Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sane-backends-1.0.31/backend/abaton.c
Examining data/sane-backends-1.0.31/backend/abaton.h
Examining data/sane-backends-1.0.31/backend/agfafocus.c
Examining data/sane-backends-1.0.31/backend/agfafocus.h
Examining data/sane-backends-1.0.31/backend/apple.h
Examining data/sane-backends-1.0.31/backend/artec.c
Examining data/sane-backends-1.0.31/backend/artec.h
Examining data/sane-backends-1.0.31/backend/artec_eplus48u.c
Examining data/sane-backends-1.0.31/backend/artec_eplus48u.h
Examining data/sane-backends-1.0.31/backend/as6e.c
Examining data/sane-backends-1.0.31/backend/as6e.h
Examining data/sane-backends-1.0.31/backend/avision.c
Examining data/sane-backends-1.0.31/backend/avision.h
Examining data/sane-backends-1.0.31/backend/bh.c
Examining data/sane-backends-1.0.31/backend/bh.h
Examining data/sane-backends-1.0.31/backend/canon-sane.c
Examining data/sane-backends-1.0.31/backend/canon-scsi.c
Examining data/sane-backends-1.0.31/backend/canon.c
Examining data/sane-backends-1.0.31/backend/canon.h
Examining data/sane-backends-1.0.31/backend/canon630u-common.c
Examining data/sane-backends-1.0.31/backend/canon_dr-cmd.h
Examining data/sane-backends-1.0.31/backend/canon_dr.c
Examining data/sane-backends-1.0.31/backend/canon_dr.h
Examining data/sane-backends-1.0.31/backend/canon_lide70-common.c
Examining data/sane-backends-1.0.31/backend/canon_lide70.c
Examining data/sane-backends-1.0.31/backend/canon_pp-dev.c
Examining data/sane-backends-1.0.31/backend/canon_pp-dev.h
Examining data/sane-backends-1.0.31/backend/canon_pp-io.c
Examining data/sane-backends-1.0.31/backend/canon_pp-io.h
Examining data/sane-backends-1.0.31/backend/canon_pp.h
Examining data/sane-backends-1.0.31/backend/cardscan.c
Examining data/sane-backends-1.0.31/backend/cardscan.h
Examining data/sane-backends-1.0.31/backend/coolscan-scsidef.h
Examining data/sane-backends-1.0.31/backend/coolscan.c
Examining data/sane-backends-1.0.31/backend/coolscan.h
Examining data/sane-backends-1.0.31/backend/coolscan2.c
Examining data/sane-backends-1.0.31/backend/coolscan3.c
Examining data/sane-backends-1.0.31/backend/dc210.c
Examining data/sane-backends-1.0.31/backend/dc210.h
Examining data/sane-backends-1.0.31/backend/dc240.c
Examining data/sane-backends-1.0.31/backend/dc240.h
Examining data/sane-backends-1.0.31/backend/dc25.c
Examining data/sane-backends-1.0.31/backend/dc25.h
Examining data/sane-backends-1.0.31/backend/dmc.c
Examining data/sane-backends-1.0.31/backend/dmc.h
Examining data/sane-backends-1.0.31/backend/epjitsu-cmd.h
Examining data/sane-backends-1.0.31/backend/epjitsu.c
Examining data/sane-backends-1.0.31/backend/epjitsu.h
Examining data/sane-backends-1.0.31/backend/epson.c
Examining data/sane-backends-1.0.31/backend/epson.h
Examining data/sane-backends-1.0.31/backend/epson2-cct.c
Examining data/sane-backends-1.0.31/backend/epson2-commands.c
Examining data/sane-backends-1.0.31/backend/epson2-commands.h
Examining data/sane-backends-1.0.31/backend/epson2-io.c
Examining data/sane-backends-1.0.31/backend/epson2-io.h
Examining data/sane-backends-1.0.31/backend/epson2-ops.c
Examining data/sane-backends-1.0.31/backend/epson2-ops.h
Examining data/sane-backends-1.0.31/backend/epson2.h
Examining data/sane-backends-1.0.31/backend/epson2_net.c
Examining data/sane-backends-1.0.31/backend/epson2_net.h
Examining data/sane-backends-1.0.31/backend/epson2_scsi.c
Examining data/sane-backends-1.0.31/backend/epson2_scsi.h
Examining data/sane-backends-1.0.31/backend/epson2_usb.c
Examining data/sane-backends-1.0.31/backend/epson_scsi.c
Examining data/sane-backends-1.0.31/backend/epson_scsi.h
Examining data/sane-backends-1.0.31/backend/epson_usb.c
Examining data/sane-backends-1.0.31/backend/epson_usb.h
Examining data/sane-backends-1.0.31/backend/epsonds-cmd.c
Examining data/sane-backends-1.0.31/backend/epsonds-cmd.h
Examining data/sane-backends-1.0.31/backend/epsonds-io.c
Examining data/sane-backends-1.0.31/backend/epsonds-io.h
Examining data/sane-backends-1.0.31/backend/epsonds-jpeg.c
Examining data/sane-backends-1.0.31/backend/epsonds-jpeg.h
Examining data/sane-backends-1.0.31/backend/epsonds-net.c
Examining data/sane-backends-1.0.31/backend/epsonds-net.h
Examining data/sane-backends-1.0.31/backend/epsonds-ops.c
Examining data/sane-backends-1.0.31/backend/epsonds-ops.h
Examining data/sane-backends-1.0.31/backend/epsonds-usb.c
Examining data/sane-backends-1.0.31/backend/epsonds-usb.h
Examining data/sane-backends-1.0.31/backend/epsonds.h
Examining data/sane-backends-1.0.31/backend/escl/escl_crop.c
Examining data/sane-backends-1.0.31/backend/escl/escl_devices.c
Examining data/sane-backends-1.0.31/backend/escl/escl_jpeg.c
Examining data/sane-backends-1.0.31/backend/escl/escl_mupdf.c
Examining data/sane-backends-1.0.31/backend/escl/escl_newjob.c
Examining data/sane-backends-1.0.31/backend/escl/escl_pdf.c
Examining data/sane-backends-1.0.31/backend/escl/escl_png.c
Examining data/sane-backends-1.0.31/backend/escl/escl_reset.c
Examining data/sane-backends-1.0.31/backend/escl/escl_scan.c
Examining data/sane-backends-1.0.31/backend/escl/escl_status.c
Examining data/sane-backends-1.0.31/backend/escl/escl_tiff.c
Examining data/sane-backends-1.0.31/backend/escl/escl_capabilities.c
Examining data/sane-backends-1.0.31/backend/escl/escl.h
Examining data/sane-backends-1.0.31/backend/escl/escl.c
Examining data/sane-backends-1.0.31/backend/fujitsu-scsi.h
Examining data/sane-backends-1.0.31/backend/fujitsu.c
Examining data/sane-backends-1.0.31/backend/fujitsu.h
Examining data/sane-backends-1.0.31/backend/genesys/calibration.h
Examining data/sane-backends-1.0.31/backend/genesys/command_set.h
Examining data/sane-backends-1.0.31/backend/genesys/command_set_common.cpp
Examining data/sane-backends-1.0.31/backend/genesys/command_set_common.h
Examining data/sane-backends-1.0.31/backend/genesys/device.cpp
Examining data/sane-backends-1.0.31/backend/genesys/device.h
Examining data/sane-backends-1.0.31/backend/genesys/enums.cpp
Examining data/sane-backends-1.0.31/backend/genesys/enums.h
Examining data/sane-backends-1.0.31/backend/genesys/error.cpp
Examining data/sane-backends-1.0.31/backend/genesys/error.h
Examining data/sane-backends-1.0.31/backend/genesys/fwd.h
Examining data/sane-backends-1.0.31/backend/genesys/genesys.h
Examining data/sane-backends-1.0.31/backend/genesys/gl124.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl124.h
Examining data/sane-backends-1.0.31/backend/genesys/gl124_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/gl646.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl646.h
Examining data/sane-backends-1.0.31/backend/genesys/gl646_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/gl841.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl841.h
Examining data/sane-backends-1.0.31/backend/genesys/gl841_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/gl842.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl842.h
Examining data/sane-backends-1.0.31/backend/genesys/gl842_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/gl843.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl843.h
Examining data/sane-backends-1.0.31/backend/genesys/gl843_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/gl846.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl846.h
Examining data/sane-backends-1.0.31/backend/genesys/gl846_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/gl847.cpp
Examining data/sane-backends-1.0.31/backend/genesys/gl847.h
Examining data/sane-backends-1.0.31/backend/genesys/gl847_registers.h
Examining data/sane-backends-1.0.31/backend/genesys/image.cpp
Examining data/sane-backends-1.0.31/backend/genesys/image.h
Examining data/sane-backends-1.0.31/backend/genesys/image_buffer.cpp
Examining data/sane-backends-1.0.31/backend/genesys/image_buffer.h
Examining data/sane-backends-1.0.31/backend/genesys/image_pipeline.cpp
Examining data/sane-backends-1.0.31/backend/genesys/image_pipeline.h
Examining data/sane-backends-1.0.31/backend/genesys/image_pixel.cpp
Examining data/sane-backends-1.0.31/backend/genesys/image_pixel.h
Examining data/sane-backends-1.0.31/backend/genesys/low.cpp
Examining data/sane-backends-1.0.31/backend/genesys/low.h
Examining data/sane-backends-1.0.31/backend/genesys/motor.cpp
Examining data/sane-backends-1.0.31/backend/genesys/motor.h
Examining data/sane-backends-1.0.31/backend/genesys/register.h
Examining data/sane-backends-1.0.31/backend/genesys/register_cache.h
Examining data/sane-backends-1.0.31/backend/genesys/row_buffer.h
Examining data/sane-backends-1.0.31/backend/genesys/scanner_interface.cpp
Examining data/sane-backends-1.0.31/backend/genesys/scanner_interface.h
Examining data/sane-backends-1.0.31/backend/genesys/scanner_interface_usb.cpp
Examining data/sane-backends-1.0.31/backend/genesys/scanner_interface_usb.h
Examining data/sane-backends-1.0.31/backend/genesys/sensor.cpp
Examining data/sane-backends-1.0.31/backend/genesys/sensor.h
Examining data/sane-backends-1.0.31/backend/genesys/serialize.cpp
Examining data/sane-backends-1.0.31/backend/genesys/serialize.h
Examining data/sane-backends-1.0.31/backend/genesys/settings.cpp
Examining data/sane-backends-1.0.31/backend/genesys/settings.h
Examining data/sane-backends-1.0.31/backend/genesys/static_init.cpp
Examining data/sane-backends-1.0.31/backend/genesys/static_init.h
Examining data/sane-backends-1.0.31/backend/genesys/status.cpp
Examining data/sane-backends-1.0.31/backend/genesys/status.h
Examining data/sane-backends-1.0.31/backend/genesys/tables_frontend.cpp
Examining data/sane-backends-1.0.31/backend/genesys/tables_gpo.cpp
Examining data/sane-backends-1.0.31/backend/genesys/tables_memory_layout.cpp
Examining data/sane-backends-1.0.31/backend/genesys/tables_model.cpp
Examining data/sane-backends-1.0.31/backend/genesys/tables_motor.cpp
Examining data/sane-backends-1.0.31/backend/genesys/tables_sensor.cpp
Examining data/sane-backends-1.0.31/backend/genesys/test_scanner_interface.cpp
Examining data/sane-backends-1.0.31/backend/genesys/test_scanner_interface.h
Examining data/sane-backends-1.0.31/backend/genesys/test_settings.cpp
Examining data/sane-backends-1.0.31/backend/genesys/test_settings.h
Examining data/sane-backends-1.0.31/backend/genesys/test_usb_device.cpp
Examining data/sane-backends-1.0.31/backend/genesys/test_usb_device.h
Examining data/sane-backends-1.0.31/backend/genesys/usb_device.cpp
Examining data/sane-backends-1.0.31/backend/genesys/usb_device.h
Examining data/sane-backends-1.0.31/backend/genesys/utilities.h
Examining data/sane-backends-1.0.31/backend/genesys/value_filter.h
Examining data/sane-backends-1.0.31/backend/genesys/genesys.cpp
Examining data/sane-backends-1.0.31/backend/gphoto2.c
Examining data/sane-backends-1.0.31/backend/gphoto2.h
Examining data/sane-backends-1.0.31/backend/gt68xx.c
Examining data/sane-backends-1.0.31/backend/gt68xx_devices.c
Examining data/sane-backends-1.0.31/backend/gt68xx_generic.c
Examining data/sane-backends-1.0.31/backend/gt68xx_generic.h
Examining data/sane-backends-1.0.31/backend/gt68xx_gt6801.c
Examining data/sane-backends-1.0.31/backend/gt68xx_gt6801.h
Examining data/sane-backends-1.0.31/backend/gt68xx_gt6816.c
Examining data/sane-backends-1.0.31/backend/gt68xx_gt6816.h
Examining data/sane-backends-1.0.31/backend/gt68xx_high.c
Examining data/sane-backends-1.0.31/backend/gt68xx_high.h
Examining data/sane-backends-1.0.31/backend/gt68xx_low.c
Examining data/sane-backends-1.0.31/backend/gt68xx_low.h
Examining data/sane-backends-1.0.31/backend/gt68xx_mid.c
Examining data/sane-backends-1.0.31/backend/gt68xx_mid.h
Examining data/sane-backends-1.0.31/backend/gt68xx_shm_channel.c
Examining data/sane-backends-1.0.31/backend/gt68xx_shm_channel.h
Examining data/sane-backends-1.0.31/backend/hp-accessor.c
Examining data/sane-backends-1.0.31/backend/hp-accessor.h
Examining data/sane-backends-1.0.31/backend/hp-device.c
Examining data/sane-backends-1.0.31/backend/hp-device.h
Examining data/sane-backends-1.0.31/backend/hp-handle.c
Examining data/sane-backends-1.0.31/backend/hp-handle.h
Examining data/sane-backends-1.0.31/backend/hp-hpmem.c
Examining data/sane-backends-1.0.31/backend/hp-option.c
Examining data/sane-backends-1.0.31/backend/hp-option.h
Examining data/sane-backends-1.0.31/backend/hp-scl.c
Examining data/sane-backends-1.0.31/backend/hp-scl.h
Examining data/sane-backends-1.0.31/backend/hp-scsi.h
Examining data/sane-backends-1.0.31/backend/hp.c
Examining data/sane-backends-1.0.31/backend/hp.h
Examining data/sane-backends-1.0.31/backend/hp3500.c
Examining data/sane-backends-1.0.31/backend/hp3900.c
Examining data/sane-backends-1.0.31/backend/hp3900_config.c
Examining data/sane-backends-1.0.31/backend/hp3900_debug.c
Examining data/sane-backends-1.0.31/backend/hp3900_rts8822.c
Examining data/sane-backends-1.0.31/backend/hp3900_types.c
Examining data/sane-backends-1.0.31/backend/hp3900_usb.c
Examining data/sane-backends-1.0.31/backend/hp4200.c
Examining data/sane-backends-1.0.31/backend/hp4200_lm9830.c
Examining data/sane-backends-1.0.31/backend/hp4200_lm9830.h
Examining data/sane-backends-1.0.31/backend/hp5400.c
Examining data/sane-backends-1.0.31/backend/hp5400.h
Examining data/sane-backends-1.0.31/backend/hp5400_debug.c
Examining data/sane-backends-1.0.31/backend/hp5400_debug.h
Examining data/sane-backends-1.0.31/backend/hp5400_internal.c
Examining data/sane-backends-1.0.31/backend/hp5400_internal.h
Examining data/sane-backends-1.0.31/backend/hp5400_sanei.c
Examining data/sane-backends-1.0.31/backend/hp5400_sanei.h
Examining data/sane-backends-1.0.31/backend/hp5400_xfer.h
Examining data/sane-backends-1.0.31/backend/hp5590.c
Examining data/sane-backends-1.0.31/backend/hp5590_cmds.c
Examining data/sane-backends-1.0.31/backend/hp5590_cmds.h
Examining data/sane-backends-1.0.31/backend/hp5590_low.c
Examining data/sane-backends-1.0.31/backend/hp5590_low.h
Examining data/sane-backends-1.0.31/backend/hpljm1005.c
Examining data/sane-backends-1.0.31/backend/hpsj5s.h
Examining data/sane-backends-1.0.31/backend/hs2p-saneopts.h
Examining data/sane-backends-1.0.31/backend/hs2p-scsi.c
Examining data/sane-backends-1.0.31/backend/hs2p-scsi.h
Examining data/sane-backends-1.0.31/backend/hs2p.c
Examining data/sane-backends-1.0.31/backend/hs2p.h
Examining data/sane-backends-1.0.31/backend/ibm-scsi.c
Examining data/sane-backends-1.0.31/backend/ibm.c
Examining data/sane-backends-1.0.31/backend/ibm.h
Examining data/sane-backends-1.0.31/backend/kodak-cmd.h
Examining data/sane-backends-1.0.31/backend/kodak.c
Examining data/sane-backends-1.0.31/backend/kodak.h
Examining data/sane-backends-1.0.31/backend/kodakaio.h
Examining data/sane-backends-1.0.31/backend/kvs1025.c
Examining data/sane-backends-1.0.31/backend/kvs1025.h
Examining data/sane-backends-1.0.31/backend/kvs1025_cmds.h
Examining data/sane-backends-1.0.31/backend/kvs1025_low.c
Examining data/sane-backends-1.0.31/backend/kvs1025_low.h
Examining data/sane-backends-1.0.31/backend/kvs1025_opt.c
Examining data/sane-backends-1.0.31/backend/kvs1025_usb.c
Examining data/sane-backends-1.0.31/backend/kvs1025_usb.h
Examining data/sane-backends-1.0.31/backend/kvs20xx.c
Examining data/sane-backends-1.0.31/backend/kvs20xx.h
Examining data/sane-backends-1.0.31/backend/kvs20xx_cmd.c
Examining data/sane-backends-1.0.31/backend/kvs20xx_cmd.h
Examining data/sane-backends-1.0.31/backend/kvs20xx_opt.c
Examining data/sane-backends-1.0.31/backend/kvs40xx.c
Examining data/sane-backends-1.0.31/backend/kvs40xx.h
Examining data/sane-backends-1.0.31/backend/kvs40xx_cmd.c
Examining data/sane-backends-1.0.31/backend/kvs40xx_opt.c
Examining data/sane-backends-1.0.31/backend/leo.h
Examining data/sane-backends-1.0.31/backend/lexmark.h
Examining data/sane-backends-1.0.31/backend/lexmark_low.c
Examining data/sane-backends-1.0.31/backend/lexmark_models.c
Examining data/sane-backends-1.0.31/backend/lexmark_sensors.c
Examining data/sane-backends-1.0.31/backend/lm9830.h
Examining data/sane-backends-1.0.31/backend/ma1509.c
Examining data/sane-backends-1.0.31/backend/ma1509.h
Examining data/sane-backends-1.0.31/backend/magicolor.h
Examining data/sane-backends-1.0.31/backend/matsushita.h
Examining data/sane-backends-1.0.31/backend/microtek.c
Examining data/sane-backends-1.0.31/backend/microtek.h
Examining data/sane-backends-1.0.31/backend/microtek2.c
Examining data/sane-backends-1.0.31/backend/microtek2.h
Examining data/sane-backends-1.0.31/backend/mustek.c
Examining data/sane-backends-1.0.31/backend/mustek.h
Examining data/sane-backends-1.0.31/backend/mustek_pp.c
Examining data/sane-backends-1.0.31/backend/mustek_pp.h
Examining data/sane-backends-1.0.31/backend/mustek_pp_ccd300.c
Examining data/sane-backends-1.0.31/backend/mustek_pp_ccd300.h
Examining data/sane-backends-1.0.31/backend/mustek_pp_cis.c
Examining data/sane-backends-1.0.31/backend/mustek_pp_cis.h
Examining data/sane-backends-1.0.31/backend/mustek_pp_decl.h
Examining data/sane-backends-1.0.31/backend/mustek_pp_drivers.h
Examining data/sane-backends-1.0.31/backend/mustek_pp_null.c
Examining data/sane-backends-1.0.31/backend/mustek_scsi_pp.c
Examining data/sane-backends-1.0.31/backend/mustek_scsi_pp.h
Examining data/sane-backends-1.0.31/backend/mustek_usb.c
Examining data/sane-backends-1.0.31/backend/mustek_usb.h
Examining data/sane-backends-1.0.31/backend/mustek_usb2.c
Examining data/sane-backends-1.0.31/backend/mustek_usb2.h
Examining data/sane-backends-1.0.31/backend/mustek_usb2_asic.c
Examining data/sane-backends-1.0.31/backend/mustek_usb2_asic.h
Examining data/sane-backends-1.0.31/backend/mustek_usb2_high.c
Examining data/sane-backends-1.0.31/backend/mustek_usb2_high.h
Examining data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c
Examining data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c
Examining data/sane-backends-1.0.31/backend/mustek_usb_high.c
Examining data/sane-backends-1.0.31/backend/mustek_usb_high.h
Examining data/sane-backends-1.0.31/backend/mustek_usb_low.c
Examining data/sane-backends-1.0.31/backend/mustek_usb_low.h
Examining data/sane-backends-1.0.31/backend/mustek_usb_mid.c
Examining data/sane-backends-1.0.31/backend/mustek_usb_mid.h
Examining data/sane-backends-1.0.31/backend/nec.c
Examining data/sane-backends-1.0.31/backend/nec.h
Examining data/sane-backends-1.0.31/backend/net.h
Examining data/sane-backends-1.0.31/backend/niash.c
Examining data/sane-backends-1.0.31/backend/niash_core.c
Examining data/sane-backends-1.0.31/backend/niash_core.h
Examining data/sane-backends-1.0.31/backend/niash_xfer.c
Examining data/sane-backends-1.0.31/backend/niash_xfer.h
Examining data/sane-backends-1.0.31/backend/p5_device.h
Examining data/sane-backends-1.0.31/backend/pie-scsidef.h
Examining data/sane-backends-1.0.31/backend/pieusb.h
Examining data/sane-backends-1.0.31/backend/pieusb_buffer.c
Examining data/sane-backends-1.0.31/backend/pieusb_buffer.h
Examining data/sane-backends-1.0.31/backend/pieusb_scancmd.c
Examining data/sane-backends-1.0.31/backend/pieusb_scancmd.h
Examining data/sane-backends-1.0.31/backend/pieusb_specific.c
Examining data/sane-backends-1.0.31/backend/pieusb_specific.h
Examining data/sane-backends-1.0.31/backend/pieusb_usb.c
Examining data/sane-backends-1.0.31/backend/pieusb_usb.h
Examining data/sane-backends-1.0.31/backend/pint.c
Examining data/sane-backends-1.0.31/backend/pint.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma_common.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_common.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma_imageclass.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_io.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma_io_sanei.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_mp750.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma_rename.h
Examining data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c
Examining data/sane-backends-1.0.31/backend/pixma/pixma.c
