Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/qxw-20140331/draw.c Examining data/qxw-20140331/qxw.c Examining data/qxw-20140331/draw.h Examining data/qxw-20140331/filler.c Examining data/qxw-20140331/gui.h Examining data/qxw-20140331/gui.c Examining data/qxw-20140331/qxw.h Examining data/qxw-20140331/examples/plugin_behead.c Examining data/qxw-20140331/examples/plugin_behead_message.c Examining data/qxw-20140331/dicts.h Examining data/qxw-20140331/qxwplugin.h Examining data/qxw-20140331/filler.h Examining data/qxw-20140331/dicts.c Examining data/qxw-20140331/common.h FINAL RESULTS: data/qxw-20140331/dicts.c:200:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(memblkp->s+memblkl,s0);memblkl+=l0+1; data/qxw-20140331/dicts.c:201:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(memblkp->s+memblkl,s1);memblkl+=l1+1; data/qxw-20140331/dicts.c:324:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s0,sp); // UTF-8 form in s0 data/qxw-20140331/dicts.c:367:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sfilter,dsfilters[dn]); data/qxw-20140331/dicts.c:376:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(afilter,dafilters[dn]); data/qxw-20140331/dicts.c:426:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(owd) strcpy(t,dafilters[dn]); data/qxw-20140331/dicts.c:478:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s0,sp); data/qxw-20140331/dicts.c:483:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(error==NULL) {strcpy(s1,sp);} // ISO-8859-1 form in s1 data/qxw-20140331/dicts.c:615:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dfnames[0],defdictfn[i]); data/qxw-20140331/dicts.c:617:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dfnames[0],defdictfn[i]); data/qxw-20140331/dicts.c:744:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lmp->s+lml,s);lml+=l0; data/qxw-20140331/dicts.c:996:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t,s); data/qxw-20140331/draw.c:991:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(t0,a->cf); data/qxw-20140331/draw.c:997:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if(em>0) strcat(t0,lemdesc[lts[ln].em]); data/qxw-20140331/draw.c:1287:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s,"%%%%Title: %s generated by Qxw",fn); data/qxw-20140331/draw.c:1350:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp,f?"<html><body><!-- ":"# "); data/qxw-20140331/draw.c:1352:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp,f?" -->\n":"\n"); data/qxw-20140331/draw.c:1375:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(url,filename); data/qxw-20140331/draw.c:1382:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(url,f?"/solution":"/grid"); data/qxw-20140331/draw.c:1383:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(url,f1==1?".svg":".png"); data/qxw-20140331/examples/plugin_behead.c:35:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(light,answer+1); data/qxw-20140331/examples/plugin_behead_message.c:36:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(light,answer+1); data/qxw-20140331/gui.c:149:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t,"Qxw: %s",titlebyauthor()); data/qxw-20140331/gui.c:191:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t,"Filing system error: %s",s); data/qxw-20140331/gui.c:197:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s,"\n Your work is not saved. \n Are you sure you want to %s? \n",action); data/qxw-20140331/gui.c:242:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,filenamebase); data/qxw-20140331/gui.c:782:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, data/qxw-20140331/gui.c:1164:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(t,strrchr(ext,'.')); data/qxw-20140331/gui.c:1170:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t,filetype); data/qxw-20140331/gui.c:1181:31: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(strcmp(filenamebase,"")) strcpy(res,filenamebase); data/qxw-20140331/gui.c:1183:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(res,ext); data/qxw-20140331/gui.c:1184:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t,res); data/qxw-20140331/gui.c:1192:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(res,p); data/qxw-20140331/gui.c:1224:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if(u) sprintf(s,"to %s lights: ",dname[gtype][i]); data/qxw-20140331/gui.c:1499:14: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat(s,dafilters[i]); data/qxw-20140331/gui.c:1504:50: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);} data/qxw-20140331/gui.c:1505:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat(s,dfnames[i]); data/qxw-20140331/gui.c:1521:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s,"Allow light to be entered _%s",lemdescADVP[i]); data/qxw-20140331/gui.c:1765:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tdfnames[j],dfnames[j]); data/qxw-20140331/gui.c:1768:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tdsfilters[j],dsfilters[j]); data/qxw-20140331/gui.c:1771:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tdafilters[j],dafilters[j]); data/qxw-20140331/gui.c:1777:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dfnames[j],tdfnames[j]); data/qxw-20140331/gui.c:1778:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dsfilters[j],tdsfilters[j]); data/qxw-20140331/gui.c:1779:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dafilters[j],tdafilters[j]); data/qxw-20140331/gui.c:2063:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s,st_lucc[i]?"