxw.c:1828:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fn,"w");
data/qxw-20140331/qxw.c:1846:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char*titlebyauthor(void) {static char t[SLEN*2+100];
data/qxw-20140331/qxw.c:1849:28: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(t,"(untitled)");
data/qxw-20140331/qxw.c:1850:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(gauthor[0]) strcat(t," by "),strcat(t,gauthor);
data/qxw-20140331/qxw.c:1879:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'D':debug=atoi(optarg);break;
data/qxw-20140331/qxw.c:1993:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(llist,p,l*sizeof(int));
data/qxw-20140331/qxw.h:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char gtitle[SLEN];
data/qxw-20140331/qxw.h:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char gauthor[SLEN];
data/qxw-20140331/qxwplugin.h:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char light[MXLE+1];
data/qxw-20140331/dicts.c:167:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(s0);
data/qxw-20140331/dicts.c:207:69: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int getint(FILE*fp,int n) { int i,u; for(i=0,u=0;i<n;i++) u+=fgetc(fp)<<(i*8); return u; }
data/qxw-20140331/dicts.c:299:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(j==8) {j=0;c=fgetc(fp);if(c==EOF) return -1;}
data/qxw-20140331/dicts.c:315:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(j==8) {j=0;c=fgetc(fp);if(c==EOF) return -1;} // skip a zero bit for some reason
data/qxw-20140331/dicts.c:431:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(t)-1;
data/qxw-20140331/dicts.c:437:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(j==0||t[j-1]!=' ') j=strlen(t); // all digits, or no space? treat it as a 'word'
data/qxw-20140331/dicts.c:550:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[k].cf =p->s+l; l+=strlen(p->s+l)+1;
data/qxw-20140331/dicts.c:552:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans[k].ul =p->s+l; l+=strlen(p->s+l)+1;
data/qxw-20140331/dicts.c:623:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dfnames[0],""),strcpy(dsfilters[0],"");
data/qxw-20140331/dicts.c:623:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dfnames[0],""),strcpy(dsfilters[0],"");
data/qxw-20140331/dicts.c:677:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n=strlen(l->s);
data/qxw-20140331/dicts.c:698:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len0=strlen(s);
data/qxw-20140331/dicts.c:722:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1=strlen(lts[l].s);
data/qxw-20140331/dicts.c:732:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(s)+1;
data/qxw-20140331/dicts.c:780:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(s);
data/qxw-20140331/dicts.c:804:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(s);
data/qxw-20140331/dicts.c:910:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(s);
data/qxw-20140331/dicts.c:931:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(treatmsgAZ09[0]);
data/qxw-20140331/dicts.c:942:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(treatmsgAZ09[0]);
data/qxw-20140331/dicts.c:956:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(treatmsgAZ09[0]);
data/qxw-20140331/dicts.c:985:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(treatmsg[0]);
data/qxw-20140331/dicts.c:986:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1=strlen(treatmsg[1]);
data/qxw-20140331/dicts.c:1096:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(clueorderindex<(int)strlen(treatmsg [i])) msgchar [i]=treatmsg [i][clueorderindex]; else msgchar [i]='-';
data/qxw-20140331/dicts.c:1097:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(clueorderindex<(int)strlen(treatmsgAZ [i])) msgcharAZ [i]=treatmsgAZ [i][clueorderindex]; else msgcharAZ [i]='-';
data/qxw-20140331/dicts.c:1098:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(clueorderindex<(int)strlen(treatmsgAZ09[i])) msgcharAZ09[i]=treatmsgAZ09[i][clueorderindex]; else msgcharAZ09[i]='-';
data/qxw-20140331/dicts.c:1101:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(ntw>(int)strlen(treatmsgAZ09[i])) mfl[i]|=ABM_DASH; // add in "-" if message not long enough
data/qxw-20140331/draw.c:129:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m=strlen(s);
data/qxw-20140331/draw.c:597:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<nd;i++) abmstodispstr(s+strlen(s),sq->ctbm[i],sq->ctlen[i]);
data/qxw-20140331/draw.c:598:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(s); if(l<1) l=1;
data/qxw-20140331/draw.c:822:26: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(i==0||i==' ') strcpy(s,"-");
data/qxw-20140331/draw.c:983:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t0,lts[ln].s,wlen);
data/qxw-20140331/draw.c:990:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((int)strlen(t0)+(int)strlen(a->cf)+2>t0l-LEMDESCLEN-10) {strcat(t0,"...");break;}