Examining data/sane-backends-1.0.31/backend/plustek-pp.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_dac.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_dbg.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_detect.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_genericio.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_hwdefs.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_image.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_io.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_map.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_misc.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_models.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_motor.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_p12.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_p12ccd.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_p48xx.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_p9636.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_procfs.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_procs.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_scale.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_scan.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_scandata.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_sysdep.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_tpa.c
Examining data/sane-backends-1.0.31/backend/plustek-pp_types.h
Examining data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c
Examining data/sane-backends-1.0.31/backend/plustek-usb.h
Examining data/sane-backends-1.0.31/backend/plustek-usbcal.c
Examining data/sane-backends-1.0.31/backend/plustek-usbcalfile.c
Examining data/sane-backends-1.0.31/backend/plustek-usbdevs.c
Examining data/sane-backends-1.0.31/backend/plustek-usbhw.c
Examining data/sane-backends-1.0.31/backend/plustek-usbimg.c
Examining data/sane-backends-1.0.31/backend/plustek-usbio.c
Examining data/sane-backends-1.0.31/backend/plustek-usbmap.c
Examining data/sane-backends-1.0.31/backend/plustek-usbscan.c
Examining data/sane-backends-1.0.31/backend/plustek-usbshading.c
Examining data/sane-backends-1.0.31/backend/plustek.c
Examining data/sane-backends-1.0.31/backend/plustek.h
Examining data/sane-backends-1.0.31/backend/plustek_pp.c
Examining data/sane-backends-1.0.31/backend/pnm.c
Examining data/sane-backends-1.0.31/backend/qcam.c
Examining data/sane-backends-1.0.31/backend/qcam.h
Examining data/sane-backends-1.0.31/backend/ricoh-scsi.c
Examining data/sane-backends-1.0.31/backend/ricoh.c
Examining data/sane-backends-1.0.31/backend/ricoh.h
Examining data/sane-backends-1.0.31/backend/ricoh2.c
Examining data/sane-backends-1.0.31/backend/ricoh2_buffer.c
Examining data/sane-backends-1.0.31/backend/rts8891.h
Examining data/sane-backends-1.0.31/backend/rts8891_devices.c
Examining data/sane-backends-1.0.31/backend/rts8891_low.c
Examining data/sane-backends-1.0.31/backend/rts8891_low.h
Examining data/sane-backends-1.0.31/backend/rts88xx_lib.c
Examining data/sane-backends-1.0.31/backend/rts88xx_lib.h
Examining data/sane-backends-1.0.31/backend/s9036.c
Examining data/sane-backends-1.0.31/backend/s9036.h
Examining data/sane-backends-1.0.31/backend/sane_strstatus.c
Examining data/sane-backends-1.0.31/backend/sceptre.h
Examining data/sane-backends-1.0.31/backend/sharp.c
Examining data/sane-backends-1.0.31/backend/sharp.h
Examining data/sane-backends-1.0.31/backend/sm3600-color.c
Examining data/sane-backends-1.0.31/backend/sm3600-gray.c
Examining data/sane-backends-1.0.31/backend/sm3600-homerun.c
Examining data/sane-backends-1.0.31/backend/sm3600-scanmtek.c
Examining data/sane-backends-1.0.31/backend/sm3600-scantool.h
Examining data/sane-backends-1.0.31/backend/sm3600-scanusb.c
Examining data/sane-backends-1.0.31/backend/sm3600-scanutil.c
Examining data/sane-backends-1.0.31/backend/sm3600.c
Examining data/sane-backends-1.0.31/backend/sm3600.h
Examining data/sane-backends-1.0.31/backend/sm3840.c
Examining data/sane-backends-1.0.31/backend/sm3840.h
Examining data/sane-backends-1.0.31/backend/sm3840_lib.c
Examining data/sane-backends-1.0.31/backend/sm3840_lib.h
Examining data/sane-backends-1.0.31/backend/sm3840_params.h
Examining data/sane-backends-1.0.31/backend/sm3840_scan.c
Examining data/sane-backends-1.0.31/backend/snapscan-data.c
Examining data/sane-backends-1.0.31/backend/snapscan-mutex.c
Examining data/sane-backends-1.0.31/backend/snapscan-options.c
Examining data/sane-backends-1.0.31/backend/snapscan-scsi.c
Examining data/sane-backends-1.0.31/backend/snapscan-sources.c
Examining data/sane-backends-1.0.31/backend/snapscan-sources.h
Examining data/sane-backends-1.0.31/backend/snapscan-usb.c
Examining data/sane-backends-1.0.31/backend/snapscan-usb.h
Examining data/sane-backends-1.0.31/backend/snapscan.c
Examining data/sane-backends-1.0.31/backend/snapscan.h
Examining data/sane-backends-1.0.31/backend/sp15c-scsi.h
Examining data/sane-backends-1.0.31/backend/sp15c.h
Examining data/sane-backends-1.0.31/backend/st400.c
Examining data/sane-backends-1.0.31/backend/st400.h
Examining data/sane-backends-1.0.31/backend/stubs.c
Examining data/sane-backends-1.0.31/backend/stv680.h
Examining data/sane-backends-1.0.31/backend/tamarack.c
Examining data/sane-backends-1.0.31/backend/tamarack.h
Examining data/sane-backends-1.0.31/backend/teco1.h
Examining data/sane-backends-1.0.31/backend/teco2.h
Examining data/sane-backends-1.0.31/backend/teco3.h
Examining data/sane-backends-1.0.31/backend/test-picture.c
Examining data/sane-backends-1.0.31/backend/test.h
Examining data/sane-backends-1.0.31/backend/u12-ccd.c
Examining data/sane-backends-1.0.31/backend/u12-hw.c
Examining data/sane-backends-1.0.31/backend/u12-hwdef.h
Examining data/sane-backends-1.0.31/backend/u12-if.c
Examining data/sane-backends-1.0.31/backend/u12-image.c
Examining data/sane-backends-1.0.31/backend/u12-io.c
Examining data/sane-backends-1.0.31/backend/u12-map.c
Examining data/sane-backends-1.0.31/backend/u12-motor.c
Examining data/sane-backends-1.0.31/backend/u12-scanner.h
Examining data/sane-backends-1.0.31/backend/u12-shading.c
Examining data/sane-backends-1.0.31/backend/u12-tpa.c
Examining data/sane-backends-1.0.31/backend/u12.c
Examining data/sane-backends-1.0.31/backend/u12.h
Examining data/sane-backends-1.0.31/backend/umax-scanner.c
Examining data/sane-backends-1.0.31/backend/umax-scanner.h
Examining data/sane-backends-1.0.31/backend/umax-scsidef.h
Examining data/sane-backends-1.0.31/backend/umax-uc1200s.c
Examining data/sane-backends-1.0.31/backend/umax-uc1200se.c
Examining data/sane-backends-1.0.31/backend/umax-uc1260.c
Examining data/sane-backends-1.0.31/backend/umax-uc630.c
Examining data/sane-backends-1.0.31/backend/umax-uc840.c
Examining data/sane-backends-1.0.31/backend/umax-ug630.c
Examining data/sane-backends-1.0.31/backend/umax-ug80.c
Examining data/sane-backends-1.0.31/backend/umax-usb.c
Examining data/sane-backends-1.0.31/backend/umax.c
Examining data/sane-backends-1.0.31/backend/umax.h
Examining data/sane-backends-1.0.31/backend/umax1220u-common.c
Examining data/sane-backends-1.0.31/backend/umax1220u.c
Examining data/sane-backends-1.0.31/backend/umax_pp.h
Examining data/sane-backends-1.0.31/backend/umax_pp_low.h
Examining data/sane-backends-1.0.31/backend/umax_pp_mid.c
Examining data/sane-backends-1.0.31/backend/umax_pp_mid.h
Examining data/sane-backends-1.0.31/backend/v4l-frequencies.h
Examining data/sane-backends-1.0.31/backend/v4l.c
Examining data/sane-backends-1.0.31/backend/v4l.h
Examining data/sane-backends-1.0.31/backend/xerox_mfp-tcp.c
Examining data/sane-backends-1.0.31/backend/xerox_mfp-usb.c
Examining data/sane-backends-1.0.31/backend/xerox_mfp.h
Examining data/sane-backends-1.0.31/backend/apple.c
Examining data/sane-backends-1.0.31/backend/dll.c
Examining data/sane-backends-1.0.31/backend/net.c
Examining data/sane-backends-1.0.31/backend/umax_pp_low.c
Examining data/sane-backends-1.0.31/backend/canon630u.c
Examining data/sane-backends-1.0.31/backend/canon_pp.c
Examining data/sane-backends-1.0.31/backend/gt68xx.h
Examining data/sane-backends-1.0.31/backend/hp3900_sane.c
Examining data/sane-backends-1.0.31/backend/hp4200.h
Examining data/sane-backends-1.0.31/backend/hp5400_sane.c
Examining data/sane-backends-1.0.31/backend/hpsj5s.c
Examining data/sane-backends-1.0.31/backend/leo.c
Examining data/sane-backends-1.0.31/backend/lexmark.c
Examining data/sane-backends-1.0.31/backend/matsushita.c
Examining data/sane-backends-1.0.31/backend/p5_device.c
Examining data/sane-backends-1.0.31/backend/pie.c
Examining data/sane-backends-1.0.31/backend/pieusb.c
Examining data/sane-backends-1.0.31/backend/plustek-usb.c
Examining data/sane-backends-1.0.31/backend/sceptre.c
Examining data/sane-backends-1.0.31/backend/sp15c.c
Examining data/sane-backends-1.0.31/backend/stv680.c
Examining data/sane-backends-1.0.31/backend/teco1.c
Examining data/sane-backends-1.0.31/backend/teco2.c
Examining data/sane-backends-1.0.31/backend/teco3.c
Examining data/sane-backends-1.0.31/backend/test.c
Examining data/sane-backends-1.0.31/backend/epson2.c
Examining data/sane-backends-1.0.31/backend/epsonds.c
Examining data/sane-backends-1.0.31/backend/kodakaio.c
Examining data/sane-backends-1.0.31/backend/magicolor.c
Examining data/sane-backends-1.0.31/backend/p5.c
Examining data/sane-backends-1.0.31/backend/p5.h
Examining data/sane-backends-1.0.31/backend/rts8891.c
Examining data/sane-backends-1.0.31/backend/umax_pp.c
Examining data/sane-backends-1.0.31/backend/xerox_mfp.c
Examining data/sane-backends-1.0.31/backend/dell1600n_net.c
Examining data/sane-backends-1.0.31/frontend/saned.c
Examining data/sane-backends-1.0.31/frontend/scanimage.c
Examining data/sane-backends-1.0.31/frontend/sicc.c
Examining data/sane-backends-1.0.31/frontend/sicc.h
Examining data/sane-backends-1.0.31/frontend/stiff.c
Examining data/sane-backends-1.0.31/frontend/stiff.h
Examining data/sane-backends-1.0.31/frontend/test.c
Examining data/sane-backends-1.0.31/frontend/tstbackend.c
Examining data/sane-backends-1.0.31/include/font_6x11.h
Examining data/sane-backends-1.0.31/include/lalloca.h
Examining data/sane-backends-1.0.31/include/lassert.h
Examining data/sane-backends-1.0.31/include/lgetopt.h
Examining data/sane-backends-1.0.31/include/md5.h
Examining data/sane-backends-1.0.31/include/sane/sane.h
Examining data/sane-backends-1.0.31/include/sane/sanei.h
Examining data/sane-backends-1.0.31/include/sane/sanei_ab306.h
Examining data/sane-backends-1.0.31/include/sane/sanei_access.h
Examining data/sane-backends-1.0.31/include/sane/sanei_auth.h
Examining data/sane-backends-1.0.31/include/sane/sanei_backend.h
Examining data/sane-backends-1.0.31/include/sane/sanei_cderror.h
Examining data/sane-backends-1.0.31/include/sane/sanei_codec_ascii.h
Examining data/sane-backends-1.0.31/include/sane/sanei_codec_bin.h
Examining data/sane-backends-1.0.31/include/sane/sanei_debug.h
Examining data/sane-backends-1.0.31/include/sane/sanei_ir.h
Examining data/sane-backends-1.0.31/include/sane/sanei_jinclude.h
Examining data/sane-backends-1.0.31/include/sane/sanei_jpeg.h
Examining data/sane-backends-1.0.31/include/sane/sanei_lm983x.h
Examining data/sane-backends-1.0.31/include/sane/sanei_magic.h
Examining data/sane-backends-1.0.31/include/sane/sanei_net.h
Examining data/sane-backends-1.0.31/include/sane/sanei_pa4s2.h
Examining data/sane-backends-1.0.31/include/sane/sanei_pio.h
Examining data/sane-backends-1.0.31/include/sane/sanei_pp.h
Examining data/sane-backends-1.0.31/include/sane/sanei_pv8630.h
Examining data/sane-backends-1.0.31/include/sane/sanei_scsi.h
Examining data/sane-backends-1.0.31/include/sane/sanei_tcp.h
Examining data/sane-backends-1.0.31/include/sane/sanei_thread.h
Examining data/sane-backends-1.0.31/include/sane/sanei_udp.h
Examining data/sane-backends-1.0.31/include/sane/sanei_usb.h
Examining data/sane-backends-1.0.31/include/sane/sanei_wire.h
Examining data/sane-backends-1.0.31/include/sane/saneopts.h
Examining data/sane-backends-1.0.31/include/sane/sanei_config.h
Examining data/sane-backends-1.0.31/japi/Sane.c
Examining data/sane-backends-1.0.31/lib/alloca.c
Examining data/sane-backends-1.0.31/lib/getenv.c
Examining data/sane-backends-1.0.31/lib/getopt.c
Examining data/sane-backends-1.0.31/lib/getopt1.c
Examining data/sane-backends-1.0.31/lib/inet_ntop.c
Examining data/sane-backends-1.0.31/lib/inet_pton.c
Examining data/sane-backends-1.0.31/lib/md5.c
Examining data/sane-backends-1.0.31/lib/sigprocmask.c
Examining data/sane-backends-1.0.31/lib/sleep.c
Examining data/sane-backends-1.0.31/lib/snprintf.c
Examining data/sane-backends-1.0.31/lib/strcasestr.c
Examining data/sane-backends-1.0.31/lib/strdup.c
Examining data/sane-backends-1.0.31/lib/strndup.c
Examining data/sane-backends-1.0.31/lib/strsep.c
Examining data/sane-backends-1.0.31/lib/syslog.c
Examining data/sane-backends-1.0.31/lib/usleep.c
Examining data/sane-backends-1.0.31/lib/vsyslog.c
Examining data/sane-backends-1.0.31/sanei/linux_sg3_err.h
Examining data/sane-backends-1.0.31/sanei/os2_srb.h
Examining data/sane-backends-1.0.31/sanei/sanei_DomainOS.c
Examining data/sane-backends-1.0.31/sanei/sanei_DomainOS.h
Examining data/sane-backends-1.0.31/sanei/sanei_ab306.c
Examining data/sane-backends-1.0.31/sanei/sanei_access.c
Examining data/sane-backends-1.0.31/sanei/sanei_auth.c
Examining data/sane-backends-1.0.31/sanei/sanei_codec_ascii.c
Examining data/sane-backends-1.0.31/sanei/sanei_codec_bin.c
Examining data/sane-backends-1.0.31/sanei/sanei_config2.c
Examining data/sane-backends-1.0.31/sanei/sanei_constrain_value.c
Examining data/sane-backends-1.0.31/sanei/sanei_init_debug.c
Examining data/sane-backends-1.0.31/sanei/sanei_ir.c
Examining data/sane-backends-1.0.31/sanei/sanei_jpeg.c
Examining data/sane-backends-1.0.31/sanei/sanei_lm983x.c
Examining data/sane-backends-1.0.31/sanei/sanei_magic.c
Examining data/sane-backends-1.0.31/sanei/sanei_net.c
Examining data/sane-backends-1.0.31/sanei/sanei_pa4s2.c
Examining data/sane-backends-1.0.31/sanei/sanei_pio.c
Examining data/sane-backends-1.0.31/sanei/sanei_pp.c
Examining data/sane-backends-1.0.31/sanei/sanei_pv8630.c
Examining data/sane-backends-1.0.31/sanei/sanei_scsi.c
Examining data/sane-backends-1.0.31/sanei/sanei_tcp.c
Examining data/sane-backends-1.0.31/sanei/sanei_thread.c
Examining data/sane-backends-1.0.31/sanei/sanei_udp.c
Examining data/sane-backends-1.0.31/sanei/sanei_usb.c
Examining data/sane-backends-1.0.31/sanei/sanei_wire.c
Examining data/sane-backends-1.0.31/sanei/sanei_config.c
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/minigtest.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/minigtest.h
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/session_config_test.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests.h
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_calibration.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_image_pipeline.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_motor.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_printers.h
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_row_buffer.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_utilities.cpp
Examining data/sane-backends-1.0.31/testsuite/backend/genesys/tests_image.cpp
Examining data/sane-backends-1.0.31/testsuite/sanei/sanei_check_test.c
Examining data/sane-backends-1.0.31/testsuite/sanei/sanei_constrain_test.c
Examining data/sane-backends-1.0.31/testsuite/sanei/sanei_usb_test.c
Examining data/sane-backends-1.0.31/testsuite/sanei/test_wire.c
Examining data/sane-backends-1.0.31/testsuite/sanei/sanei_config_test.c
Examining data/sane-backends-1.0.31/tools/check-usb-chip.c
Examining data/sane-backends-1.0.31/tools/gamma4scanimage.c
Examining data/sane-backends-1.0.31/tools/mustek600iin-off.c
Examining data/sane-backends-1.0.31/tools/sane-find-scanner.c
Examining data/sane-backends-1.0.31/tools/umax_pp.c
Examining data/sane-backends-1.0.31/tools/sane-desc.c
FINAL RESULTS:
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3730:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (filename, mode) != 0)
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3754:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (filename, mode) != 0)
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3776:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (filename, mode) != 0)
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3800:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (filename, mode) != 0)
data/sane-backends-1.0.31/backend/abaton.c:1075:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/agfafocus.c:1463:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/apple.c:2152:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/artec.c:1114:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (prt_buf, tmp_buf );
data/sane-backends-1.0.31/backend/artec.c:1213:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (prt_buf, tmp_buf );
data/sane-backends-1.0.31/backend/artec.c:1832:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[46] == 0x80 ? "yes" : "no");
data/sane-backends-1.0.31/backend/artec.c:1834:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[47] == 0x80 ? "yes" : "no");
data/sane-backends-1.0.31/backend/artec.c:1836:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[48] == 0x80 ? "yes" : "no");
data/sane-backends-1.0.31/backend/artec.c:1840:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[50] == 0x80 ? "yes" : "no");
data/sane-backends-1.0.31/backend/artec.c:1842:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[51] == 0x80 ? "yes" : "no");
data/sane-backends-1.0.31/backend/artec.c:1844:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[52] == 0x80 ? "yes" : "no");
data/sane-backends-1.0.31/backend/artec.c:1846:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[53] == 0x00 ? "AT006" : "AT010");
data/sane-backends-1.0.31/backend/artec.c:1848:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info, "%s ", cap_buf[54] == 0x82 ? "SCSI2" :
data/sane-backends-1.0.31/backend/artec.c:1915:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( prt_buf, tmp_buf );
data/sane-backends-1.0.31/backend/artec.c:1922:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( prt_buf, tmp_buf );
data/sane-backends-1.0.31/backend/artec.c:2033:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp_result, artec_vendor);
data/sane-backends-1.0.31/backend/artec.c:2045:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp_result, artec_model);
data/sane-backends-1.0.31/backend/artec.c:2632:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (artec_vendor, cp);
data/sane-backends-1.0.31/backend/artec.c:2642:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (artec_model, cp);
data/sane-backends-1.0.31/backend/artec.c:2915:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:941:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) result, (char *) tmp2);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:980:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dest, tmp);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3590:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, getenv ("HOME"));
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3600:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3622:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3642:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3664:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3708:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, getenv ("HOME"));
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3718:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3745:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3767:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3791:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, path);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4090:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, s->val[option].s);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4534:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, str);
data/sane-backends-1.0.31/backend/as6e.c:446:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->value[option].s);
data/sane-backends-1.0.31/backend/as6e.c:576:6: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp ("as6edriver", "as6edriver", "-s", inpipe_desc,
data/sane-backends-1.0.31/backend/avision.c:2025:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return fprintf (f, hdr_str, width, height, maxval);
data/sane-backends-1.0.31/backend/avision.c:3889:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = snprintf (message, message_end - message, "%s" format, \
data/sane-backends-1.0.31/backend/avision.c:8525:11: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (! mktemp(s->duplex_offtmp_fname) ) {
data/sane-backends-1.0.31/backend/avision.c:8751:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/avision.c:8759:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/avision.c:8766:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/bh.c:434:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(inquiry_data, "Vendor: %s Product: %s Rev: %s %s%s%s\n",