%d (%.1f%%)":" ",st_lucc[i],100.0*st_lucc[i]/st_lc[i]); gtk_label_set_text(GTK_LABEL(st_te[i][2]),s); data/qxw-20140331/gui.c:2064:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s,st_locc[i]?"%d (%.1f%%)":" ",st_locc[i],100.0*st_locc[i]/st_lc[i]); gtk_label_set_text(GTK_LABEL(st_te[i][3]),s); data/qxw-20140331/gui.c:2065:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s,st_lc[i]?"%.2f:%.2f:%.2f":" " ,1.0*st_lmnc[i]/i,1.0*st_lsc[i]/st_lc[i]/i,1.0*st_lmxc[i]/i); gtk_label_set_text(GTK_LABEL(st_te[i][4]),s); data/qxw-20140331/gui.c:2241:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(p1," Feasible character%s: %s",(strlen(p0)==1)?"":"s",p0); data/qxw-20140331/qxw.c:175:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s,t); data/qxw-20140331/qxw.c:1096:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s,p->pw_dir); data/qxw-20140331/qxw.c:1103:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if(sscanf(s,"%s %d",t,&u)==2) { data/qxw-20140331/qxw.c:1133:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s,p->pw_dir); data/qxw-20140331/qxw.c:1271:30: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(strlen(s0)<=strlen(s1)) strcpy(s,s0); // choose shorter of the two representations data/qxw-20140331/qxw.c:1272:30: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(s,s1); data/qxw-20140331/qxw.c:1332:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). for(k=0;k<MAXNMK;k++) strcpy(p->mk[k],defaultmk(k)); data/qxw-20140331/qxw.c:1432:41: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(filenamebase,pw->pw_dir),strcat(filenamebase,"/");; data/qxw-20140331/qxw.c:1436:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(p) strcpy(p,DIR_SEP_STR); data/qxw-20140331/qxw.c:1587:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if(sscanf(s,"TCST %d %d %s\n",&i,&j,s0)!=3) goto ew1; data/qxw-20140331/qxw.c:1696:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if(sscanf(s,"SQCT %d %d %d %s\n",&i,&j,&d,s0)!=4) goto ew1; data/qxw-20140331/qxw.c:1847:28: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(gtitle[0]) strcpy(t,gtitle); data/qxw-20140331/qxw.c:1848:28: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else if(filenamebase[0]) strcpy(t,filenamebase); data/qxw-20140331/qxw.c:1850:35: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if(gauthor[0]) strcat(t," by "),strcat(t,gauthor); data/qxw-20140331/qxw.c:1877:43: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(strlen(optarg)<SLEN&&nd<MAXNDICTS) strcpy(dfnames[nd++],optarg); data/qxw-20140331/qxw.c:1920:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,argv[optind]); data/qxw-20140331/qxw.c:1861:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((int)time(0)); data/qxw-20140331/qxw.c:1874:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. for(;;) switch(getopt(argc,argv,"d:?D:")) { data/qxw-20140331/common.h:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mk[MAXNMK][MXMK+1]; // square corner mark strings in each direction data/qxw-20140331/common.h:137:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ufhist[NL]; // histogram of unforced letters, in word's historder data/qxw-20140331/common.h:138:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char poscnt[NL]; // number of positions where each unforced letter can go, in word's historder data/qxw-20140331/common.h:214:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char ltochar[NL]; data/qxw-20140331/common.h:236:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hist[NL]; // letter histogram data/qxw-20140331/common.h:237:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char historder[NL]; // letters in descending order of histogram frequency data/qxw-20140331/common.h:256:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tpifname[SLEN]; data/qxw-20140331/common.h:259:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char treatmsg[NMSG][MXLT+1]; data/qxw-20140331/common.h:263:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char treatmsgAZ[NMSG][MXLT+1]; data/qxw-20140331/common.h:264:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char treatmsgAZ09[NMSG][MXLT+1]; data/qxw-20140331/common.h:266:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char msgword[NMSG][MXFL+1]; // for "one-word dictionary" created for tagging data/qxw-20140331/dicts.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chmap[256]="\ data/qxw-20140331/dicts.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nenc[12]; // name of encoding for g_convert() data/qxw-20140331/dicts.c:85:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bom[4]; // potential byte order mark at start of file data/qxw-20140331/dicts.c:100:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ltochar[NL]; data/qxw-20140331/dicts.c:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MEMBLK]; data/qxw-20140331/dicts.c:120:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dfnames[MAXNDICTS][SLEN]; data/qxw-20140331/dicts.c:121:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsfilters[MAXNDICTS][SLEN]; data/qxw-20140331/dicts.c:122:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dafilters[MAXNDICTS][SLEN]; data/qxw-20140331/dicts.c:123:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lemdesc[NLEM][LEMDESCLEN]={""," (rev.)"," (cyc.)"," (cyc., rev.)","*"}; data/qxw-20140331/dicts.c:241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s0[SLEN],s1[SLEN]; data/qxw-20140331/dicts.c:338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s0[SLEN]; // citation form data/qxw-20140331/dicts.c:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[SLEN]; // light form data/qxw-20140331/dicts.c:347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sfilter[SLEN+1]; data/qxw-20140331/dicts.c:348:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char afilter[SLEN+1]; data/qxw-20140331/dicts.