data/qxw-20140331/draw.c:990:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((int)strlen(t0)+(int)strlen(a->cf)+2>t0l-LEMDESCLEN-10) {strcat(t0,"...");break;}
data/qxw-20140331/draw.c:1026:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(s,"-"); // unnumbered light
data/qxw-20140331/draw.c:1045:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (html==0) fprintf(fp," (%d)\n",(int)strlen(t));
data/qxw-20140331/draw.c:1046:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(html==1) fprintf(fp," (%d)<br>\n",(int)strlen(t));
data/qxw-20140331/draw.c:1048:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(html==3) fprintf(fp," (%d)</td></tr>\n",(int)strlen(t)); // answer and length
data/qxw-20140331/draw.c:1177:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(k=0;k<nd;k++) abmstodispstr(s+strlen(s),gsq[i][j].ctbm[k],gsq[i][j].ctlen[k]);
data/qxw-20140331/draw.c:1178:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(s);
data/qxw-20140331/gui.c:155:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filenamebase,s,SLEN-1);filenamebase[SLEN-1]='\0';
data/qxw-20140331/gui.c:156:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filenamebase)>=4&&!strcmp(filenamebase+strlen(filenamebase)-4,".qxw")) filenamebase[strlen(filenamebase)-4]='\0';
data/qxw-20140331/gui.c:156:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filenamebase)>=4&&!strcmp(filenamebase+strlen(filenamebase)-4,".qxw")) filenamebase[strlen(filenamebase)-4]='\0';
data/qxw-20140331/gui.c:156:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filenamebase)>=4&&!strcmp(filenamebase+strlen(filenamebase)-4,".qxw")) filenamebase[strlen(filenamebase)-4]='\0';
data/qxw-20140331/gui.c:216:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filenamebase,"");
data/qxw-20140331/gui.c:1095:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0=strlen(lts[llistp[row]].s);
data/qxw-20140331/gui.c:1163:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(t,"*");
data/qxw-20140331/gui.c:1191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(p)>SLEN) {reperr("Filename too long");goto ew0;}
data/qxw-20140331/gui.c:1194:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(res,"");
data/qxw-20140331/gui.c:1435:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sps[j]->mk[d],gtk_entry_get_text(GTK_ENTRY(sprop_mke[d])),MXMK);
data/qxw-20140331/gui.c:1494:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dfnames[i])==0) {
data/qxw-20140331/gui.c:1495:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dafilters[i])==0) strcat(s,"<empty>");
data/qxw-20140331/gui.c:1497:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s,"\"");
data/qxw-20140331/gui.c:1498:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dafilters[i])>25) {strncat(s,dafilters[i],22); strcat(s,"...");}
data/qxw-20140331/gui.c:1498:38: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if(strlen(dafilters[i])>25) {strncat(s,dafilters[i],22); strcat(s,"...");}
data/qxw-20140331/gui.c:1500:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s,"\"");
data/qxw-20140331/gui.c:1504:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);}
data/qxw-20140331/gui.c:1504:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);}
data/qxw-20140331/gui.c:1507:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s,")");
data/qxw-20140331/gui.c:1640:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(s);
data/qxw-20140331/gui.c:1675:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tpifname,gtk_entry_get_text(GTK_ENTRY(treat_f)),SLEN-1);
data/qxw-20140331/gui.c:1679:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(treatmsg[i],gtk_entry_get_text(GTK_ENTRY(e[i])),SLEN-1);
data/qxw-20140331/gui.c:1766:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dfnames[j],gtk_entry_get_text(GTK_ENTRY(dictl_e[j])),SLEN-1);
data/qxw-20140331/gui.c:1769:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsfilters[j],gtk_entry_get_text(GTK_ENTRY(f0[j])),SLEN-1);
data/qxw-20140331/gui.c:1772:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dafilters[j],gtk_entry_get_text(GTK_ENTRY(f1[j])),SLEN-1);
data/qxw-20140331/gui.c:1872:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gtitle ,gtk_entry_get_text(GTK_ENTRY(ttl)),SLEN-1); gtitle [SLEN-1]=0;
data/qxw-20140331/gui.c:1874:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gauthor,gtk_entry_get_text(GTK_ENTRY(aut)),SLEN-1); gauthor[SLEN-1]=0;
data/qxw-20140331/gui.c:1904:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0,p=s;i<vls[v].l;i++) sprintf(p,"%d,%d\n",vls[v].x[i],vls[v].y[i]),p+=strlen(p);
data/qxw-20140331/gui.c:2238:37: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(gsq[curx][cury].e0->flbm==0) strcpy(p0,"");
data/qxw-20140331/gui.c:2240:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(p0)==0) sprintf(p1," No feasible characters");
data/qxw-20140331/gui.c:2241:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else sprintf(p1," Feasible character%s: %s",(strlen(p0)==1)?"":"s",p0);
data/qxw-20140331/qxw.c:162:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s,"");