data/sane-backends-1.0.31/backend/bh.c:1397:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, val);
data/sane-backends-1.0.31/backend/bh.c:1515:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, val);
data/sane-backends-1.0.31/backend/bh.c:3409:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/canon-sane.c:78:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (devnam, line);
data/sane-backends-1.0.31/backend/canon-sane.c:439:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/canon_dr.c:840:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->device_name, device_name);
data/sane-backends-1.0.31/backend/canon_dr.c:868:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->vendor_name, global_vendor_name);
data/sane-backends-1.0.31/backend/canon_dr.c:870:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->model_name, global_model_name);
data/sane-backends-1.0.31/backend/canon_dr.c:872:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->version_name, global_version_name);
data/sane-backends-1.0.31/backend/canon_dr.c:2776:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_FLATBED);
data/sane-backends-1.0.31/backend/canon_dr.c:2779:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFFRONT);
data/sane-backends-1.0.31/backend/canon_dr.c:2782:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFBACK);
data/sane-backends-1.0.31/backend/canon_dr.c:2785:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFDUPLEX);
data/sane-backends-1.0.31/backend/canon_dr.c:2788:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CARDFRONT);
data/sane-backends-1.0.31/backend/canon_dr.c:2791:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CARDBACK);
data/sane-backends-1.0.31/backend/canon_dr.c:2794:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CARDDUPLEX);
data/sane-backends-1.0.31/backend/canon_dr.c:2800:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_LINEART);
data/sane-backends-1.0.31/backend/canon_dr.c:2803:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_HALFTONE);
data/sane-backends-1.0.31/backend/canon_dr.c:2806:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GRAYSCALE);
data/sane-backends-1.0.31/backend/canon_dr.c:2809:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_COLOR);
data/sane-backends-1.0.31/backend/canon_dr.c:2860:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_JPEG);
data/sane-backends-1.0.31/backend/canon_dr.c:2863:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_NONE);
data/sane-backends-1.0.31/backend/canon_dr.c:2906:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_NONE);
data/sane-backends-1.0.31/backend/canon_dr.c:2909:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_RED);
data/sane-backends-1.0.31/backend/canon_dr.c:2912:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GREEN);
data/sane-backends-1.0.31/backend/canon_dr.c:2915:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_BLUE);
data/sane-backends-1.0.31/backend/canon_dr.c:2918:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_EN_RED);
data/sane-backends-1.0.31/backend/canon_dr.c:2921:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_EN_GREEN);
data/sane-backends-1.0.31/backend/canon_dr.c:2924:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_EN_BLUE);
data/sane-backends-1.0.31/backend/canon_dr.c:2932:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_NONE);
data/sane-backends-1.0.31/backend/canon_dr.c:2935:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_RED);
data/sane-backends-1.0.31/backend/canon_dr.c:2938:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GREEN);
data/sane-backends-1.0.31/backend/canon_dr.c:2941:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_BLUE);
data/sane-backends-1.0.31/backend/canon_dr.c:2944:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_EN_RED);
data/sane-backends-1.0.31/backend/canon_dr.c:2947:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_EN_GREEN);
data/sane-backends-1.0.31/backend/canon_dr.c:2950:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_EN_BLUE);
data/sane-backends-1.0.31/backend/canon_lide70.c:368:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chndl->val[opt_mode].s, init_mode);
data/sane-backends-1.0.31/backend/canon_lide70.c:771:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (chndl->val[option].s, (SANE_String) value);
data/sane-backends-1.0.31/backend/canon_lide70.c:832:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, chndl->val[option].s);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:82:18: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (level < 50) vfprintf(stderr, format, args);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:435:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sp->name, hw->name);
data/sane-backends-1.0.31/backend/canon_pp-io.c:72:18: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (level < 50) vfprintf(stderr, format, args);
data/sane-backends-1.0.31/backend/canon_pp.c:791:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)val,
data/sane-backends-1.0.31/backend/canon_pp.c:795:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)val,
data/sane-backends-1.0.31/backend/canon_pp.c:1821:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "~/.sane/canon_pp-calibration-%s",
data/sane-backends-1.0.31/backend/cardscan.c:867:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GRAYSCALE);
data/sane-backends-1.0.31/backend/cardscan.c:870:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_COLOR);
data/sane-backends-1.0.31/backend/coolscan.c:3468:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ case AF_NEVER: strcpy (val,neverStr);
data/sane-backends-1.0.31/backend/coolscan.c:3470:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case AF_PREVIEW:strcpy (val,previewStr);
data/sane-backends-1.0.31/backend/coolscan.c:3472:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case AF_SCAN:if(scanner->LS>=2) strcpy (val,scanStr);
data/sane-backends-1.0.31/backend/coolscan.c:3474:47: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case AF_PREANDSCAN:if(scanner->LS>=2) strcpy (val,preandscanStr);
data/sane-backends-1.0.31/backend/coolscan.c:3562:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, ((scanner->negative) ? negativeStr : positiveStr));
data/sane-backends-1.0.31/backend/coolscan.c:3567:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ case RGB: strcpy (val,colorStr);
data/sane-backends-1.0.31/backend/coolscan.c:3569:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case GREYSCALE:strcpy (val,grayStr);
data/sane-backends-1.0.31/backend/coolscan.c:3571:45: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case RGBI:if(scanner->LS>=2) strcpy (val,rgbiStr);
data/sane-backends-1.0.31/backend/coolscan.c:3572:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (val,colorStr);
data/sane-backends-1.0.31/backend/coolscan.c:3574:38: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case IRED:if(scanner->LS>=2) strcpy (val,iredStr);
data/sane-backends-1.0.31/backend/coolscan.c:3575:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy (val,grayStr);
data/sane-backends-1.0.31/backend/coolscan2.c:1921:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, prefix);
data/sane-backends-1.0.31/backend/coolscan2.c:1922:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, device);
data/sane-backends-1.0.31/backend/coolscan2.c:1931:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, s->vendor_string);
data/sane-backends-1.0.31/backend/coolscan2.c:1940:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, s->product_string);
data/sane-backends-1.0.31/backend/coolscan3.c:1948:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, prefix);
data/sane-backends-1.0.31/backend/coolscan3.c:1949:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, device);
data/sane-backends-1.0.31/backend/coolscan3.c:1957:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, s->vendor_string);
data/sane-backends-1.0.31/backend/coolscan3.c:1965:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, s->product_string);
data/sane-backends-1.0.31/backend/dc240.c:1243:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) value, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1433:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1435:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, e->name);
data/sane-backends-1.0.31/backend/dc240.c:1441:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) &name_buf[1], path);
data/sane-backends-1.0.31/backend/dc240.c:1540:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) filename_buf,
data/sane-backends-1.0.31/backend/dc240.c:1672:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1861:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) &buf[1], dir);
data/sane-backends-1.0.31/backend/dc240.c:1949:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1951:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fname);
data/sane-backends-1.0.31/backend/dc240.c:1962:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) &buf[1], path);
data/sane-backends-1.0.31/backend/dc240.c:2061:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cur->name, entry->name);
data/sane-backends-1.0.31/backend/dc25.c:1835:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tty_name, DEF_TTY_NAME);
data/sane-backends-1.0.31/backend/dc25.c:1869:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tty_name, p);
data/sane-backends-1.0.31/backend/dc25.c:2468:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) buffer, COMET_MAGIC);
data/sane-backends-1.0.31/backend/dll.c:381:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,be->name);
data/sane-backends-1.0.31/backend/dll.c:502:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (libname, sizeof (libname), "%s/" PREFIX "%.2s%.5s" POSTFIX,
data/sane-backends-1.0.31/backend/dll.c:506:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (libname, sizeof (libname), "%s/" PREFIX "%s" POSTFIX,
data/sane-backends-1.0.31/backend/dll.c:518:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (libname, sizeof (libname), "%s/" PREFIX "%s" ALT_POSTFIX,
data/sane-backends-1.0.31/backend/dll.c:575:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (funcname, "_sane_%s_%s", be->name, op_name[i]);
data/sane-backends-1.0.31/backend/dll.c:1139:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_name, alias->newname);
data/sane-backends-1.0.31/backend/dll.c:1152:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_name, be->name);
data/sane-backends-1.0.31/backend/dll.c:1154:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_name, be_list[i]->name);
data/sane-backends-1.0.31/backend/dmc.c:1060:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val, c->val[option].s);
data/sane-backends-1.0.31/backend/epjitsu.c:365:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)global_firmware_filename, lp);
data/sane-backends-1.0.31/backend/epjitsu.c:1507:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_FLATBED);
data/sane-backends-1.0.31/backend/epjitsu.c:1510:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFFRONT);
data/sane-backends-1.0.31/backend/epjitsu.c:1513:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFBACK);
data/sane-backends-1.0.31/backend/epjitsu.c:1516:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFDUPLEX);
data/sane-backends-1.0.31/backend/epjitsu.c:1525:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_LINEART);
data/sane-backends-1.0.31/backend/epjitsu.c:1528:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GRAYSCALE);
data/sane-backends-1.0.31/backend/epjitsu.c:1531:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_COLOR);
data/sane-backends-1.0.31/backend/epson.c:996:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "%s %02x", hex_str, s[k]);
data/sane-backends-1.0.31/backend/epson.c:997:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (hex_str, tmp_str);
data/sane-backends-1.0.31/backend/epson.c:1000:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "%s %c", ascii_str, isprint (s[k]) ? s[k] : '.');
data/sane-backends-1.0.31/backend/epson.c:1001:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ascii_str, tmp_str);
data/sane-backends-1.0.31/backend/epson.c:1344:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (gammaValues, newValue);
data/sane-backends-1.0.31/backend/epson.c:1725:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
&& (access (s->hw->sane.name, R_OK | W_OK) != 0))
data/sane-backends-1.0.31/backend/epson.c:2596:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
dev->sane.name = strcpy (str, dev_name);
data/sane-backends-1.0.31/backend/epson.c:3759:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) value, sopt->constraint.string_list[sval->w]);
data/sane-backends-1.0.31/backend/epson.c:3763:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, sval->s);
data/sane-backends-1.0.31/backend/epson2-commands.c:348:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gammaValues, newValue);
data/sane-backends-1.0.31/backend/epson2.c:804:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, dev);
data/sane-backends-1.0.31/backend/epson2.c:1667:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) value, sopt->constraint.string_list[sval->w]);
data/sane-backends-1.0.31/backend/epsonds.c:478:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, dev);
data/sane-backends-1.0.31/backend/epsonds.c:1000:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) value, sopt->constraint.string_list[sval->w]);
data/sane-backends-1.0.31/backend/epsonds.c:1262:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#ADF%s%s",
data/sane-backends-1.0.31/backend/epsonds.c:1287:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, buf);
data/sane-backends-1.0.31/backend/epsonds.c:1295:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, buf);
data/sane-backends-1.0.31/backend/epsonds.c:1314:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, buf);
data/sane-backends-1.0.31/backend/epsonds.c:1320:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, buf);
data/sane-backends-1.0.31/backend/escl/escl.c:909:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (v, handler->val[n].s);
data/sane-backends-1.0.31/backend/escl/escl_newjob.c:184:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cap_data, sizeof(cap_data), settings,
data/sane-backends-1.0.31/backend/fujitsu.c:999:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->device_name, device_name);
data/sane-backends-1.0.31/backend/fujitsu.c:2764:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->serial_name, "%s:%d", s->model_name, sn);
data/sane-backends-1.0.31/backend/fujitsu.c:4726:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_FLATBED);
data/sane-backends-1.0.31/backend/fujitsu.c:4729:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFFRONT);
data/sane-backends-1.0.31/backend/fujitsu.c:4732:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFBACK);
data/sane-backends-1.0.31/backend/fujitsu.c:4735:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFDUPLEX);
data/sane-backends-1.0.31/backend/fujitsu.c:4738:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CARDFRONT);
data/sane-backends-1.0.31/backend/fujitsu.c:4741:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CARDBACK);
data/sane-backends-1.0.31/backend/fujitsu.c:4744:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CARDDUPLEX);
data/sane-backends-1.0.31/backend/fujitsu.c:4750:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_LINEART);
data/sane-backends-1.0.31/backend/fujitsu.c:4753:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_HALFTONE);
data/sane-backends-1.0.31/backend/fujitsu.c:4756:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GRAYSCALE);
data/sane-backends-1.0.31/backend/fujitsu.c:4759:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_COLOR);
data/sane-backends-1.0.31/backend/fujitsu.c:4815:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:4818:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DITHER);
data/sane-backends-1.0.31/backend/fujitsu.c:4821:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DIFFUSION);
data/sane-backends-1.0.31/backend/fujitsu.c:4849:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:4852:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:4855:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:4917:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_JPEG);
data/sane-backends-1.0.31/backend/fujitsu.c:4920:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_NONE);
data/sane-backends-1.0.31/backend/fujitsu.c:4931:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:4934:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_CONTINUE);
data/sane-backends-1.0.31/backend/fujitsu.c:4937:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_STOP);
data/sane-backends-1.0.31/backend/fujitsu.c:4957:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:4960:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_10MM);
data/sane-backends-1.0.31/backend/fujitsu.c:4963:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_15MM);
data/sane-backends-1.0.31/backend/fujitsu.c:4966:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_20MM);
data/sane-backends-1.0.31/backend/fujitsu.c:4974:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:4977:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:4980:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:4988:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:4991:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:4994:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:5002:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5005:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:5008:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:5016:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5019:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:5022:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:5030:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5033:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_WHITE);
data/sane-backends-1.0.31/backend/fujitsu.c:5036:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_BLACK);
data/sane-backends-1.0.31/backend/fujitsu.c:5044:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5047:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_RED);
data/sane-backends-1.0.31/backend/fujitsu.c:5050:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GREEN);
data/sane-backends-1.0.31/backend/fujitsu.c:5053:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_BLUE);
data/sane-backends-1.0.31/backend/fujitsu.c:5061:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5064:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:5067:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:5075:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5078:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:5081:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:5089:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_DEFAULT);
data/sane-backends-1.0.31/backend/fujitsu.c:5092:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ON);
data/sane-backends-1.0.31/backend/fujitsu.c:5095:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_OFF);
data/sane-backends-1.0.31/backend/fujitsu.c:5176:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_HORIZONTAL);
data/sane-backends-1.0.31/backend/fujitsu.c:5179:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_HORIZONTALBOLD);
data/sane-backends-1.0.31/backend/fujitsu.c:5182:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_HORIZONTALNARROW);
data/sane-backends-1.0.31/backend/fujitsu.c:5185:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_VERTICAL);
data/sane-backends-1.0.31/backend/fujitsu.c:5188:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_VERTICALBOLD);
data/sane-backends-1.0.31/backend/fujitsu.c:5196:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_TOPTOBOTTOM);
data/sane-backends-1.0.31/backend/fujitsu.c:5199:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_BOTTOMTOTOP);
data/sane-backends-1.0.31/backend/fujitsu.c:5207:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_FRONT);
data/sane-backends-1.0.31/backend/fujitsu.c:5210:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_BACK);
data/sane-backends-1.0.31/backend/genesys/error.cpp:120:24: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int msg_len = std::vsnprintf(nullptr, 0, format, vlist2);
data/sane-backends-1.0.31/backend/genesys/error.cpp:134:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