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bom[5]; data/qxw-20140331/dicts.c:372:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"Dictionary %d\nBad file filter syntax: %.100s",dn+1,pcreerr); data/qxw-20140331/dicts.c:381:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"Dictionary %d\nBad answer filter syntax: %.100s",dn+1,pcreerr); data/qxw-20140331/dicts.c:389:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(dfnames[dn],"rb"); // try first in binary mode data/qxw-20140331/dicts.c:391:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"Dictionary %d\nFile not found",dn+1); data/qxw-20140331/dicts.c:412:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"Dictionary %d\nCannot read file encoding:\ntry UTF-8 or ISO-8859-1 encoding",dn+1); data/qxw-20140331/dicts.c:452:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"Dictionary %d\nFile not encoded in accordance with its BOM",dn+1); data/qxw-20140331/dicts.c:471:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"Dictionary %d\nFile does not use a recognised encoding:\ntry UTF-8 or ISO-8859-1",dn+1); data/qxw-20140331/dicts.c:513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[SLEN]; data/qxw-20140331/dicts.c:528:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t,"No words available from any dictionary"); data/qxw-20140331/dicts.c:619:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dsfilters[0],"^.*+(?<!'s)"); data/qxw-20140331/dicts.c:634:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpifname[SLEN]=""; data/qxw-20140331/dicts.c:641:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char treatmsg[NMSG][MXLT+1]; data/qxw-20140331/dicts.c:642:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char treatmsgAZ[NMSG][MXLT+1]; data/qxw-20140331/dicts.c:643:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char treatmsgAZ09[NMSG][MXLT+1]; data/qxw-20140331/dicts.c:644:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgchar[NMSG]; data/qxw-20140331/dicts.c:645:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgcharAZ[NMSG]; data/qxw-20140331/dicts.c:646:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgcharAZ09[NMSG]; data/qxw-20140331/dicts.c:659:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char psq[25]; data/qxw-20140331/dicts.c:778:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[MXFL+1]; // curten should never be set when adding msgword[]:s (got from msglprop); as MXLE+NMSG<=MXFL this never overflows data/qxw-20140331/dicts.c:782:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t,s,l); data/qxw-20140331/dicts.c:783:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(curten) memcpy(t+l,msgcharAZ09,NMSG),l+=NMSG; // append tag characters if any data/qxw-20140331/dicts.c:801:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s0[MXFL+1]; data/qxw-20140331/dicts.c:909:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[MXLE+2]; // enough for "insert single character" data/qxw-20140331/dicts.c:1133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*l,tfl,ntfl*sizeof(int)); data/qxw-20140331/dicts.h:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char dfnames[MAXNDICTS][SLEN]; data/qxw-20140331/dicts.h:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char dsfilters[MAXNDICTS][SLEN]; data/qxw-20140331/dicts.h:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char dafilters[MAXNDICTS][SLEN]; data/qxw-20140331/dicts.h:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char lemdesc[NLEM][LEMDESCLEN]; data/qxw-20140331/draw.c:120:83: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ctext(cairo_t*cc,char*s,double x,double y,double h,int fs,int ocm) {int i,m; char t[2]; double u; data/qxw-20140331/draw.c:576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MXCT*MAXNDIR+1]; data/qxw-20140331/draw.c:813:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void drawnums(cairo_t*cc) {int c,i,x,y,n; double sc; char s[MXMK+1]; data/qxw-20140331/draw.c:823:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(s,"%d",cwperm[chartol[i]]+1); data/qxw-20140331/draw.c:827:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d",n); data/qxw-20140331/draw.c:856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/draw.c:984:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(t0+wlen,": "); data/qxw-20140331/draw.c:990:67: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if((int)strlen(t0)+(int)strlen(a->cf)+2>t0l-LEMDESCLEN-10) {strcat(t0,"...");break;} data/qxw-20140331/draw.c:992:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(a->acf) strcat(t0,", "); data/qxw-20140331/draw.c:1008:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/draw.c:1009:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[MXLE+1]; data/qxw-20140331/draw.c:1010:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t0[MXFL*3+100]; data/qxw-20140331/draw.c:1025:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(n>0) sprintf(