data/qxw-20140331/qxw.c:846:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msgword[i],treatmsgAZ09[i],l); // truncate message if necessary
data/qxw-20140331/qxw.c:850:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
words[nw].wlen=strlen(msgword[i]);
data/qxw-20140331/qxw.c:853:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
words[nw].wlen=strlen(msgword[i]);
data/qxw-20140331/qxw.c:856:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=strlen(msgword[i]);j<l;j++) msgword[i][j]='-'; // pad message if necessary
data/qxw-20140331/qxw.c:1095:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(p->pw_dir)>SLEN-20) return;
data/qxw-20140331/qxw.c:1132:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(p->pw_dir)>SLEN-20) return;
data/qxw-20140331/qxw.c:1264:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(b==ABM_ALL) {strcpy(s,"?"); return;}
data/qxw-20140331/qxw.c:1265:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(b==ABM_ALNUM) {strcpy(s,"."); return;}
data/qxw-20140331/qxw.c:1266:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(b==ABM_VOW) {strcpy(s,"@"); return;}
data/qxw-20140331/qxw.c:1267:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(b==ABM_CON) {strcpy(s,"#"); return;}
data/qxw-20140331/qxw.c:1271:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s0)<=strlen(s1)) strcpy(s,s0); // choose shorter of the two representations
data/qxw-20140331/qxw.c:1271:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s0)<=strlen(s1)) strcpy(s,s0); // choose shorter of the two representations
data/qxw-20140331/qxw.c:1284:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<l;i++) abmtostr(s,*b++,dash),s+=strlen(s);
data/qxw-20140331/qxw.c:1426:79: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(SHGetFolderPath(NULL, CSIDL_MYDOCUMENTS, NULL, 0, filenamebase)==S_OK) strcat(filenamebase,"\\");
data/qxw-20140331/qxw.c:1427:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(filenamebase,"");
data/qxw-20140331/qxw.c:1431:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!pw||strlen(pw->pw_dir)>SLEN-20) strcpy(filenamebase,"");
data/qxw-20140331/qxw.c:1431:41: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(!pw||strlen(pw->pw_dir)>SLEN-20) strcpy(filenamebase,"");
data/qxw-20140331/qxw.c:1432:73: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcpy(filenamebase,pw->pw_dir),strcat(filenamebase,"/");;
data/qxw-20140331/qxw.c:1437:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(filenamebase,"");
data/qxw-20140331/qxw.c:1448:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NEXTL {if(!fgets(s,SLEN*4-1,fp)) goto ew3; l=strlen(s); while(l>0&&!isprint(s[l-1])) s[--l]='\0';}
data/qxw-20140331/qxw.c:1493:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=fgetc(fp);
data/qxw-20140331/qxw.c:1497:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fp)!='\n') goto ew1;
data/qxw-20140331/qxw.c:1517:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gtitle,s+1,SLEN-1);
data/qxw-20140331/qxw.c:1524:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gauthor,s+1,SLEN-1);
data/qxw-20140331/qxw.c:1555:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsp.mk[k],s+1,MXMK);
data/qxw-20140331/qxw.c:1570:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tpifname,s+1,SLEN-1);
data/qxw-20140331/qxw.c:1581:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(treatmsg[t0],s+1,SLEN-1);
data/qxw-20140331/qxw.c:1597:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dfnames[j],s+1,SLEN-1);
data/qxw-20140331/qxw.c:1607:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dsfilters[j],s+1,SLEN-1);
data/qxw-20140331/qxw.c:1617:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dafilters[j],s+1,SLEN-1);
data/qxw-20140331/qxw.c:1657:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gsq[i][j].sp.mk[k],s+1,MXMK);
data/qxw-20140331/qxw.c:1801:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(s); while(l>0&&!isprint(s[l-1])) s[--l]='\0';
data/qxw-20140331/qxw.c:1868:28: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(i=0;i<MAXNDICTS;i++) strcpy(dsfilters[i],"");
data/qxw-20140331/qxw.c:1869:28: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(i=0;i<MAXNDICTS;i++) strcpy(dafilters[i],"");
data/qxw-20140331/qxw.c:1877:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(optarg)<SLEN&&nd<MAXNDICTS) strcpy(dfnames[nd++],optarg);
data/qxw-20140331/qxw.c:1919:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(optind<argc&&strlen(argv[optind])<SLEN) {
data/qxw-20140331/qxw.c:1925:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filenamebase,"");
ANALYSIS SUMMARY:
Hits = 351
Lines analyzed = 8930 in approximately 0.40 seconds (22361 lines/second)
Physical Source Lines of Code (SLOC) = 7305
Hits@level = [0] 325 [1] 108 [2] 177 [3] 2 [4] 64 [5] 0
Hits@level+ = [0+] 676 [1+] 351 [2+] 243 [3+] 66 [4+] 64 [5+] 0
Hits/KSLOC@level+ = [0+] 92.5394 [1+] 48.0493 [2+] 33.2649 [3+] 9.03491 [4+] 8.76112 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.