std::vsnprintf(&msg_[0], msg_len + 1, format, vlist);
data/sane-backends-1.0.31/backend/genesys/error.cpp:182:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
std::vsnprintf(msg_, MAX_BUF_SIZE, format, args);
data/sane-backends-1.0.31/backend/genesys/error.cpp:198:24: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int msg_len = std::vsnprintf(nullptr, 0, format, args);
data/sane-backends-1.0.31/backend/genesys/error.cpp:208:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
std::vsnprintf(&msg.front(), msg.size(), format, args);
data/sane-backends-1.0.31/backend/genesys/error.h:74:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/sane-backends-1.0.31/backend/genesys/error.h:80:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/sane-backends-1.0.31/backend/genesys/error.h:112:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/sane-backends-1.0.31/backend/genesys/error.h:121:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/sane-backends-1.0.31/backend/genesys/error.h:130:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:1244:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(title, "gl_search_strip_%s_%s%02d.tiff",
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:1266:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(title, "gl_search_strip_%s_%s%02d.tiff",
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5742:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(reinterpret_cast<char*>(val), s->mode.c_str());
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5745:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(reinterpret_cast<char*>(val), s->color_filter.c_str());
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5748:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(reinterpret_cast<char*>(val), s->calibration_file.c_str());
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5751:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(reinterpret_cast<char*>(val), scan_method_to_option_string(s->scan_method));
data/sane-backends-1.0.31/backend/gphoto2.c:628:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s/%s", (char *) TopFolder,
data/sane-backends-1.0.31/backend/gphoto2.c:633:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmdbuf, TopFolder);
data/sane-backends-1.0.31/backend/gphoto2.c:771:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "Image selection - %s", Cam_data.camera_name);
data/sane-backends-1.0.31/backend/gphoto2.c:1431:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s/%s", (char *) TopFolder,
data/sane-backends-1.0.31/backend/gphoto2.c:1436:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmdbuf, TopFolder);
data/sane-backends-1.0.31/backend/gphoto2.c:1609:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (path, TopFolder);
data/sane-backends-1.0.31/backend/gphoto2.c:1615:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, (const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gphoto2.c:1784:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, (const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gphoto2.c:1786:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (path, fname);
data/sane-backends-1.0.31/backend/gphoto2.c:1837:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "%s/%s", (char *) TopFolder,
data/sane-backends-1.0.31/backend/gphoto2.c:1842:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cmdbuf, TopFolder);
data/sane-backends-1.0.31/backend/gt68xx.c:1720:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2488:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "%s/.sane/gt68xx-%s.cal", ptr, scanner->dev->model->name);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2495:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "%s/gt68xx-%s.cal", ptr, scanner->dev->model->name);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2499:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "/tmp/gt68xx-%s.cal", scanner->dev->model->name);
data/sane-backends-1.0.31/backend/hp-accessor.c:386:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(valp, choice->name);
data/sane-backends-1.0.31/backend/hp-option.c:2187:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (calib_filename, homedir);
data/sane-backends-1.0.31/backend/hp-scl.c:531:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( new->devname ) strcpy (new->devname, devname);
data/sane-backends-1.0.31/backend/hp-scl.c:652:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( new->devname ) strcpy (new->devname, devname);
data/sane-backends-1.0.31/backend/hp.c:269:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, pt);
data/sane-backends-1.0.31/backend/hp.c:277:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (line, pt);
data/sane-backends-1.0.31/backend/hp.c:679:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
nargs = sscanf (buf, "%s%s%s", arg1, arg2, arg3);
data/sane-backends-1.0.31/backend/hp.c:752:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cu_device, dev_name); /* Save the device name */
data/sane-backends-1.0.31/backend/hp3500.c:540:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((SANE_Char *) val, scan_mode_list[scanner->mode]);
data/sane-backends-1.0.31/backend/hp3900_debug.c:96:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, msg, ap);
data/sane-backends-1.0.31/backend/hp3900_debug.c:304:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:331:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:337:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:346:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:360:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:769:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:777:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:787:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_debug.c:792:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_usb.c:474:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_usb.c:481:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_usb.c:491:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp3900_usb.c:495:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
sline = strcat (sline, sdata);
data/sane-backends-1.0.31/backend/hp5400_debug.h:68:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HP5400_DBG fprintf
data/sane-backends-1.0.31/backend/hp5400_sane.c:950:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((SANE_String)pVal, modeSwitchList[panelInfo.bwcolour - 1]);
data/sane-backends-1.0.31/backend/hpljm1005.c:584:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) v,
data/sane-backends-1.0.31/backend/hpsj5s.c:194:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (scanner_path, line); /*so, we choose last in file (uncommented) */
data/sane-backends-1.0.31/backend/hs2p-scsi.c:203:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (info->inquiry_data, "Vendor: %s Product: %s Rev: %s %s%s\n",
data/sane-backends-1.0.31/backend/hs2p.c:2127:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/ibm.c:574:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (devnam, lp);
data/sane-backends-1.0.31/backend/ibm.c:748:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/kodak.c:1298:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFFRONT);
data/sane-backends-1.0.31/backend/kodak.c:1301:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFBACK);
data/sane-backends-1.0.31/backend/kodak.c:1304:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_ADFDUPLEX);
data/sane-backends-1.0.31/backend/kodak.c:1313:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_LINEART);
data/sane-backends-1.0.31/backend/kodak.c:1316:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_HALFTONE);
data/sane-backends-1.0.31/backend/kodak.c:1319:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_GRAYSCALE);
data/sane-backends-1.0.31/backend/kodak.c:1322:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, STRING_COLOR);
data/sane-backends-1.0.31/backend/kodakaio.c:807:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, fmt_buf);
data/sane-backends-1.0.31/backend/kodakaio.c:813:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, fmt_buf);
data/sane-backends-1.0.31/backend/kodakaio.c:2019:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (IP, device);
data/sane-backends-1.0.31/backend/kodakaio.c:2570:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(name, "%s %x", IP, &model) == 2) {
data/sane-backends-1.0.31/backend/kodakaio.c:3122:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) value, sopt->constraint.string_list[sval->w]);
data/sane-backends-1.0.31/backend/kvs1025_opt.c:1018:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/kvs1025_usb.c:65:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev->device_name, device_name);
data/sane-backends-1.0.31/backend/kvs1025_usb.c:79:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev->scsi_product,
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:188:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[MODE].s, mode_list[0]);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:225:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[FEEDER_MODE].s, feeder_mode_list[0]);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:249:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[MANUALFEED].s, manual_feed_list[0]);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:302:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[PAPER_SIZE].s, SANE_I18N ("A4"));
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:419:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[IMAGE_EMPHASIS].s, image_emphasis_list[0]);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:431:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[GAMMA_CORRECTION].s, gamma_list[0]);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:443:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[LAMP].s, lamp_list[0]);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:488:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:601:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:605:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[MODE].s, val);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:624:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:635:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[PAPER_SIZE].s, val);
data/sane-backends-1.0.31/backend/kvs40xx.c:333:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->name, devname);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:337:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[MODE].s, mode_list[2]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:374:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[FEEDER_MODE].s, feeder_mode_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:386:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[SOURCE].s, source_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:423:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[MANUALFEED].s, manual_feed_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:456:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[DFEED_SENCE].s, dfeed_sence_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:526:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[PAPER_SIZE].s, SANE_I18N ("A4"));
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:649:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[AUTOMATIC_THRESHOLD].s, automatic_threshold_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:662:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[IMAGE_EMPHASIS].s, image_emphasis_list[0]);;
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:675:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[GAMMA_CORRECTION].s, gamma_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:688:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[LAMP].s, lamp_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:709:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[HALFTONE_PATTERN].s, halftone_pattern[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:744:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[STAPELED_DOC].s, stapeled_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:758:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[WHITE_LEVEL].s, white_level_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:771:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[NOISE_REDUCTION].s, noise_reduction_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:892:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1042:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1046:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1049:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[FEEDER_MODE].s, feeder_mode_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1050:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[MANUALFEED].s, manual_feed_list[0]);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1086:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1101:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1150:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1161:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1211:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->val[option].s, val);
data/sane-backends-1.0.31/backend/leo.c:1498:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/lexmark.c:158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev->val[OPT_MODE].s, SANE_VALUE_SCAN_MODE_COLOR);
data/sane-backends-1.0.31/backend/lexmark.c:928:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (lexmark_device->val[option].s, value);
data/sane-backends-1.0.31/backend/lexmark.c:976:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, lexmark_device->val[option].s);
data/sane-backends-1.0.31/backend/ma1509.c:147:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) buffer_byte_list, (SANE_String) buffer_byte);
data/sane-backends-1.0.31/backend/ma1509.c:375:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) inquiry_text_list,
data/sane-backends-1.0.31/backend/ma1509.c:378:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) inquiry_byte_list,
data/sane-backends-1.0.31/backend/ma1509.c:1531:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/magicolor.c:421:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, fmt_buf);
data/sane-backends-1.0.31/backend/magicolor.c:427:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (msg, fmt_buf);
data/sane-backends-1.0.31/backend/magicolor.c:1605:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (IP, device);
data/sane-backends-1.0.31/backend/magicolor.c:1893:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&new_handled->ip_addr[0], ip_addr);
data/sane-backends-1.0.31/backend/magicolor.c:1952:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&new_detected->ip_addr[0], ip_addr);
data/sane-backends-1.0.31/backend/magicolor.c:2203:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(name, "%s %x", IP, &model) == 2) {
data/sane-backends-1.0.31/backend/magicolor.c:2684:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) value, sopt->constraint.string_list[sval->w]);
data/sane-backends-1.0.31/backend/matsushita.c:1925:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/microtek.c:167:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(_mdebug_string, MAX_MDBG_LENGTH, format, ap);
data/sane-backends-1.0.31/backend/microtek.c:176:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(_mdebug_string+len, MAX_MDBG_LENGTH-len, format, ap);
data/sane-backends-1.0.31/backend/microtek.c:3422:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, val[option].s);
data/sane-backends-1.0.31/backend/microtek2.c:1527:17: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt(password, SALT);
data/sane-backends-1.0.31/backend/microtek2.c:1581:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outbuf, "%*s", 2 * ( 2 + BPL - i), " " );
data/sane-backends-1.0.31/backend/microtek2.c:1583:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outbuf, "%s", (i == BPL / 2) ? " " : "");
data/sane-backends-1.0.31/backend/microtek2.c:3119:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, val[option].s);
data/sane-backends-1.0.31/backend/mustek.c:296:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) dbgtxt, (SANE_String) bytetxt);
data/sane-backends-1.0.31/backend/mustek.c:605:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) cmd_byte_list, (SANE_String) cmd_byte);
data/sane-backends-1.0.31/backend/mustek.c:629:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) cmd_byte_list, (SANE_String) cmd_byte);
data/sane-backends-1.0.31/backend/mustek.c:1043:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) inquiry_text_list,
data/sane-backends-1.0.31/backend/mustek.c:1046:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((SANE_String) inquiry_byte_list,
data/sane-backends-1.0.31/backend/mustek.c:5848:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/mustek_pp.c:1340:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, hndl->val[option].s);
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:228:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(M1015_LOG_2, &hl_prev_line[0]);\
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:229:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&hl_prev_line[0], &hl_next_line[0]);\
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:243:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s+ %s\n", cis_indent, info);\
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:441:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s read_reg(%s); [%s]\n", cis_indent,
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:484:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s wait_bit(%s, %s, %d): %s %s;\n", cis_indent,
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:498:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s wait_bit(%s, %s, %d): failed;\n", cis_indent,
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:509:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s wait_bit(%s, %s, %d);\n", cis_indent,
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:573:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s write_reg(%s, 0x%02X);\n", cis_indent,
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:610:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s write_reg2(%s, 0x%02X, 0x%02X);\n",
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:651:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s write_reg3(%s, 0x%02X, 0x%02X, 0x%02X);\n",
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:712:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s write_reg_multi(%s, *%d);\n", cis_indent,
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:735:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&hl_next_line[0], "%s send_command(0x%02X);\n", cis_indent, command);
data/sane-backends-1.0.31/backend/mustek_usb.c:1051:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s->hw->device_name, dev->name);
data/sane-backends-1.0.31/backend/mustek_usb.c:1235:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/mustek_usb2.c:2220:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/mustek_usb2.c:2224:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/nec.c:1382:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[match]);
data/sane-backends-1.0.31/backend/nec.c:1390:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, string_list[match]);
data/sane-backends-1.0.31/backend/nec.c:1392:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[match]);
data/sane-backends-1.0.31/backend/nec.c:1394:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[0]);
data/sane-backends-1.0.31/backend/nec.c:1429:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, string_list[default_index]);
data/sane-backends-1.0.31/backend/nec.c:2283:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/nec.c:2403:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/nec.c:2420:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/nec.c:2431:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/nec.c:2465:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/net.c:489:18: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
req.username = getlogin ();
data/sane-backends-1.0.31/backend/net.c:656:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (net_resource, "net:%s:%s", dev->name, resource);
data/sane-backends-1.0.31/backend/net.c:1319:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_name, dev->name);