s,"%d",n); data/qxw-20140331/draw.c:1072:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(filename,"w"); data/qxw-20140331/draw.c:1128:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MXMK+1]; data/qxw-20140331/draw.c:1136:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d",n); data/qxw-20140331/draw.c:1149:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MAXNDIR*MXCT+1]; data/qxw-20140331/draw.c:1265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/qxw-20140331/draw.c:1282:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(fn,"w"); data/qxw-20140331/draw.c:1291:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(fn,"w"); data/qxw-20140331/draw.c:1348:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(filename,"w"); data/qxw-20140331/draw.c:1374:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void a_exporthp(int f,int f0,int f1) {char url[SLEN+200]; data/qxw-20140331/draw.c:1376:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(url,"_files"); data/qxw-20140331/filler.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MXFL+1]; data/qxw-20140331/filler.c:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[MXFL+1],r[MXFL+1],*t; data/qxw-20140331/filler.c:184:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hi[NL]; data/qxw-20140331/filler.c:246:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jbm,bm,m*sizeof(ABM)); data/qxw-20140331/gui.c:50:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[SLEN+50]; // result from filedia() data/qxw-20140331/gui.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filenamebase[SLEN]; // base to use for constructing default filenames data/qxw-20140331/gui.c:148:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void setwintitle() {char t[SLEN*3]; data/qxw-20140331/gui.c:185:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void fserror() {char s[SLEN],t[SLEN*2]; data/qxw-20140331/gui.c:187:34: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if(strerror_s(s,SLEN,errno)) strcpy(s,"general error"); // Windows version of threadsafe strerror() data/qxw-20140331/gui.c:189:34: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if(strerror_r(errno,s,SLEN)) strcpy(s,"general error"); data/qxw-20140331/gui.c:196:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/qxw-20140331/gui.c:207:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(filename,"r"); data/qxw-20140331/gui.c:243:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename,".qxw"); data/qxw-20140331/gui.c:249:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void m_exportvls(GtkWidget*w,gpointer data) {char t[SLEN+50]; if(filedia(t,"Export free light paths",".fl.txt","Plain text",1)) a_exportvls(t);} data/qxw-20140331/gui.c:250:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void m_importvls(GtkWidget*w,gpointer data) {char t[SLEN+50]; if(filedia(t,"Import free light paths",".fl.txt","Plain text",0)) a_importvls(t);} data/qxw-20140331/gui.c:686:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsq[i][j].ctbm[0],gsq[i][j].ctbm[k],sizeof(p)); data/qxw-20140331/gui.c:687:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsq[i][j].ctbm[k],p,sizeof(p)); data/qxw-20140331/gui.c:781:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void m_helpabout(GtkWidget*w,gpointer data) {char s[2560]; data/qxw-20140331/gui.c:1171:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(t," files"); data/qxw-20140331/gui.c:1182:31: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(res,"untitled"); data/qxw-20140331/gui.c:1203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[100],t[MXCT*(NL+4)]; data/qxw-20140331/gui.c:1225:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(s,"Contents of cell: "); data/qxw-20140331/gui.c:1467:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/gui.c:1493:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"Use dictionary _%d (",i+1); data/qxw-20140331/gui.c:1495:35: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(strlen(dafilters[i])==0) strcat(s,"<empty>"); data/qxw-20140331/gui.c:1498:66: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(strlen(dafilters[i])>25) {strncat(s,dafilters[i],22); strcat(s,"...");} data/qxw-20140331/gui.c:1504:34: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);} data/qxw-20140331/gui.c:1594:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[(NL+4)*MXFL+1],*p; data/qxw-20140331/gui.c:1692:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"Error loading custom plug-in\n%.200s",p); data/qxw-20140331/gui.c:1726:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/gui.c:1727:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tdfnames[MAXNDICTS][SLEN]; // Temporary versions of dictionary names, etc data/qxw-20140331/gui.c:1728:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tdsfilters[MAXNDICTS][SLEN]; data/qxw-20140331/gui.c:1729:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tdafilters[MAXNDICTS][SLEN]; data/qxw-20140331/gui.c:1740:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"<b>%d</b>",i+1); data/qxw-20140331/gui.c:1904:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. for(i=0,p=s;i<vls[v].l;i++) sprintf(p,"%d,%d\n",vls[v].x[i],vls[v].y[i]),p+=strlen(p); data/qxw-20140331/gui.c:1942:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vls[v].x,x,i*sizeof(int)); data/qxw-20140331/gui.c:1943:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vls[v].y,y,i*sizeof(int)); data/qxw-20140331/gui.c:2056:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/gui.c:2061:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d",i); gtk_label_set_text(GTK_LABEL(st_te[i][0]),s); data/qxw-20140331/gui.c:2062:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d",st_lc[i]); gtk_label_set_text(GTK_LABEL(st_te[i][1]),s); data/qxw-20140331/gui.c:2070:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s," Total lights: %d",nw); gtk_label_set_text(GTK_LABEL(st_r[0]),s); data/qxw-20140331/gui.c:2071:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(nw>0) sprintf(s," Mean length: %.1f",(double)nc/nw); data/qxw-20140331/gui.c:2072:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (s," Mean length: -"); gtk_label_set_text(GTK_LABEL(st_r[1]),s); data/qxw-20140331/gui.c:2073:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(nc>0 ) sprintf(s," Checked light letters: %d/%d (%.1f%%)",st_sc,nc,100.0*st_sc/nc); data/qxw-20140331/gui.c:2074:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (s," Checked light letters: -"); gtk_label_set_text(GTK_LABEL(st_r[2]),s); data/qxw-20140331/gui.c:2075:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(ne0>0) sprintf(s," Checked grid cells: %d/%d (%.1f%%)",st_ce,ne0,100.0*st_ce/ne0); data/qxw-20140331/gui.c:2076:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (s," Checked grid cells: -"); gtk_label_set_text(GTK_LABEL(st_r[3]),s); data/qxw-20140331/gui.c:2077:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s," Lights with double unches: %d",st_2u-st_3u); gtk_label_set_text(GTK_LABEL(st_r[4]),s); data/qxw-20140331/gui.c:2078:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s," Lights with triple, quadruple etc. unches: %d",st_3u); gtk_label_set_text(GTK_LABEL(st_r[5]),s); data/qxw-20140331/gui.c:2079:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s," Lights too long for filler: %d",st_tlf); gtk_label_set_text(GTK_LABEL(st_r[6]),s); data/qxw-20140331/gui.c:2080:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s," Total free lights: %d",nvl); gtk_label_set_text(GTK_LABEL(st_r[7]),s); data/qxw-20140331/gui.c:2081:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s," Free lights too long for filler: %d",st_vltlf); gtk_label_set_text(GTK_LABEL(st_r[8]),s); data/qxw-20140331/gui.c:2082:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(st_tmtlf) sprintf(s," There are too many treated lights to use filler discretionary modes"); data/qxw-20140331/gui.c:2083:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(s," "); data/qxw-20140331/gui.c:2098:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/gui.c:2117:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d (%.1f%%)",v,(v*100.0)/u); data/qxw-20140331/gui.c:2224:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void updatefeas(void) {int i; char t0[MXFL*3+100],t1[MXLE+50],*u[2],p0[SLEN],p1[SLEN]; data/qxw-20140331/gui.c:2234:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t1,"%+.1f",log10(ansp[lts[llistp[i]].ans]->score)); // negative ans values cannot occur here data/qxw-20140331/gui.c:2240:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(strlen(p0)==0) sprintf(p1," No feasible characters"); data/qxw-20140331/gui.h:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char filename[SLEN+50]; data/qxw-20140331/gui.h:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char filenamebase[SLEN]; data/qxw-20140331/qxw.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gtitle[SLEN]=""; data/qxw-20140331/qxw.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gauthor[SLEN]=""; data/qxw-20140331/qxw.c:103:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char log2lut[65536]; data/qxw-20140331/qxw.c:617:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgword[NMSG][MXFL+1]; data/qxw-20140331/qxw.c:736:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char unch[MXLE]; data/qxw-20140331/qxw.c:1083:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN],t[SLEN]; data/qxw-20140331/qxw.c:1088:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s,"\\Qxw\\Qxw.ini"); data/qxw-20140331/qxw.c:1097:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s,"/.qxw/preferences"); data/qxw-20140331/qxw.c:1101:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(s,"r");if(!fp) return; data/qxw-20140331/qxw.c:1119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN]; data/qxw-20140331/qxw.c:1123:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s,"\\Qxw"); data/qxw-20140331/qxw.c:1125:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s,"\\Qxw.ini"); data/qxw-20140331/qxw.c:1134:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s,"/.qxw"); data/qxw-20140331/qxw.c:1136:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(s,"/preferences"); data/qxw-20140331/qxw.c:1140:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(s,"w");if(!fp) return; data/qxw-20140331/qxw.c:1160:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char utpifname[UNDOS][SLEN]; data/qxw-20140331/qxw.c:1163:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char utreatmsg[UNDOS][NMSG][MXLT+1]; data/qxw-20140331/qxw.c:1172:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define USAVE(p) memcpy(u##p+uhead,p,sizeof(p)) data/qxw-20140331/qxw.c:1173:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define