data/sane-backends-1.0.31/backend/net.c:1327:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_name, reply.device_list[i]->name);
data/sane-backends-1.0.31/backend/niash.c:1042:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) pVal, modeList[s->aValues[optMode].w]);
data/sane-backends-1.0.31/backend/niash_xfer.h:67:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG fprintf
data/sane-backends-1.0.31/backend/p5.c:652:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->options[option].value.s);
data/sane-backends-1.0.31/backend/p5_device.c:1274:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "%s/.sane/p5-%s.cal", ptr, devicename);
data/sane-backends-1.0.31/backend/p5_device.c:1281:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "%s/p5-%s.cal", ptr, devicename);
data/sane-backends-1.0.31/backend/p5_device.c:1285:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp_str, "/tmp/p5-%s.cal", devicename);
data/sane-backends-1.0.31/backend/pie.c:3293:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, scanner->val[option].s);
data/sane-backends-1.0.31/backend/pieusb.c:633:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, scanner->val[option].s);
data/sane-backends-1.0.31/backend/pieusb_usb.c:386:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (desc, code_to_text (sense_code_text, sense->senseKey));
data/sane-backends-1.0.31/backend/pint.c:763:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/pixma/pixma.c:621:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, opt->val.s);
data/sane-backends-1.0.31/backend/pixma/pixma.c:640:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, slist[opt->val.w]);
data/sane-backends-1.0.31/backend/pixma/pixma.c:653:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, slist[i]);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:318:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(addr_string, "[%s%%%d]", tmp_addr, addr -> ipv6.sin6_scope_id);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:450:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, hostname);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:463:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, mac_address);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:465:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( serial, copy );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:499:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (method, start);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:521:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, start + 1);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:538:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (host, start);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:566:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(port, start);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:581:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (args, start);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:837:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host, ip_address);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:870:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (host, ip_address);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:877:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (host, ip_address);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1882:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (resulting_host, host);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2267:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (uri, "%s://%s:%d/timeout=%d", protocol_defs->method_string, scanner_host,
data/sane-backends-1.0.31/backend/pixma/pixma_io_sanei.c:144:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(si->serial, "%s_%s", cfg->model, serial);
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:196:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf( buf+len, "Model : %s\n",
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:199:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf( buf+len, "Portmode : %s (%s I/O, %s)\n",
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:208:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf( buf+len, "CCD-Type : %s\n", procfsGetCCDType(ps));
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:209:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf( buf+len, "TPA : %s\n",
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:280:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)ent->name, name );
data/sane-backends-1.0.31/backend/plustek-usb.c:305:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp_str2, "%s-%s",
data/sane-backends-1.0.31/backend/plustek-usb.c:393:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( tmp, pcbStr );
data/sane-backends-1.0.31/backend/plustek-usb.c:490:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tmp->dev_name, dev_name );
data/sane-backends-1.0.31/backend/plustek-usb.c:597:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dn, tmp->dev_name );
data/sane-backends-1.0.31/backend/plustek-usb.c:611:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dn, tmp->dev_name );
data/sane-backends-1.0.31/backend/plustek-usb.c:772:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( devStr, "%s-%d", dev->usbId, dev->adj.mov );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:128:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( res, ptr );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:184:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( ptr, tmp );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:360:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( pfx, bd );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:388:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s-coarse.cal", dev->calFile );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:507:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( fn, "%s-coarse.cal", dev->calFile );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:515:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( set_tmp, "%s%u,%u,%u,%u,%u,%u,"
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:593:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( fn, "%s-fine.cal", dev->calFile );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:598:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s:%u", pfx, dpi );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:599:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pfx, tmp );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:679:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s-fine.cal", dev->calFile );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:713:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s:%u:%s:dim=", pfx, dpi, "dark" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:720:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s:%u:%s:dim=", pfx, dpi, "white" );
data/sane-backends-1.0.31/backend/plustek-usbio.c:206:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buf, b2 );
data/sane-backends-1.0.31/backend/plustek-usbio.c:233:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buf, b2 );
data/sane-backends-1.0.31/backend/plustek-usbshading.c:135:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( fn, "%scal%u.dat", cmt, i );
data/sane-backends-1.0.31/backend/plustek.c:1262:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dest, tmp );
data/sane-backends-1.0.31/backend/plustek.c:1938:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) value,
data/sane-backends-1.0.31/backend/plustek_pp.c:961:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dest, tmp );
data/sane-backends-1.0.31/backend/plustek_pp.c:1463:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) value,
data/sane-backends-1.0.31/backend/pnm.c:708:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (filename, value);
data/sane-backends-1.0.31/backend/pnm.c:935:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, filename);
data/sane-backends-1.0.31/backend/qcam.c:1738:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/ricoh.c:521:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (devnam, lp);
data/sane-backends-1.0.31/backend/ricoh.c:693:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/ricoh2.c:260:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev->val[OPT_MODE].s, SANE_VALUE_SCAN_MODE_COLOR);
data/sane-backends-1.0.31/backend/ricoh2.c:452:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device->val[option].s, default_mode);
data/sane-backends-1.0.31/backend/ricoh2.c:491:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (device->val[option].s, value);
data/sane-backends-1.0.31/backend/ricoh2.c:510:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, device->val[option].s);
data/sane-backends-1.0.31/backend/rts8891.c:894:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/rts8891.c:2805:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name, "button-%s", model->button_name[idx]);
data/sane-backends-1.0.31/backend/rts8891.c:2806:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (title, "%s", model->button_title[idx]);
data/sane-backends-1.0.31/backend/sceptre.c:1515:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/sharp.c:1743:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[match]);
data/sane-backends-1.0.31/backend/sharp.c:1751:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, string_list[match]);
data/sane-backends-1.0.31/backend/sharp.c:1753:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[match]);
data/sane-backends-1.0.31/backend/sharp.c:1755:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[0]);
data/sane-backends-1.0.31/backend/sharp.c:1790:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, string_list[default_index]);
data/sane-backends-1.0.31/backend/sharp.c:2796:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/sharp.c:2894:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/sharp.c:2911:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/sharp.c:2922:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/sharp.c:2956:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->val[option].s, val);
data/sane-backends-1.0.31/backend/sm3600-scanutil.c:80:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,szFormat,ap);
data/sane-backends-1.0.31/backend/sm3600-scanutil.c:104:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(this->szErrorReason,499,szFormat,ap);
data/sane-backends-1.0.31/backend/sm3600.c:586:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pVal,this->aoptVal[iOpt].s);
data/sane-backends-1.0.31/backend/sm3600.c:626:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->aoptVal[iOpt].s,pVal);
data/sane-backends-1.0.31/backend/sm3840.c:430:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->value[option].s);
data/sane-backends-1.0.31/backend/sm3840_lib.c:57:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, a);
data/sane-backends-1.0.31/backend/sm3840_scan.c:919:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%d.%s", dpi, gray ? "pgm" : "ppm");
data/sane-backends-1.0.31/backend/sm3840_scan.c:921:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fname, stname);
data/sane-backends-1.0.31/backend/snapscan-options.c:1111:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((SANE_String) v, pss->mode_s);
data/sane-backends-1.0.31/backend/snapscan-options.c:1119:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((SANE_String) v, pss->preview_mode_s);
data/sane-backends-1.0.31/backend/snapscan-options.c:1122:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (v, pss->source_s);
data/sane-backends-1.0.31/backend/snapscan-options.c:1148:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((SANE_String) v, pss->predef_window);
data/sane-backends-1.0.31/backend/snapscan-options.c:1183:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((SANE_String) v, pss->dither_matrix);
data/sane-backends-1.0.31/backend/snapscan-options.c:1204:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((SANE_String) v, pss->focus_mode_s);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:432:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str,tmpstr);
data/sane-backends-1.0.31/backend/snapscan-usb.c:267:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str,tmpstr);
data/sane-backends-1.0.31/backend/sp15c.c:488:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, lineStr);
data/sane-backends-1.0.31/backend/sp15c.c:491:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, halfStr);
data/sane-backends-1.0.31/backend/sp15c.c:494:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, gray4Str);
data/sane-backends-1.0.31/backend/sp15c.c:497:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, gray8Str);
data/sane-backends-1.0.31/backend/sp15c.c:500:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, colorStr);
data/sane-backends-1.0.31/backend/st400.c:222:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name, "%s/%s", home, basename);
data/sane-backends-1.0.31/backend/stv680.c:1218:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fmttxt, txt);
data/sane-backends-1.0.31/backend/stv680.c:1219:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fmttxt, fmtstring);
data/sane-backends-1.0.31/backend/stv680.c:1731:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/tamarack.c:1146:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/teco1.c:1694:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/teco2.c:2727:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/teco3.c:1708:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/test.c:376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_mode].s, init_mode);
data/sane-backends-1.0.31/backend/test.c:443:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_three_pass_order].s, init_three_pass_order);
data/sane-backends-1.0.31/backend/test.c:472:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_scan_source].s, init_scan_source);
data/sane-backends-1.0.31/backend/test.c:508:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_test_picture].s, init_test_picture);
data/sane-backends-1.0.31/backend/test.c:603:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_read_status_code].s, init_read_status_code);
data/sane-backends-1.0.31/backend/test.c:1137:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_string].s, init_string);
data/sane-backends-1.0.31/backend/test.c:1156:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_string_constraint_string_list].s,
data/sane-backends-1.0.31/backend/test.c:1177:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[opt_string_constraint_long_string_list].s,
data/sane-backends-1.0.31/backend/test.c:2142:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[option].s, (SANE_String) value);
data/sane-backends-1.0.31/backend/test.c:2171:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[option].s, (SANE_String) value);
data/sane-backends-1.0.31/backend/test.c:2211:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (test_device->val[option].s, (SANE_String) value);
data/sane-backends-1.0.31/backend/test.c:2397:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, test_device->val[option].s);
data/sane-backends-1.0.31/backend/u12.c:805:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dest, tmp );
data/sane-backends-1.0.31/backend/u12.c:1238:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) value,
data/sane-backends-1.0.31/backend/umax.c:6555:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, scanner->val[option].s);
data/sane-backends-1.0.31/backend/umax_pp.c:1411:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, dev->val[option].s);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9768:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (titre, "%s", name);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9794:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (titre, "%s", name);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9824:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (titre, "%s", name);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9860:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (titre, "%s", name);
data/sane-backends-1.0.31/backend/v4l.c:764:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, s->val[option].s);
data/sane-backends-1.0.31/backend/xerox_mfp.c:893:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val, dev->val[opt].s);
data/sane-backends-1.0.31/frontend/saned.c:331:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/sane-backends-1.0.31/frontend/saned.c:447:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, req.username);
data/sane-backends-1.0.31/frontend/saned.c:449:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (password, req.password);
data/sane-backends-1.0.31/frontend/scanimage.c:177:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s/.sane/pass", getenv ("HOME"));
data/sane-backends-1.0.31/frontend/scanimage.c:280:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (password, (wipe = getpass ("Enter password: ")));
data/sane-backends-1.0.31/frontend/scanimage.c:280:33: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
strcpy (password, (wipe = getpass ("Enter password: ")));
data/sane-backends-1.0.31/frontend/scanimage.c:2435:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_optstring, BASE_OPTSTRING);
data/sane-backends-1.0.31/frontend/scanimage.c:2436:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_optstring, larg);
data/sane-backends-1.0.31/frontend/scanimage.c:2437:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_optstring, targ);
data/sane-backends-1.0.31/frontend/scanimage.c:2438:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_optstring, xarg);
data/sane-backends-1.0.31/frontend/scanimage.c:2439:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_optstring, yarg);
data/sane-backends-1.0.31/frontend/scanimage.c:2644:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (path, format, n); /* love --(C++) */
data/sane-backends-1.0.31/frontend/scanimage.c:2645:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (part_path, path);
data/sane-backends-1.0.31/frontend/test.c:48:3: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf ("%s", username);
data/sane-backends-1.0.31/frontend/test.c:50:3: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf ("%s", password);
data/sane-backends-1.0.31/frontend/test.c:173:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (envbuf, "SANE_NET_HOST=%s", argv[2]);
data/sane-backends-1.0.31/frontend/tstbackend.c:104:102: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static int check(enum message_level, int condition, const char *format, ...) __attribute__ ((format (printf, 3, 4)));
data/sane-backends-1.0.31/frontend/tstbackend.c:117:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(str, format, args);
data/sane-backends-1.0.31/frontend/tstbackend.c:1088:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, optval);
data/sane-backends-1.0.31/frontend/tstbackend.c:1117:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "scan mode=[%s] ", get_option_value(device, SANE_NAME_SCAN_MODE));
data/sane-backends-1.0.31/frontend/tstbackend.c:1118:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "resolution=[%s] ", get_option_value(device, SANE_NAME_SCAN_RESOLUTION));
data/sane-backends-1.0.31/frontend/tstbackend.c:1120:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "tl_x=[%s] ", get_option_value(device, SANE_NAME_SCAN_TL_X));
data/sane-backends-1.0.31/frontend/tstbackend.c:1121:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "tl_y=[%s] ", get_option_value(device, SANE_NAME_SCAN_TL_Y));
data/sane-backends-1.0.31/frontend/tstbackend.c:1122:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "br_x=[%s] ", get_option_value(device, SANE_NAME_SCAN_BR_X));
data/sane-backends-1.0.31/frontend/tstbackend.c:1123:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "br_y=[%s] ", get_option_value(device, SANE_NAME_SCAN_BR_Y));
data/sane-backends-1.0.31/include/sane/sanei_debug.h:112:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)))
data/sane-backends-1.0.31/include/sane/sanei_debug.h:127:74: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void DBG_LOCAL (int level, const char *msg, ...) __attribute__ ((format (printf, 2, 3)));
data/sane-backends-1.0.31/lib/snprintf.c:612:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf (char *str,size_t count,const char *fmt,...)