USAVES(p) memcpy(u##p+uhead,&p,sizeof(p)) data/qxw-20140331/qxw.c:1262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s0[NL+4],s1[NL+4]; data/qxw-20140331/qxw.c:1439:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filenamebase,"untitled"); data/qxw-20140331/qxw.c:1452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p,s[SLEN*4],s0[SLEN*4],*t,c; data/qxw-20140331/qxw.c:1460:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(filename,"r"); data/qxw-20140331/qxw.c:1502:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(s[5]=='v'&&isdigit(s[6])&&atoi(s+6)>SAVE_VERSION) wf=1; // check if the file was saved using a newer version data/qxw-20140331/qxw.c:1705:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"Error loading custom plug-in\n%.100s",p); data/qxw-20140331/qxw.c:1726:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c,s0[MXCT*(NL+4)]; data/qxw-20140331/qxw.c:1731:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(filename,"w"); data/qxw-20140331/qxw.c:1784:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[SLEN*4]; data/qxw-20140331/qxw.c:1789:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(fn,"r"); data/qxw-20140331/qxw.c:1816:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vls,tvls,d*sizeof(struct vl)); data/qxw-20140331/qxw.c:1828:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(fn,"w"); data/qxw-20140331/qxw.c:1846:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char*titlebyauthor(void) {static char t[SLEN*2+100]; data/qxw-20140331/qxw.c:1849:28: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(t,"(untitled)"); data/qxw-20140331/qxw.c:1850:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(gauthor[0]) strcat(t," by "),strcat(t,gauthor); data/qxw-20140331/qxw.c:1879:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'D':debug=atoi(optarg);break; data/qxw-20140331/qxw.c:1993:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(llist,p,l*sizeof(int)); data/qxw-20140331/qxw.h:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char gtitle[SLEN]; data/qxw-20140331/qxw.h:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char gauthor[SLEN]; data/qxw-20140331/qxwplugin.h:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char light[MXLE+1]; data/qxw-20140331/dicts.c:167:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(s0); data/qxw-20140331/dicts.c:207:69: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static int getint(FILE*fp,int n) { int i,u; for(i=0,u=0;i<n;i++) u+=fgetc(fp)<<(i*8); return u; } data/qxw-20140331/dicts.c:299:25: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(j==8) {j=0;c=fgetc(fp);if(c==EOF) return -1;} data/qxw-20140331/dicts.c:315:25: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(j==8) {j=0;c=fgetc(fp);if(c==EOF) return -1;} // skip a zero bit for some reason data/qxw-20140331/dicts.c:431:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j=strlen(t)-1; data/qxw-20140331/dicts.c:437:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(j==0||t[j-1]!=' ') j=strlen(t); // all digits, or no space? treat it as a 'word' data/qxw-20140331/dicts.c:550:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ans[k].cf =p->s+l; l+=strlen(p->s+l)+1; data/qxw-20140331/dicts.c:552:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ans[k].ul =p->s+l; l+=strlen(p->s+l)+1; data/qxw-20140331/dicts.c:623:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dfnames[0],""),strcpy(dsfilters[0],""); data/qxw-20140331/dicts.c:623:25: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dfnames[0],""),strcpy(dsfilters[0],""); data/qxw-20140331/dicts.c:677:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n=strlen(l->s); data/qxw-20140331/dicts.c:698:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len0=strlen(s); data/qxw-20140331/dicts.c:722:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1=strlen(lts[l].s); data/qxw-20140331/dicts.c:732:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(s)+1; data/qxw-20140331/dicts.c:780:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(s); data/qxw-20140331/dicts.c:804:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(s); data/qxw-20140331/dicts.c:910:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(s); data/qxw-20140331/dicts.c:931:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(treatmsgAZ09[0]); data/qxw-20140331/dicts.c:942:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(treatmsgAZ09[0]); data/qxw-20140331/dicts.c:956:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(treatmsgAZ09[0]); data/qxw-20140331/dicts.c:985:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(treatmsg[0]); data/qxw-20140331/dicts.c:986:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1=strlen(treatmsg[1]); data/qxw-20140331/dicts.c:1096:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(clueorderindex<(int)strlen(treatmsg [i])) msgchar [i]=treatmsg [i][clueorderindex]; else msgchar [i]='-'; data/qxw-20140331/dicts.c:1097:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(clueorderindex<(int)strlen(treatmsgAZ [i])) msgcharAZ [i]=treatmsgAZ [i][clueorderindex]; else msgcharAZ [i]='-'; data/qxw-20140331/dicts.c:1098:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(clueorderindex<(int)strlen(treatmsgAZ09[i])) msgcharAZ09[i]=treatmsgAZ09[i][clueorderindex]; else msgcharAZ09[i]='-'; data/qxw-20140331/dicts.c:1101:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(ntw>(int)strlen(treatmsgAZ09[i])) mfl[i]|=ABM_DASH; // add in "-" if message not long enough