data/sane-backends-1.0.31/lib/snprintf.c:614:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf (va_alist) va_dcl
data/sane-backends-1.0.31/lib/snprintf.c:974:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,src);
data/sane-backends-1.0.31/lib/snprintf.c:1006:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( convert, formatstr, value );
data/sane-backends-1.0.31/lib/snprintf.c:1081:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, 0, (t="test")); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1082:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t="errno '%m'")); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1083:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%s"), test1 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1084:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12s"), test1 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1085:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%-12s"), test1 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1086:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12.2s"), test1 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1087:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%-12.2s"), test1 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1088:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%g"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1089:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%g"), 1.2345 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1090:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12g"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1091:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12.1g"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1092:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12.2g"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1093:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12.3g"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1094:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%0*d"), 6, 1 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1096:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%llx"), 1, 2, 3, 4 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1097:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%llx"), (long long)1, (long long)2 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1098:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%qx"), 1, 2, 3, 4 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1099:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%qx"), (quad_t)1, (quad_t)2 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1101:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "0%x, 0%x"), (char *)(0x01234567), (char *)0, 0, 0, 0); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1102:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "0%x, 0%x"), (char *)(0x01234567), (char *)0x89ABCDEF, 0, 0, 0); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1103:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "0%x, 0%x"), t, 0, 0, 0, 0); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1104:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%f"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1105:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%f"), 1.2345 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1106:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12f"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1107:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%12.2f"), 1.25 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1108:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%f"), 1.0 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1109:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%.0f"), 1.0 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1110:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%0.0f"), 1.0 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1111:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%1.0f"), 1.0 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1112:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%1.5f"), 1.0 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/snprintf.c:1113:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = snprintf( buffer, sizeof(buffer), (t = "%5.5f"), 1.0 ); printf( "[%d] %s = '%s'\n", n, t, buffer );
data/sane-backends-1.0.31/lib/syslog.c:7:6: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
void syslog(int priority, const char *format, va_list args)
data/sane-backends-1.0.31/lib/syslog.c:10:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, args);
data/sane-backends-1.0.31/lib/vsyslog.c:11:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/sane-backends-1.0.31/sanei/sanei_access.c:136:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( fn, STRINGIFY(PATH_SANE_LOCK_DIR)"/LCK.." );
data/sane-backends-1.0.31/sanei/sanei_access.c:139:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( fn, devname );
data/sane-backends-1.0.31/sanei/sanei_auth.c:130:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmpstr, "%s%.128s",
data/sane-backends-1.0.31/sanei/sanei_auth.c:179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (passwd_filename, "%s.users", backend);
data/sane-backends-1.0.31/sanei/sanei_config.c:102:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result,DIR_SEP); /* do append the default ones */
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:279:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[match]);
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:289:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (value, string_list[match]);
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:147:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (msg, "[%s] %s", be, fmt);
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:162:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1079:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (com->open_path, dev);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1948:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("cat /proc/scsi/sg/debug 1>&2");)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2262:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system ("cat /proc/scsi/sg/debug 1>&2");)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2655:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (name, name_len, DEVFS_MSK, host, channel, id, lun);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3521:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (devname, "/dev/%s%d", result->periph_name,
data/sane-backends-1.0.31/sanei/sanei_usb.c:1639:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (devname, "%s%s", dir_name, dir_entry->d_name);
data/sane-backends-1.0.31/tools/sane-desc.c:307:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/sane-backends-1.0.31/tools/sane-desc.c:842:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file_name, "%s/%s", search_dir, dir_entry->d_name);
data/sane-backends-1.0.31/tools/sane-desc.c:3083:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (usbid->name->name, "%s %s", manufacturer, model);
data/sane-backends-1.0.31/tools/sane-desc.c:3102:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (scsiid->name->name, "%s %s", manufacturer, model);
data/sane-backends-1.0.31/tools/sane-desc.c:3132:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (man_mod->next->name, "%s %s", manufacturer, model);
data/sane-backends-1.0.31/tools/sane-desc.c:3185:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (man_mod->next->name, "%s %s", manufacturer, model);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:146:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf (line, " %*d %s\n", driver) > 0 && !strcmp (driver, "sg"))
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (file_name, "%s%s", dir_name, dir_entry->d_name);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3583:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("HOME") == NULL)
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3589:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen (getenv ("HOME")) < (PATH_MAX - 1))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3590:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcat (path, getenv ("HOME"));
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3701:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("HOME") == NULL)
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3707:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen (getenv ("HOME")) < (PATH_MAX - 1))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3708:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcat (path, getenv ("HOME"));
data/sane-backends-1.0.31/backend/as6e.c:803:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv ("PATH");
data/sane-backends-1.0.31/backend/canon_pp.c:1831:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((myhome = getenv("HOME")) == NULL)
data/sane-backends-1.0.31/backend/dll.c:445:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
mode = getenv ("LD_BIND_NOW") ? RTLD_NOW : RTLD_LAZY;
data/sane-backends-1.0.31/backend/dll.c:465:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv ("LD_LIBRARY_PATH");
data/sane-backends-1.0.31/backend/dll.c:467:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv ("SHLIB_PATH"); /* for HP-UX */
data/sane-backends-1.0.31/backend/dll.c:469:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv ("LIBPATH"); /* for AIX */
data/sane-backends-1.0.31/backend/epson.c:5895:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *force = getenv ("SANE_EPSON_CMD_LVL");
data/sane-backends-1.0.31/backend/genesys/error.cpp:227:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
auto* setting = std::getenv("SANE_DEBUG_GENESYS_IMAGE");
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4507:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* ptr = std::getenv("HOME");
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4509:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = std::getenv("USERPROFILE");
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4512:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = std::getenv("TMPDIR");
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4515:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = std::getenv("TMP");
data/sane-backends-1.0.31/backend/gphoto2.c:677:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GP_DEBUG"))
data/sane-backends-1.0.31/backend/gphoto2.c:679:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gp_log_add_func (atoi (getenv ("GP_DEBUG")), debug_func, NULL);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2485:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr=getenv("HOME");
data/sane-backends-1.0.31/backend/gt68xx_high.c:2492:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr=getenv("TMPDIR");
data/sane-backends-1.0.31/backend/hp-option.c:210:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eptr = getenv ("SANE_HP_CHK_TABLE");
data/sane-backends-1.0.31/backend/hp-option.c:2159:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv (SANE_HOME_HP);
data/sane-backends-1.0.31/backend/hp-scl.c:201:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eptr = getenv ("SANE_HP_KEEPOPEN_SCSI");
data/sane-backends-1.0.31/backend/hp-scl.c:205:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eptr = getenv ("SANE_HP_KEEPOPEN_USB");
data/sane-backends-1.0.31/backend/hp-scl.c:209:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eptr = getenv ("SANE_HP_KEEPOPEN_DEVICE");
data/sane-backends-1.0.31/backend/hp-scl.c:213:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eptr = getenv ("SANE_HP_KEEPOPEN_PIO");
data/sane-backends-1.0.31/backend/hp-scl.c:352:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
{char *eptr = getenv ("SANE_HP_RDREDO");
data/sane-backends-1.0.31/backend/hp3500.c:3830:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("HP3500_NOWARMUP") && atoi (getenv ("HP3500_NOWARMUP")) > 0)
data/sane-backends-1.0.31/backend/hp3500.c:3830:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("HP3500_NOWARMUP") && atoi (getenv ("HP3500_NOWARMUP")) > 0)
data/sane-backends-1.0.31/backend/hp3500.c:3841:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("HP3500_SLEEP"))
data/sane-backends-1.0.31/backend/hp3500.c:3843:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int seconds = atoi (getenv ("HP3500_SLEEP"));
data/sane-backends-1.0.31/backend/hp3900_debug.c:552:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *path = getenv ("HOME");
data/sane-backends-1.0.31/backend/net.c:1061:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv ("SANE_NET_HOSTS");
data/sane-backends-1.0.31/backend/net.c:1111:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv ("SANE_NET_TIMEOUT");
data/sane-backends-1.0.31/backend/p5_device.c:1271:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = getenv ("HOME");
data/sane-backends-1.0.31/backend/p5_device.c:1278:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = getenv ("TMPDIR");
data/sane-backends-1.0.31/backend/pixma/pixma.c:217:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *str = getenv (name);
data/sane-backends-1.0.31/backend/plustek-usb.c:312:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = getenv ("HOME");
data/sane-backends-1.0.31/backend/rts8891.c:6389:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("RED_CODE") != NULL)
data/sane-backends-1.0.31/backend/rts8891.c:6391:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
red_code = atoi (getenv ("RED_CODE"));
data/sane-backends-1.0.31/backend/rts8891.c:6393:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GREEN_CODE") != NULL)
data/sane-backends-1.0.31/backend/rts8891.c:6395:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blue_code = atoi (getenv ("GREEN_CODE"));
data/sane-backends-1.0.31/backend/rts8891.c:6397:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("BLUE_CODE") != NULL)
data/sane-backends-1.0.31/backend/rts8891.c:6399:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
green_code = atoi (getenv ("BLUE_CODE"));
data/sane-backends-1.0.31/backend/st400.c:215:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv ("HOME");
data/sane-backends-1.0.31/backend/teco2.c:1177:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((calibration_algo = getenv ("SANE_TECO2_CAL_ALGO")) != NULL)
data/sane-backends-1.0.31/backend/test.c:1755:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (NULL));
data/sane-backends-1.0.31/backend/umax_pp_low.c:9903:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("AREA")!=NULL)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9904:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cnst=atol(getenv("AREA"));
data/sane-backends-1.0.31/backend/umax_pp_low.c:9905:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("COEFF")!=NULL)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9906:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cnst=atol(getenv("COEFF"));
data/sane-backends-1.0.31/backend/umax_pp_low.c:9907:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("CNST")!=NULL)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9908:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cnst=atol(getenv("CNST"));
data/sane-backends-1.0.31/frontend/saned.c:3438:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long(argc, argv,"ha::lu:Dod:eb:", long_options, &long_index )) != -1)
data/sane-backends-1.0.31/frontend/scanimage.c:173:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("HOME") != NULL)
data/sane-backends-1.0.31/frontend/scanimage.c:175:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen (getenv ("HOME")) < 500)
data/sane-backends-1.0.31/frontend/scanimage.c:177:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sprintf (tmp, "%s/.sane/pass", getenv ("HOME"));
data/sane-backends-1.0.31/frontend/scanimage.c:2037:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
defdevname = getenv ("SANE_DEFAULT_DEVICE");
data/sane-backends-1.0.31/frontend/scanimage.c:2044:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long (argc, argv, "-" BASE_OPTSTRING, basic_options,
data/sane-backends-1.0.31/frontend/scanimage.c:2446:20: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long (argc, argv, full_optstring, all_options,
data/sane-backends-1.0.31/frontend/tstbackend.c:1350:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/sane-backends-1.0.31/frontend/tstbackend.c:1713:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long (argc, argv, "-v:d:l:r:g:h:s", basic_options,
data/sane-backends-1.0.31/frontend/tstbackend.c:1821:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
devname = getenv ("SANE_DEFAULT_DEVICE");
data/sane-backends-1.0.31/include/lgetopt.h:151:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt (int ___argc, char *const *___argv, const char *__shortopts);
data/sane-backends-1.0.31/include/lgetopt.h:153:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/sane-backends-1.0.31/include/lgetopt.h:157:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int ___argc, char *const *___argv,
data/sane-backends-1.0.31/include/lgetopt.h:171:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/sane-backends-1.0.31/include/lgetopt.h:173:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long ();
data/sane-backends-1.0.31/lib/getenv.c:6:1: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv(const char *name)
data/sane-backends-1.0.31/lib/getopt.c:222:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#ifndef getenv
data/sane-backends-1.0.31/lib/getopt.c:223:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv ();
data/sane-backends-1.0.31/lib/getopt.c:408:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = getenv ("POSIXLY_CORRECT");
data/sane-backends-1.0.31/lib/getopt.c:1198:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (argc, argv, optstring)
data/sane-backends-1.0.31/lib/getopt.c:1228:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "abc:d:0123456789");
data/sane-backends-1.0.31/lib/getopt1.c:73:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long (argc, argv, options, long_options, opt_index)
data/sane-backends-1.0.31/lib/getopt1.c:100:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
libc_hidden_def (getopt_long)
data/sane-backends-1.0.31/lib/getopt1.c:133:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "abc:d:0123456789",
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:184:7: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
tmpnam(com->open_path);
data/sane-backends-1.0.31/sanei/sanei_auth.c:73:6: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL)); \
data/sane-backends-1.0.31/sanei/sanei_config.c:92:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dlist = getenv ("SANE_CONFIG_DIR");
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:102:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
val = getenv (buf);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:820:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cc = getenv ("SANE_SG_BUFFERSIZE");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:884:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cc = getenv ("SANE_SCSICMD_TIMEOUT");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:921:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cc = getenv ("SANE_SG_BUFFERSIZE");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1009:19: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
CommonAreaPath = tmpnam (NULL);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1519:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cc = getenv ("SANE_SG_BUFFERSIZE");
data/sane-backends-1.0.31/sanei/sanei_usb.c:2983:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv ("SANE_USB_WORKAROUND");
data/sane-backends-1.0.31/sanei/sanei_usb.c:3076:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv ("SANE_USB_WORKAROUND");
data/sane-backends-1.0.31/tools/mustek600iin-off.c:126:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (cp = getenv ("MUSTEK_CONF")))
data/sane-backends-1.0.31/tools/sane-desc.c:364:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long (argc, argv, "s:m:t:i:d:hV", desc_options,
data/sane-backends-1.0.31/backend/abaton.c:410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[INQ_LEN];
data/sane-backends-1.0.31/backend/abaton.c:851:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/agfafocus.c:1279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/apple.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[INQ_LEN];
data/sane-backends-1.0.31/backend/apple.c:497:1: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result + 8, "APPLE ");
data/sane-backends-1.0.31/backend/apple.c:500:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result + 16, "SCANNER A9M0337 ");
data/sane-backends-1.0.31/backend/apple.c:502:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result + 16, "SCANNER II ");
data/sane-backends-1.0.31/backend/apple.c:504:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result + 16, "SCANNER III ");
data/sane-backends-1.0.31/backend/apple.c:1867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/apple.c:2133:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/apple.c:2231:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/artec.c:276:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char artec_vendor[9] = "";
data/sane-backends-1.0.31/backend/artec.c:277:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char artec_model[17] = "";
data/sane-backends-1.0.31/backend/artec.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_str[1024];
data/sane-backends-1.0.31/backend/artec.c:337:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
word_list[comma_count] = atol (start);
data/sane-backends-1.0.31/backend/artec.c:344:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
word_list[comma_count] = atol (start);
data/sane-backends-1.0.31/backend/artec.c:788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp_buf, data, len);
data/sane-backends-1.0.31/backend/artec.c:840:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp_buf, data, len * 3);
data/sane-backends-1.0.31/backend/artec.c:863:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp_buf, data, len * 3);
data/sane-backends-1.0.31/backend/artec.c:950:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp_line_buf, line_buffer[0], width);
data/sane-backends-1.0.31/backend/artec.c:953:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp_line_buf + width, &line_buffer[line_offset][width],
data/sane-backends-1.0.31/backend/artec.c:959:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp_line_buf, line_buffer[0], *len);
data/sane-backends-1.0.31/backend/artec.c:983:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (line_buffer[r_buf_lines - 1], data, *len);
data/sane-backends-1.0.31/backend/artec.c:992:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, tmp_line_buf, width * 2);
data/sane-backends-1.0.31/backend/artec.c:1019:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, tmp_line_buf, *len);
data/sane-backends-1.0.31/backend/artec.c:1058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_6[4096 + 20]; /* max gamma table is 4096 + 20 for command data */
data/sane-backends-1.0.31/backend/artec.c:1060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prt_buf[128];
data/sane-backends-1.0.31/backend/artec.c:1061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[128];
data/sane-backends-1.0.31/backend/artec.c:1111:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (prt_buf, "%02x: ", i);
data/sane-backends-1.0.31/backend/artec.c:1113:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp_buf, "%02x ", (int) s->gamma_table[0][i]);
data/sane-backends-1.0.31/backend/artec.c:1142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_6[4096 + 20]; /* max gamma table is 4096 + 20 for command data */
data/sane-backends-1.0.31/backend/artec.c:1144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prt_buf[128];
data/sane-backends-1.0.31/backend/artec.c:1145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[128];
data/sane-backends-1.0.31/backend/artec.c:1210:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (prt_buf, "%02x: ", i);
data/sane-backends-1.0.31/backend/artec.c:1212:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp_buf, "%02x ", (int) s->gamma_table[0][i]);
data/sane-backends-1.0.31/backend/artec.c:1244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_6[4096];
data/sane-backends-1.0.31/backend/artec.c:1471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_7[7];
data/sane-backends-1.0.31/backend/artec.c:1792:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80]; /* for printing debugging info */
data/sane-backends-1.0.31/backend/artec.c:1812:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", cap_buf[29]);
data/sane-backends-1.0.31/backend/artec.c:1814:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", cap_buf[30]);
data/sane-backends-1.0.31/backend/artec.c:1816:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[31] << 8) | cap_buf[32]);
data/sane-backends-1.0.31/backend/artec.c:1818:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", cap_buf[33]);
data/sane-backends-1.0.31/backend/artec.c:1820:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[34] << 8) | cap_buf[35]);
data/sane-backends-1.0.31/backend/artec.c:1822:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[36] << 8) | cap_buf[37]);
data/sane-backends-1.0.31/backend/artec.c:1824:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[38] << 8) | cap_buf[39]);
data/sane-backends-1.0.31/backend/artec.c:1826:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[40] << 8) | cap_buf[41]);
data/sane-backends-1.0.31/backend/artec.c:1828:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[42] << 8) | cap_buf[43]);
data/sane-backends-1.0.31/backend/artec.c:1830:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[44] << 8) | cap_buf[45]);
data/sane-backends-1.0.31/backend/artec.c:1838:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", cap_buf[49]);
data/sane-backends-1.0.31/backend/artec.c:1851:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[55] << 8) | cap_buf[56]);
data/sane-backends-1.0.31/backend/artec.c:1853:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (info, "%d ", (cap_buf[57] << 8) | cap_buf[58]);
data/sane-backends-1.0.31/backend/artec.c:1901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prt_buf[129] = "";
data/sane-backends-1.0.31/backend/artec.c:1902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[129];
data/sane-backends-1.0.31/backend/artec.c:1911:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (prt_buf, "0x%02x: ", i);
data/sane-backends-1.0.31/backend/artec.c:1914:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp_buf, "%02x ", (int) result[i + j]);
data/sane-backends-1.0.31/backend/artec.c:1917:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( prt_buf, " ");
data/sane-backends-1.0.31/backend/artec.c:1920:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp_buf, "%c",
data/sane-backends-1.0.31/backend/artec.c:1934:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[INQ_LEN];
data/sane-backends-1.0.31/backend/artec.c:1935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product_revision[5];
data/sane-backends-1.0.31/backend/artec.c:1936:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_result[33];
data/sane-backends-1.0.31/backend/artec.c:2002:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result + 8, "ULTIMA", 6);
data/sane-backends-1.0.31/backend/artec.c:2003:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result + 16, "AT3 ", 16);
data/sane-backends-1.0.31/backend/artec.c:2016:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result + 8, "ULTIMA", 6);
data/sane-backends-1.0.31/backend/artec.c:2017:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result + 16, "AM12S ", 16);
data/sane-backends-1.0.31/backend/artec.c:2034:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (temp_result, " ");
data/sane-backends-1.0.31/backend/artec.c:2046:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (temp_result, " ");
data/sane-backends-1.0.31/backend/artec.c:2099:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, result + 16, 16);
data/sane-backends-1.0.31/backend/artec.c:2135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, result + 8, 8);
data/sane-backends-1.0.31/backend/artec.c:2578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX], *cp;
data/sane-backends-1.0.31/backend/artec.c:2923:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/artec.c:3075:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/artec.c:3312:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug_fd = open ("artec.data.raw",
data/sane-backends-1.0.31/backend/artec.c:3583:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (line_buf,
data/sane-backends-1.0.31/backend/artec.c:3609:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + bytes_read, line_buf,
data/sane-backends-1.0.31/backend/artec.c:3646:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + bytes_read, temp_buf, nread);
data/sane-backends-1.0.31/backend/artec.c:3707:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, temp_buf, bytes_to_copy);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:128:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char devName[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char firmwarePath[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vendor_string[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:131:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char model_string[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:220:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (chip->firmware_path, "rb");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:1073:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (download_buf, data + addr, bytes_left);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:1703:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fixed_cmd + i * 8, cmd, 8);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:1854:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, dev->read_buffer + dev->read_pos, transfer_size);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:2201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&reader->params, params, sizeof (Artec48U_Scan_Parameters));
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3595:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "/.artec_eplus48u/");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3602:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48ushading_black");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3607:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "rb");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3624:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48ushading_white");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3628:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "rb");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3644:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48uoffset");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3648:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "rb");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3666:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48uexposure");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3670:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "rb");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3694:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3713:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "/.artec_eplus48u/");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3720:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48ushading_black");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3724:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "w");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3747:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48ushading_white");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3751:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "w");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3769:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48uoffset");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3773:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "w");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3793:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (filename, "artec48uexposure");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3797:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "w");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[PATH_MAX] = _DEFAULT_DEVICE;
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[PATH_MAX];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4453:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vendor_string, "Artec");
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4454:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (model_string, "E+ 48U");
data/sane-backends-1.0.31/backend/as6e.c:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpipe_desc[32], outpipe_desc[32], datapipe_desc[32];
data/sane-backends-1.0.31/backend/as6e.c:572:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (inpipe_desc, "%d", ctlinpipe[WRITEPIPE]);
data/sane-backends-1.0.31/backend/as6e.c:573:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (outpipe_desc, "%d", ctloutpipe[READPIPE]);
data/sane-backends-1.0.31/backend/as6e.c:574:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (datapipe_desc, "%d", datapipe[WRITEPIPE]);
data/sane-backends-1.0.31/backend/as6e.c:624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/as6e.c:800:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[NAMESIZE];
data/sane-backends-1.0.31/backend/as6e.c:821:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[NAMESIZE];
data/sane-backends-1.0.31/backend/avision.c:1721:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text [16*3+1];
data/sane-backends-1.0.31/backend/avision.c:1728:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
t += sprintf (t, "%02x ", *data++);
data/sane-backends-1.0.31/backend/avision.c:2034:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[64];
data/sane-backends-1.0.31/backend/avision.c:2095:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (textbuf, "got unknown sense code 0x%02x", (int)sense_key);
data/sane-backends-1.0.31/backend/avision.c:2185:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (textbuf, "Unknown sense code asc: 0x%02x, ascq: 0x%02x",
data/sane-backends-1.0.31/backend/avision.c:2394:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (enlarged_cmd, m_cmd, cmd_size);
data/sane-backends-1.0.31/backend/avision.c:3729:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer [16];
data/sane-backends-1.0.31/backend/avision.c:4132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg [9];
data/sane-backends-1.0.31/backend/avision.c:4133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model [17];
data/sane-backends-1.0.31/backend/avision.c:4134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rev [5];
data/sane-backends-1.0.31/backend/avision.c:4173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mfg, result + 8, 8);
data/sane-backends-1.0.31/backend/avision.c:4175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&model, result + 16, 16);
data/sane-backends-1.0.31/backend/avision.c:4177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&rev, result + 32, 4);
data/sane-backends-1.0.31/backend/avision.c:5545:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("calibration-white.pnm", "w");
data/sane-backends-1.0.31/backend/avision.c:6428:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("background-raw.pnm", "w");
data/sane-backends-1.0.31/backend/avision.c:6457:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (background + (bytes_per_line * l), tmp_data, bytes_per_line);
data/sane-backends-1.0.31/backend/avision.c:6484:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_raster, src_raster, bytes_per_line);
data/sane-backends-1.0.31/backend/avision.c:6497:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("background.pnm", "w");
data/sane-backends-1.0.31/backend/avision.c:6500:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("background-rear.pnm", "w");
data/sane-backends-1.0.31/backend/avision.c:6580:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("background-final.pnm", "w");
data/sane-backends-1.0.31/backend/avision.c:6583:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("background-final-rear.pnm", "w");
data/sane-backends-1.0.31/backend/avision.c:7357:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (s->duplex_offtmp_fname, "w+");
data/sane-backends-1.0.31/backend/avision.c:7407:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rear_fp = fopen (s->duplex_rear_fname, "w");
data/sane-backends-1.0.31/backend/avision.c:7415:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rear_fp = fopen (s->duplex_rear_fname, "r");
data/sane-backends-1.0.31/backend/avision.c:7480:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
raw_fp = fopen ("/tmp/sane-avision.raw", "w");
data/sane-backends-1.0.31/backend/avision.c:7671:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_data, stripe_data, useful_bytes);
data/sane-backends-1.0.31/backend/avision.c:7714:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_data, stripe_data, useful_bytes);
data/sane-backends-1.0.31/backend/avision.c:7987:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ip_history,
data/sane-backends-1.0.31/backend/avision.c:7996:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stripe_data, stripe_data + useful_bytes, stripe_fill);
data/sane-backends-1.0.31/backend/avision.c:8149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/avision.c:8541:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if (! mkstemp(s->duplex_rear_fname) ) {
data/sane-backends-1.0.31/backend/avision.c:8745:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/avision.c:8805:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/avision.h:506:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char duplex_rear_fname [PATH_MAX];
data/sane-backends-1.0.31/backend/avision.h:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char duplex_offtmp_fname [PATH_MAX];
data/sane-backends-1.0.31/backend/avision.h:649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial [24];
data/sane-backends-1.0.31/backend/avision.h:659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identify_info[16];
data/sane-backends-1.0.31/backend/avision.h:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formal_name[16];
data/sane-backends-1.0.31/backend/bh.c:168:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/sane-backends-1.0.31/backend/bh.c:174:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "front page");
data/sane-backends-1.0.31/backend/bh.c:178:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "back page");
data/sane-backends-1.0.31/backend/bh.c:184:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "front section %d", n);
data/sane-backends-1.0.31/backend/bh.c:190:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "back section %d", n);
data/sane-backends-1.0.31/backend/bh.c:194:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "front page barcode");
data/sane-backends-1.0.31/backend/bh.c:198:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "back page barcode");
data/sane-backends-1.0.31/backend/bh.c:204:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "front barcode section %d", n);
data/sane-backends-1.0.31/backend/bh.c:210:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "back barcode section %d", n);
data/sane-backends-1.0.31/backend/bh.c:214:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "front page patchcode");
data/sane-backends-1.0.31/backend/bh.c:218:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "back page patchcode");
data/sane-backends-1.0.31/backend/bh.c:224:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "front patchcode section %d", n);
data/sane-backends-1.0.31/backend/bh.c:230:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "back patchcode section %d", n);
data/sane-backends-1.0.31/backend/bh.c:234:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "front page icon");
data/sane-backends-1.0.31/backend/bh.c:238:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "back page icon");
data/sane-backends-1.0.31/backend/bh.c:242:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "transmit bar/patch codes");
data/sane-backends-1.0.31/backend/bh.c:246:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "unknown");
data/sane-backends-1.0.31/backend/bh.c:1374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255+1], *x, *y, *w, *l, *f, *ep;
data/sane-backends-1.0.31/backend/bh.c:1503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255+1], *section;
data/sane-backends-1.0.31/backend/bh.c:1866:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(s->barfname);
data/sane-backends-1.0.31/backend/bh.c:1889:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((s->barf = fopen(s->barfname, "r")) == NULL)
data/sane-backends-1.0.31/backend/bh.c:2003:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(print_sense + strlen(print_sense), "%02x ", result[i]);
data/sane-backends-1.0.31/backend/bh.c:2870:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf.vendor, "**FAKE**", 8);
data/sane-backends-1.0.31/backend/bh.c:2871:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf.product, "COPISCAN II 6338", 16);
data/sane-backends-1.0.31/backend/bh.c:2872:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf.revision, "0016", 4);
data/sane-backends-1.0.31/backend/bh.c:2967:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dev->info.vendor, "%.8s", ibuf.vendor);
data/sane-backends-1.0.31/backend/bh.c:2969:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dev->info.product, "%.16s", ibuf.product);
data/sane-backends-1.0.31/backend/bh.c:2971:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dev->info.revision, "%.4s", ibuf.revision);
data/sane-backends-1.0.31/backend/bh.c:3147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnam[PATH_MAX] = "/dev/scanner";
data/sane-backends-1.0.31/backend/bh.c:3164:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/bh.h:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char barfname[PATH_MAX+1];
data/sane-backends-1.0.31/backend/canon-sane.c:4:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnam[PATH_MAX] = "/dev/scanner";
data/sane-backends-1.0.31/backend/canon-sane.c:63:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/canon-sane.c:427:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/canon-sane.c:1006:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/canon-sane.c:1128:16: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if (!mkstemp(thistmpfile))
data/sane-backends-1.0.31/backend/canon-sane.c:1140:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s->tmpfile = open(thistmpfile, O_RDWR | O_CREAT | O_EXCL, 0600);
data/sane-backends-1.0.31/backend/canon-sane.c:1847:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &(s->outbuffer[s->buf_pos]), ncopy);
data/sane-backends-1.0.31/backend/canon-sane.c:1900:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &(s->outbuffer[s->buf_pos]), ncopy);
data/sane-backends-1.0.31/backend/canon-sane.c:1945:62: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
DBG (5, "temp file position:%u\n", (unsigned int) lseek(s->tmpfile,
data/sane-backends-1.0.31/backend/canon-sane.c:1992:25: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
wres = write (s->tmpfile, &s->inbuffer[nwritten], remain);
data/sane-backends-1.0.31/backend/canon-sane.c:2014:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
lseek (s->tmpfile, 0L, SEEK_SET);
data/sane-backends-1.0.31/backend/canon-sane.c:2043:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
readres = read (s->tmpfile, &(firstimage[pos]), nremain);
data/sane-backends-1.0.31/backend/canon-sane.c:2136:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &(s->outbuffer[s->buf_pos]), ncopy * 2);
data/sane-backends-1.0.31/backend/canon-sane.c:2182:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (s->tmpfile != -1)
data/sane-backends-1.0.31/backend/canon-sane.c:2184:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
close (s->tmpfile);
data/sane-backends-1.0.31/backend/canon-scsi.c:380:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pdata + 4, data, (page == TRANSPARENCY_UNIT) ? 8
data/sane-backends-1.0.31/backend/canon.c:231:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbuf[12 + 5];
data/sane-backends-1.0.31/backend/canon.c:279:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abuf[0x0C];
data/sane-backends-1.0.31/backend/canon.h:310:7: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
int tmpfile; /* modification for FB1200S */
data/sane-backends-1.0.31/backend/canon630u-common.c:582:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (s->fname, "w");
data/sane-backends-1.0.31/backend/canon630u-common.c:634:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->ptr, buf, numbytes);
data/sane-backends-1.0.31/backend/canon630u-common.c:942:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp (s->fname);
data/sane-backends-1.0.31/backend/canon630u-common.c:998:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (calfilename, "r");
data/sane-backends-1.0.31/backend/canon630u-common.c:1069:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (oldline, newline, width);
data/sane-backends-1.0.31/backend/canon630u-common.c:1112:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (CAL_FILE_OGN, "w");
data/sane-backends-1.0.31/backend/canon630u-common.c:1180:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (CAL_FILE_OGN, "r");
data/sane-backends-1.0.31/backend/canon630u-common.c:1201:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (CAL_FILE_OGN, "r");
data/sane-backends-1.0.31/backend/canon630u-common.c:1586:8: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if (!mkstemp (scanner->fname))
data/sane-backends-1.0.31/backend/canon630u-common.c:1610:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scanner->fp = fopen (scanner->fname, "r");
data/sane-backends-1.0.31/backend/canon630u.c:716:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/canon_dr.c:445:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char global_vendor_name[9];
data/sane-backends-1.0.31/backend/canon_dr.c:446:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char global_model_name[17];
data/sane-backends-1.0.31/backend/canon_dr.c:447:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char global_version_name[5];
data/sane-backends-1.0.31/backend/canon_dr.c:524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/canon_dr.c:574:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/canon_dr.c:600:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/canon_dr.c:626:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/canon_dr.c:652:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/canon_dr.c:1011:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[INQUIRY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:1014:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[INQUIRY_std_len];
data/sane-backends-1.0.31/backend/canon_dr.c:1093:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[INQUIRY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:1096:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[INQUIRY_vpd_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3305:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3308:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3352:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE2_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3355:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM2_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3399:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3402:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3448:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE2_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3451:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM2_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3521:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE2_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3524:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM2_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3579:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3582:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3664:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_SCAN_MODE2_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3667:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSM2_PAY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3760:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3763:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[R_SENSORS_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3815:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3818:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[R_PANEL_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3876:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3879:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[S_PANEL_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3923:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/canon_dr.c:3926:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[R_PSIZE_len];
data/sane-backends-1.0.31/backend/canon_dr.c:4122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->s,&s->u,sizeof(struct img_params));
data/sane-backends-1.0.31/backend/canon_dr.c:4221:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->i,&s->s,sizeof(struct img_params));
data/sane-backends-1.0.31/backend/canon_dr.c:4224:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->i,&s->u,sizeof(struct img_params));
data/sane-backends-1.0.31/backend/canon_dr.c:4689:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_WINDOW_len];
data/sane-backends-1.0.31/backend/canon_dr.c:4692:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SW_header_len + SW_desc_len];
data/sane-backends-1.0.31/backend/canon_dr.c:4818:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[OBJECT_POSITION_len];
data/sane-backends-1.0.31/backend/canon_dr.c:4865:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SCAN_len];
data/sane-backends-1.0.31/backend/canon_dr.c:5002:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/canon_dr.c:5174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/canon_dr.c:5309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->i.bytes_sent[side], buf, len);
data/sane-backends-1.0.31/backend/canon_dr.c:5461:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line+line_next,buf+i,bwidth);
data/sane-backends-1.0.31/backend/canon_dr.c:5575:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(front+flen,buf+i,bwidth);
data/sane-backends-1.0.31/backend/canon_dr.c:5580:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(back+blen,buf+i+bwidth,bwidth);
data/sane-backends-1.0.31/backend/canon_dr.c:5614:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstptr, srcptr, stride);
data/sane-backends-1.0.31/backend/canon_dr.c:5641:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->i.bytes_sent[side], buff, sbwidth);
data/sane-backends-1.0.31/backend/canon_dr.c:5696:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, buff, sbwidth);
data/sane-backends-1.0.31/backend/canon_dr.c:5746:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->i.bytes_sent[side], line+(offset*3), ibwidth);
data/sane-backends-1.0.31/backend/canon_dr.c:5811:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,s->buffers[side]+s->u.bytes_sent[side],bytes);
data/sane-backends-1.0.31/backend/canon_dr.c:5871:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[4];
data/sane-backends-1.0.31/backend/canon_dr.c:6130:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/canon_dr.c:6519:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[COR_CAL_len];
data/sane-backends-1.0.31/backend/canon_dr.c:6523:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[CC3_pay_len];
data/sane-backends-1.0.31/backend/canon_dr.c:6739:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[CANCEL_len];
data/sane-backends-1.0.31/backend/canon_dr.c:7251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmdBuffer+cmdOffset,cmdBuff,cmdLen);
data/sane-backends-1.0.31/backend/canon_dr.c:7311:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuffer+outOffset,outBuff,outLen);
data/sane-backends-1.0.31/backend/canon_dr.c:7427:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inBuff,inBuffer+inOffset,*inLen);
data/sane-backends-1.0.31/backend/canon_dr.c:7531:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rs_cmd[REQUEST_SENSE_len];
data/sane-backends-1.0.31/backend/canon_dr.c:7534:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rs_in[RS_return_size];
data/sane-backends-1.0.31/backend/canon_dr.c:7576:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[TEST_UNIT_READY_len];
data/sane-backends-1.0.31/backend/canon_dr.c:7742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[70]; /* 'xxx: xx xx ... xx xx abc */
data/sane-backends-1.0.31/backend/canon_dr.c:7768:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, "%3.3x:", i);
data/sane-backends-1.0.31/backend/canon_dr.c:7772:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hex, " %2.2x", *p);
data/sane-backends-1.0.31/backend/canon_dr.h:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[1024]; /* The name of the device from sanei */
data/sane-backends-1.0.31/backend/canon_dr.h:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_name[9]; /* raw data as returned by SCSI inquiry. */
data/sane-backends-1.0.31/backend/canon_dr.h:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[17]; /* raw data as returned by SCSI inquiry. */
data/sane-backends-1.0.31/backend/canon_dr.h:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_name[5]; /* raw data as returned by SCSI inquiry. */
data/sane-backends-1.0.31/backend/canon_dr.h:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_name[28]; /* 16 char model, ':', 10 byte serial, null */
data/sane-backends-1.0.31/backend/canon_dr.h:304:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lut[256];
data/sane-backends-1.0.31/backend/canon_dr.h:336:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * f_offset[2];
data/sane-backends-1.0.31/backend/canon_dr.h:337:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * f_gain[2];
data/sane-backends-1.0.31/backend/canon_dr.h:349:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * buffers[2];
data/sane-backends-1.0.31/backend/canon_dr.h:371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char panel_read[OPT_COUNTER - OPT_START + 1];
data/sane-backends-1.0.31/backend/canon_dr.h:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensors_read[OPT_CARD_LOADED - OPT_ADF_LOADED + 1];
data/sane-backends-1.0.31/backend/canon_lide70-common.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd_buffer + 4, data, size);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:783:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:786:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:789:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:792:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000050,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:795:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000060,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:798:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000070,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:801:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000080,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:804:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000090,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:807:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000a0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:810:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000b0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:813:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000c0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:816:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000d0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:819:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000e0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000f0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:825:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000100, "\xb6\x08\xa0\x08", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:840:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:846:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:849:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:852:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:855:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000050,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:858:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000060,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:861:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000070,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:864:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000080,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:867:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000090,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:870:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000a0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000b0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:876:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000c0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:879:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000d0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:882:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000e0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:885:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000f0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:888:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000100, "\xb6\x08\xa0\x08", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:903:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:906:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:909:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x80\x25\x80\x25", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:924:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:927:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:930:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:933:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:936:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:939:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000050,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:942:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000060,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:945:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000070,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:948:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000080,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:951:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000090,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:954:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000a0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:957:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000b0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:960:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000c0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:963:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000d0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000e0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:969:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000f0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:972:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000100, "\xb6\x08\xa0\x08", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:987:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:990:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:993:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x80\x25\x80\x25", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000050,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000060,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000070,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000080,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000090,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000a0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000b0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000c0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1195:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000d0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000e0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000f0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000100, "\x8c\x0b\x7c\x0b", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1225:