data/qxw-20140331/draw.c:129:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m=strlen(s); data/qxw-20140331/draw.c:597:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0;i<nd;i++) abmstodispstr(s+strlen(s),sq->ctbm[i],sq->ctlen[i]); data/qxw-20140331/draw.c:598:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(s); if(l<1) l=1; data/qxw-20140331/draw.c:822:26: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(i==0||i==' ') strcpy(s,"-"); data/qxw-20140331/draw.c:983:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t0,lts[ln].s,wlen); data/qxw-20140331/draw.c:990:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)strlen(t0)+(int)strlen(a->cf)+2>t0l-LEMDESCLEN-10) {strcat(t0,"...");break;} data/qxw-20140331/draw.c:990:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)strlen(t0)+(int)strlen(a->cf)+2>t0l-LEMDESCLEN-10) {strcat(t0,"...");break;} data/qxw-20140331/draw.c:1026:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(s,"-"); // unnumbered light data/qxw-20140331/draw.c:1045:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (html==0) fprintf(fp," (%d)\n",(int)strlen(t)); data/qxw-20140331/draw.c:1046:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(html==1) fprintf(fp," (%d)<br>\n",(int)strlen(t)); data/qxw-20140331/draw.c:1048:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(html==3) fprintf(fp," (%d)</td></tr>\n",(int)strlen(t)); // answer and length data/qxw-20140331/draw.c:1177:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k=0;k<nd;k++) abmstodispstr(s+strlen(s),gsq[i][j].ctbm[k],gsq[i][j].ctlen[k]); data/qxw-20140331/draw.c:1178:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(s); data/qxw-20140331/gui.c:155:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filenamebase,s,SLEN-1);filenamebase[SLEN-1]='\0'; data/qxw-20140331/gui.c:156:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(filenamebase)>=4&&!strcmp(filenamebase+strlen(filenamebase)-4,".qxw")) filenamebase[strlen(filenamebase)-4]='\0'; data/qxw-20140331/gui.c:156:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(filenamebase)>=4&&!strcmp(filenamebase+strlen(filenamebase)-4,".qxw")) filenamebase[strlen(filenamebase)-4]='\0'; data/qxw-20140331/gui.c:156:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(filenamebase)>=4&&!strcmp(filenamebase+strlen(filenamebase)-4,".qxw")) filenamebase[strlen(filenamebase)-4]='\0'; data/qxw-20140331/gui.c:216:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(filenamebase,""); data/qxw-20140331/gui.c:1095:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0=strlen(lts[llistp[row]].s); data/qxw-20140331/gui.c:1163:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(t,"*"); data/qxw-20140331/gui.c:1191:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p)>SLEN) {reperr("Filename too long");goto ew0;} data/qxw-20140331/gui.c:1194:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(res,""); data/qxw-20140331/gui.c:1435:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sps[j]->mk[d],gtk_entry_get_text(GTK_ENTRY(sprop_mke[d])),MXMK); data/qxw-20140331/gui.c:1494:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dfnames[i])==0) { data/qxw-20140331/gui.c:1495:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dafilters[i])==0) strcat(s,"<empty>"); data/qxw-20140331/gui.c:1497:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(s,"\""); data/qxw-20140331/gui.c:1498:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dafilters[i])>25) {strncat(s,dafilters[i],22); strcat(s,"...");} data/qxw-20140331/gui.c:1498:38: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. if(strlen(dafilters[i])>25) {strncat(s,dafilters[i],22); strcat(s,"...");} data/qxw-20140331/gui.c:1500:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(s,"\""); data/qxw-20140331/gui.c:1504:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);} data/qxw-20140331/gui.c:1504:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(dfnames[i])>25) {strcat(s,"...");strcat(s,dfnames[i]+strlen(dfnames[i])-22);} data/qxw-20140331/gui.c:1507:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(s,")"); data/qxw-20140331/gui.c:1640:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j=strlen(s); data/qxw-20140331/gui.c:1675:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpifname,gtk_entry_get_text(GTK_ENTRY(treat_f)),SLEN-1); data/qxw-20140331/gui.c:1679:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(treatmsg[i],gtk_entry_get_text(GTK_ENTRY(e[i])),SLEN-1); data/qxw-20140331/gui.c:1766:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dfnames[j],gtk_entry_get_text(GTK_ENTRY(dictl_e[j])),SLEN-1); data/qxw-20140331/gui.c:1769:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dsfilters[j],gtk_entry_get_text(GTK_ENTRY(f0[j])),SLEN-1); data/qxw-20140331/gui.c:1772:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dafilters[j],gtk_entry_get_text(GTK_ENTRY(f1[j])),SLEN-1); data/qxw-20140331/gui.c:1872:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gtitle ,gtk_entry_get_text(GTK_ENTRY(ttl)),SLEN-1); gtitle [SLEN-1]=0; data/qxw-20140331/gui.c:1874:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gauthor,gtk_entry_get_text(GTK_ENTRY(aut)),SLEN-1); gauthor[SLEN-1]=0; data/qxw-20140331/gui.c:1904:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0,p=s;i<vls[v].l;i++) sprintf(p,"%d,%d\n",vls[v].x[i],vls[v].y[i]),p+=strlen(p); data/qxw-20140331/gui.c:2238:37: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(gsq[curx][cury].e0->flbm==0) strcpy(p0,""); data/qxw-20140331/gui.c:2240:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p0)==0) sprintf(p1," No feasible characters"); data/qxw-20140331/gui.c:2241:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else sprintf(p1," Feasible character%s: %s",(strlen(p0)==1)?"":"s",p0); data/qxw-20140331/qxw.c:162:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s,""); data/qxw-20140331/qxw.c:846:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msgword[i],treatmsgAZ09[i],l); // truncate message if necessary data/qxw-20140331/qxw.c:850:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). words[nw].wlen=strlen(msgword[i]); data/qxw-20140331/qxw.c:853:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). words[nw].wlen=strlen(msgword[i]); data/qxw-20140331/qxw.c:856:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(j=strlen(msgword[i]);j<l;j++) msgword[i][j]='-'; // pad message if necessary data/qxw-20140331/qxw.c:1095:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p->pw_dir)>SLEN-20) return; data/qxw-20140331/qxw.c:1132:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(p->pw_dir)>SLEN-20) return; data/qxw-20140331/qxw.c:1264:19: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(b==ABM_ALL) {strcpy(s,"?"); return;} data/qxw-20140331/qxw.c:1265:21: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(b==ABM_ALNUM) {strcpy(s,"."); return;} data/qxw-20140331/qxw.c:1266:19: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(b==ABM_VOW) {strcpy(s,"@"); return;} data/qxw-20140331/qxw.c:1267:19: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(b==ABM_CON) {strcpy(s,"#"); return;} data/qxw-20140331/qxw.c:1271:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(s0)<=strlen(s1)) strcpy(s,s0); // choose shorter of the two representations data/qxw-20140331/qxw.c:1271:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(s0)<=strlen(s1)) strcpy(s,s0); // choose shorter of the two representations data/qxw-20140331/qxw.c:1284:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0;i<l;i++) abmtostr(s,*b++,dash),s+=strlen(s); data/qxw-20140331/qxw.c:1426:79: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if(SHGetFolderPath(NULL, CSIDL_MYDOCUMENTS, NULL, 0, filenamebase)==S_OK) strcat(filenamebase,"\\"); data/qxw-20140331/qxw.c:1427:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(filenamebase,""); data/qxw-20140331/qxw.c:1431:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!pw||strlen(pw->pw_dir)>SLEN-20) strcpy(filenamebase,""); data/qxw-20140331/qxw.c:1431:41: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if(!pw||strlen(pw->pw_dir)>SLEN-20) strcpy(filenamebase,""); data/qxw-20140331/qxw.c:1432:73: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. else strcpy(filenamebase,pw->pw_dir),strcat(filenamebase,"/");; data/qxw-20140331/qxw.c:1437:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(filenamebase,""); data/qxw-20140331/qxw.c:1448:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define NEXTL {if(!fgets(s,SLEN*4-1,fp)) goto ew3; l=strlen(s); while(l>0&&!isprint(s[l-1])) s[--l]='\0';} data/qxw-20140331/qxw.c:1493:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(fp); data/qxw-20140331/qxw.c:1497:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(fgetc(fp)!='\n') goto ew1; data/qxw-20140331/qxw.c:1517:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gtitle,s+1,SLEN-1); data/qxw-20140331/qxw.c:1524:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gauthor,s+1,SLEN-1); data/qxw-20140331/qxw.c:1555:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dsp.mk[k],s+1,MXMK); data/qxw-20140331/qxw.c:1570:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpifname,s+1,SLEN-1); data/qxw-20140331/qxw.c:1581:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(treatmsg[t0],s+1,SLEN-1); data/qxw-20140331/qxw.c:1597:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dfnames[j],s+1,SLEN-1); data/qxw-20140331/qxw.c:1607:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dsfilters[j],s+1,SLEN-1); data/qxw-20140331/qxw.c:1617:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dafilters[j],s+1,SLEN-1); data/qxw-20140331/qxw.c:1657:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(gsq[i][j].sp.mk[k],s+1,MXMK); data/qxw-20140331/qxw.c:1801:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(s); while(l>0&&!isprint(s[l-1])) s[--l]='\0'; data/qxw-20140331/qxw.c:1868:28: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. for(i=0;i<MAXNDICTS;i++) strcpy(dsfilters[i],""); data/qxw-20140331/qxw.c:1869:28: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. for(i=0;i<MAXNDICTS;i++) strcpy(dafilters[i],""); data/qxw-20140331/qxw.c:1877:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(optarg)<SLEN&&nd<MAXNDICTS) strcpy(dfnames[nd++],optarg); data/qxw-20140331/qxw.c:1919:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(optind<argc&&strlen(argv[optind])<SLEN) { data/qxw-20140331/qxw.c:1925:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(filenamebase,""); ANALYSIS SUMMARY: Hits = 351 Lines analyzed = 8930 in approximately 0.40 seconds (22361 lines/second) Physical Source Lines of Code (SLOC) = 7305 Hits@level = [0] 325 [1] 108 [2] 177 [3] 2 [4] 64 [5] 0 Hits@level+ = [0+] 676 [1+] 351 [2+] 243 [3+] 66 [4+] 64 [5+] 0 Hits/KSLOC@level+ = [0+] 92.5394 [1+] 48.0493 [2+] 33.2649 [3+] 9.03491 [4+] 8.76112 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.