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1228:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000050,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000060,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1240:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000070,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000080,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000090,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000a0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1252:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000b0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000c0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1258:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000d0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000e0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000f0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000100, "\x8c\x0b\x7c\x0b", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1285:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x01\x1e\x95\x1d", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1309:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1312:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1318:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000050,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000060,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000070,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000080,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000090,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000a0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000b0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000c0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000d0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000e0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x000000f0,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1351:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000100, "\x8c\x0b\x7c\x0b", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1369:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x01\x1e\x95\x1d", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1535:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1538:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1541:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1544:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030, "\x15\x20\xe0\x1f", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1559:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1562:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1565:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1568:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030, "\x15\x20\xe0\x1f", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1583:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1586:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1589:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\xdc\x21\xa1\x21", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1607:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1610:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1613:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000030, "\x15\x20\xe0\x1f", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1628:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1631:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1634:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\xdc\x21\xa1\x21", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1794:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1797:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1800:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1803:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1809:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0050, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1827:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1830:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1833:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1836:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1839:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0050, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1857:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1860:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1875:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1878:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1881:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0020,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1884:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0030,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1887:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0040,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1890:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0050, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1905:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1908:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:1911:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x0020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2164:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000000,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000010,
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2206:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + 0x00000020, "\x00\x00\x00\x00", 4);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2230:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[0xf000];
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2578:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + offset, linebuf, 3 * chndl->width);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2642:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (chndl->fname, "w");
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2942:8: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp (chndl->fname);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2970:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
chndl->fp = fopen (chndl->fname, "r");
data/sane-backends-1.0.31/backend/canon_lide70.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/canon_lide70.c:576:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_SOFT_SELECT ");
data/sane-backends-1.0.31/backend/canon_lide70.c:578:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_HARD_SELECT ");
data/sane-backends-1.0.31/backend/canon_lide70.c:580:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_SOFT_DETECT ");
data/sane-backends-1.0.31/backend/canon_lide70.c:582:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_EMULATED ");
data/sane-backends-1.0.31/backend/canon_lide70.c:584:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_AUTOMATIC ");
data/sane-backends-1.0.31/backend/canon_lide70.c:586:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_INACTIVE ");
data/sane-backends-1.0.31/backend/canon_lide70.c:588:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_ADVANCED ");
data/sane-backends-1.0.31/backend/canon_pp-dev.c:177:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cmd_scan[45] =
data/sane-backends-1.0.31/backend/canon_pp-dev.c:215:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char command_14[32] =
data/sane-backends-1.0.31/backend/canon_pp-dev.c:280:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char command_b[56];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:283:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_info_block[6];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(command_b, cmd_initscan, 10);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(command_b+10, cmd_scan, 45);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:361:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scanner_info[12];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:488:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) == -1)
data/sane-backends-1.0.31/backend/canon_pp-dev.c:615:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet_header[4];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:616:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet_req_command[10];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:661:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet_req_command, cmd_packet_req, 10);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:948:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char command_buffer[10];
data/sane-backends-1.0.31/backend/canon_pp-dev.c:953:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colours[3][6] = {"Red", "Green", "Blue"};
data/sane-backends-1.0.31/backend/canon_pp-dev.c:990:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(command_buffer, cmd_calblack, 10);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:1077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(command_buffer, cmd_calcolour, 10);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:1144:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = open(cal_file, O_WRONLY | O_TRUNC | O_CREAT, 0600);
data/sane-backends-1.0.31/backend/canon_pp-dev.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_string[80];
data/sane-backends-1.0.31/backend/canon_pp-dev.h:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/sane-backends-1.0.31/backend/canon_pp-dev.h:123:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma[32];
data/sane-backends-1.0.31/backend/canon_pp-io.c:102:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cmd_init[10] = { 0xec, 0x20, 0, 0, 0, 0, 0, 0, 0, 0 };
data/sane-backends-1.0.31/backend/canon_pp-io.c:395:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2];
data/sane-backends-1.0.31/backend/canon_pp.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81]; /* plus 1 for a null */
data/sane-backends-1.0.31/backend/canon_pp.c:791:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy((char *)val,
data/sane-backends-1.0.31/backend/canon_pp.c:795:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy((char *)val,
data/sane-backends-1.0.31/backend/canon_pp.c:1191:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, read_leftover, bytesleft);
data/sane-backends-1.0.31/backend/canon_pp.c:1202:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, read_leftover, maxlen);
data/sane-backends-1.0.31/backend/canon_pp.c:1348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, lbuf, bytes);
data/sane-backends-1.0.31/backend/canon_pp.c:1358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, lbuf, maxlen);
data/sane-backends-1.0.31/backend/canon_pp.c:1594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->params.port, pp, sizeof(*pp));
data/sane-backends-1.0.31/backend/canon_pp.c:1765:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = open(file, O_CREAT | O_WRONLY, 0600)) < 0)
data/sane-backends-1.0.31/backend/canon_pp.c:1780:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = open(file, O_CREAT | O_WRONLY, 0600)) < 0)
data/sane-backends-1.0.31/backend/canon_pp.c:1803:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, *myhome, buf[PATH_MAX];
data/sane-backends-1.0.31/backend/canon_pp.c:1869:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open(cs->weights_file, O_RDWR | O_APPEND);
data/sane-backends-1.0.31/backend/canon_pp.c:1874:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open(cs->weights_file, O_RDONLY);
data/sane-backends-1.0.31/backend/cardscan.c:322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/cardscan.c:363:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/cardscan.c:381:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/cardscan.c:639:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_color_b, buf+HEADER_SIZE, PIXELS_PER_LINE);
data/sane-backends-1.0.31/backend/cardscan.c:640:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_color_w,
data/sane-backends-1.0.31/backend/cardscan.c:644:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_color_b+PIXELS_PER_LINE,
data/sane-backends-1.0.31/backend/cardscan.c:646:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_color_w+PIXELS_PER_LINE,
data/sane-backends-1.0.31/backend/cardscan.c:650:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_color_b+(PIXELS_PER_LINE*2),
data/sane-backends-1.0.31/backend/cardscan.c:652:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_color_w+(PIXELS_PER_LINE*2),
data/sane-backends-1.0.31/backend/cardscan.c:661:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_gray_b,
data/sane-backends-1.0.31/backend/cardscan.c:663:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->cal_gray_w,
data/sane-backends-1.0.31/backend/cardscan.c:1214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,s->buffer+s->bytes_tx,*len);
data/sane-backends-1.0.31/backend/cardscan.c:1393:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6];
data/sane-backends-1.0.31/backend/cardscan.c:1414:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/backend/cardscan.c:1646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/cardscan.c:1664:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3x:", i);
data/sane-backends-1.0.31/backend/cardscan.c:1667:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/cardscan.h:91:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal_color_b[CAL_COLOR_SIZE];
data/sane-backends-1.0.31/backend/cardscan.h:92:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal_gray_b[CAL_GRAY_SIZE];
data/sane-backends-1.0.31/backend/cardscan.h:93:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal_color_w[CAL_COLOR_SIZE];
data/sane-backends-1.0.31/backend/cardscan.h:94:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal_gray_w[CAL_GRAY_SIZE];
data/sane-backends-1.0.31/backend/cardscan.h:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[PIXELS_PER_LINE * 3 * 32];
data/sane-backends-1.0.31/backend/coolscan-scsidef.h:696:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define get_DI_poweron_errors(b,to) memcpy(to, (b + 0xa8), 8)
data/sane-backends-1.0.31/backend/coolscan.c:404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffer, autofocusLS30.cmd, autofocusLS30.size);
data/sane-backends-1.0.31/backend/coolscan.c:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffer+ autofocusLS30.size, autofocuspos, 9);
data/sane-backends-1.0.31/backend/coolscan.c:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffer, autofocus.cmd, autofocus.size);
data/sane-backends-1.0.31/backend/coolscan.c:498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, object_position.cmd, object_position.size);
data/sane-backends-1.0.31/backend/coolscan.c:517:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, object_position.cmd, object_position.size);
data/sane-backends-1.0.31/backend/coolscan.c:547:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_r[max_WDB_size];
data/sane-backends-1.0.31/backend/coolscan.c:552:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer_r, window_descriptor_block.cmd,
data/sane-backends-1.0.31/backend/coolscan.c:681:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, set_window.cmd, set_window.size); /* SET-WINDOW cmd */
data/sane-backends-1.0.31/backend/coolscan.c:682:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((s->buffer + set_window.size), /* add WPDB */
data/sane-backends-1.0.31/backend/coolscan.c:686:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer + set_window.size + window_parameter_data_block.size,
data/sane-backends-1.0.31/backend/coolscan.c:705:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_r[max_WDB_size];
data/sane-backends-1.0.31/backend/coolscan.c:710:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer_r, window_descriptor_block_LS30.cmd,
data/sane-backends-1.0.31/backend/coolscan.c:813:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, set_window.cmd, set_window.size); /* SET-WINDOW cmd */
data/sane-backends-1.0.31/backend/coolscan.c:814:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((s->buffer + set_window.size), /* add WPDB */
data/sane-backends-1.0.31/backend/coolscan.c:818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer + set_window.size + window_parameter_data_block.size,
data/sane-backends-1.0.31/backend/coolscan.c:1017:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, scan.cmd, scan.size);
data/sane-backends-1.0.31/backend/coolscan.c:1159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (gamma, send.cmd, send.size);
data/sane-backends-1.0.31/backend/coolscan.c:1277:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vendor[9];
data/sane-backends-1.0.31/backend/coolscan.c:1278:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char product[0x11];
data/sane-backends-1.0.31/backend/coolscan.c:1279:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char version[5];
data/sane-backends-1.0.31/backend/coolscan.c:1335:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!strncmp ((char *)product, scanner_str[i], strlen (scanner_str[i])))
data/sane-backends-1.0.31/backend/coolscan.c:1512:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parts[5];
data/sane-backends-1.0.31/backend/coolscan.c:1829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/coolscan.c:1844:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/coolscan.c:1847:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/coolscan.c:2674:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->obuffer, scanner->buffer,data_to_read);
data/sane-backends-1.0.31/backend/coolscan.c:3238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/coolscan.c:3610:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->gamma, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3613:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->gamma_r, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3616:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->gamma_g, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3619:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->gamma_b, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3918:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->gamma, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3923:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->gamma_r, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3928:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->gamma_g, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.c:3933:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->gamma_b, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/coolscan.h:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9]; /* will be Nikon */
data/sane-backends-1.0.31/backend/coolscan.h:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[17]; /* e.g. "LS-1000 " or so */
data/sane-backends-1.0.31/backend/coolscan.h:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5]; /* e.g. V1.6 */
data/sane-backends-1.0.31/backend/coolscan.h:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char power_on_errors[8]; /* Records of error code at power on */
data/sane-backends-1.0.31/backend/coolscan2.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_string[9], product_string[17], revision_string[5];
data/sane-backends-1.0.31/backend/coolscan2.c:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX], *p;
data/sane-backends-1.0.31/backend/coolscan2.c:1524:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &(s->infrared_buf[s->xfer_position]), xfer_len_out);
data/sane-backends-1.0.31/backend/coolscan2.c:1541:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &(s->line_buf[s->i_line_buf]), xfer_len_out);
data/sane-backends-1.0.31/backend/coolscan2.c:1689:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, s->line_buf, xfer_len_out);
data/sane-backends-1.0.31/backend/coolscan3.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_string[9], product_string[17], revision_string[5];
data/sane-backends-1.0.31/backend/coolscan3.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX], *p;
data/sane-backends-1.0.31/backend/coolscan3.c:1543:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(s->line_buf[s->i_line_buf]), xfer_len_out);
data/sane-backends-1.0.31/backend/coolscan3.c:1703:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->line_buf, xfer_len_out);
data/sane-backends-1.0.31/backend/dc210.c:339:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((camera->fd = open (camera->tty_name, O_RDWR)) == -1)
data/sane-backends-1.0.31/backend/dc210.c:354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) &tty_new, (char *) &tty_orig, sizeof (struct termios));
data/sane-backends-1.0.31/backend/dc210.c:490:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/sane-backends-1.0.31/backend/dc210.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX], *p;
data/sane-backends-1.0.31/backend/dc210.c:702:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
baud = atoi (&dev_name[5]);
data/sane-backends-1.0.31/backend/dc210.c:733:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cmdrespause = atoi (&dev_name[12]);
data/sane-backends-1.0.31/backend/dc210.c:738:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
breakpause = atoi (&dev_name[11]);
data/sane-backends-1.0.31/backend/dc210.c:1278:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/sane-backends-1.0.31/backend/dc210.c:1431:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/sane-backends-1.0.31/backend/dc210.h:158:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkt_code[2];
data/sane-backends-1.0.31/backend/dc240.c:384:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((camera->fd = open (camera->tty_name, O_RDWR)) == -1)
data/sane-backends-1.0.31/backend/dc240.c:399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) &tty_new, (char *) &tty_orig, sizeof (struct termios));
data/sane-backends-1.0.31/backend/dc240.c:616:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strchr ((char *) folder_list[n], ' '))
data/sane-backends-1.0.31/backend/dc240.c:618:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*strchr ((char *) folder_list[n], ' ') = '\0';
data/sane-backends-1.0.31/backend/dc240.c:859:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
baud = atoi (&dev_name[5]);
data/sane-backends-1.0.31/backend/dc240.c:890:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cmdrespause = atoi (&dev_name[12]);
data/sane-backends-1.0.31/backend/dc240.c:895:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
breakpause = atoi (&dev_name[11]);
data/sane-backends-1.0.31/backend/dc240.c:1243:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy ((char *) value, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1243:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy ((char *) value, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1432:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "\\PCCARD\\DCIM\\");
data/sane-backends-1.0.31/backend/dc240.c:1433:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat (path, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1437:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, ".JPG");
data/sane-backends-1.0.31/backend/dc240.c:1510:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, linebuffer + linebuffer_index, *length);
data/sane-backends-1.0.31/backend/dc240.c:1542:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (strrchr ((char *) filename_buf, '.'), "JPG");
data/sane-backends-1.0.31/backend/dc240.c:1577:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, linebuffer + linebuffer_index, *length);
data/sane-backends-1.0.31/backend/dc240.c:1671:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "\\PCCARD\\DCIM\\");
data/sane-backends-1.0.31/backend/dc240.c:1672:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat (path, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1673:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, "\\*.*");
data/sane-backends-1.0.31/backend/dc240.c:1948:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "\\PCCARD\\DCIM\\");
data/sane-backends-1.0.31/backend/dc240.c:1949:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat (path, (char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/dc240.c:1953:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (path, ".JPG");
data/sane-backends-1.0.31/backend/dc25.c:137:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tty_name[PATH_MAX];
data/sane-backends-1.0.31/backend/dc25.c:425:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tfd = open (device, O_RDWR)) == -1)
data/sane-backends-1.0.31/backend/dc25.c:439:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) &tty_new, (char *) &tty_orig, sizeof (struct termios));
data/sane-backends-1.0.31/backend/dc25.c:545:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/sane-backends-1.0.31/backend/dc25.c:1304:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pic[MAX_IMAGE_SIZE];
data/sane-backends-1.0.31/backend/dc25.c:1314:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifp = fopen (base_name, "rb")) == NULL)
data/sane-backends-1.0.31/backend/dc25.c:1681:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) &tty_temp, (char *) &tty_old, sizeof (struct termios));
data/sane-backends-1.0.31/backend/dc25.c:1830:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX], *p;
data/sane-backends-1.0.31/backend/dc25.c:1875:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
baud = atoi (&dev_name[5]);
data/sane-backends-1.0.31/backend/dc25.c:2033:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if (!mkstemp (tmpname))
data/sane-backends-1.0.31/backend/dc25.c:2455:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (tmpname, O_CREAT | O_EXCL | O_WRONLY, 0600);
data/sane-backends-1.0.31/backend/dc25.c:2704:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, pp->planes + outbytes, *length);
data/sane-backends-1.0.31/backend/dc25.h:152:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkt_code[2];
data/sane-backends-1.0.31/backend/dell1600n_net.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_regName[REG_NAME_SIZE]; /* name with which to register */
data/sane-backends-1.0.31/backend/dell1600n_net.c:298:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sockBuf[SOCK_BUF_SIZE];
data/sane-backends-1.0.31/backend/dell1600n_net.c:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configBuf[ 256 ];
data/sane-backends-1.0.31/backend/dell1600n_net.c:532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&gOpenScanners[iHandle]->m_sockAddr.sin_addr,
data/sane-backends-1.0.31/backend/dell1600n_net.c:545:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (gOpenScanners[iHandle]->m_regName, "Sane");
data/sane-backends-1.0.31/backend/dell1600n_net.c:689:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sockBuf[SOCK_BUF_SIZE];
data/sane-backends-1.0.31/backend/dell1600n_net.c:843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( gOpenScanners[iHandle]->m_pageInfo.m_pBuf, & pageInfo, sizeof( pageInfo ) );
data/sane-backends-1.0.31/backend/dell1600n_net.c:861:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, gOpenScanners[iHandle]->m_imageData.m_pBuf, dataSize);
data/sane-backends-1.0.31/backend/dell1600n_net.c:942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itemBuf[16] = { 0 }, lineBuf[256] = { 0 };
data/sane-backends-1.0.31/backend/dell1600n_net.c:951:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lineBuf, "%p: ", (buf + i));
data/sane-backends-1.0.31/backend/dell1600n_net.c:953:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (itemBuf, "%02x ", (const unsigned int) buf[i]);
data/sane-backends-1.0.31/backend/dell1600n_net.c:967:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (itemBuf, "%c", buf[j]);
data/sane-backends-1.0.31/backend/dell1600n_net.c:995:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (itemBuf, "%c", buf[j]);
data/sane-backends-1.0.31/backend/dell1600n_net.c:1074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pBuf->m_pBuf + pBuf->m_used, pData, datSize);
data/sane-backends-1.0.31/backend/dell1600n_net.c:1130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[8] = { 2, 0, 0, 2, 0, 0, 0, 0 };
data/sane-backends-1.0.31/backend/dell1600n_net.c:1198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printerName[256] = { 0 };
data/sane-backends-1.0.31/backend/dell1600n_net.c:1199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printerModel[256] = "1600n";
data/sane-backends-1.0.31/backend/dell1600n_net.c:1253:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (printerModel, pValue, valueSize);
data/sane-backends-1.0.31/backend/dell1600n_net.c:1352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sockBuf[SOCK_BUF_SIZE], *pName;
data/sane-backends-1.0.31/backend/dell1600n_net.c:1806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiffErrBuf[1024];
data/sane-backends-1.0.31/backend/dell1600n_net.c:1903:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fTmp = tmpfile ();
data/sane-backends-1.0.31/backend/dll.c:214:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern SANE_Status BE_ENTRY(name,open) (SANE_String_Const, SANE_Handle *); \
data/sane-backends-1.0.31/backend/dll.c:236:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BE_ENTRY(name,open), \
data/sane-backends-1.0.31/backend/dll.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/sane-backends-1.0.31/backend/dll.c:380:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(path,"/SANE/");
data/sane-backends-1.0.31/backend/dll.c:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libname[PATH_MAX];
data/sane-backends-1.0.31/backend/dll.c:510:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (libname, "r");
data/sane-backends-1.0.31/backend/dll.c:521:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (libname, "r");
data/sane-backends-1.0.31/backend/dll.c:773:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/dll.c:820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlldir[PATH_MAX];
data/sane-backends-1.0.31/backend/dll.c:821:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conffile[PATH_MAX + strlen("/") + NAME_MAX];
data/sane-backends-1.0.31/backend/dll.c:896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/dll.c:903:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/sane-backends-1.0.31/backend/dll.c:965:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(path,"/SANE/");
data/sane-backends-1.0.31/backend/dmc.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writeCmd+10, buf, maxlen);
data/sane-backends-1.0.31/backend/dmc.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[INQ_LEN];
data/sane-backends-1.0.31/backend/dmc.c:725:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->currentRawLine, c->nextRawLine, BYTES_PER_RAW_LINE);
data/sane-backends-1.0.31/backend/dmc.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+BYTES_PER_RAW_LINE*3, buf, BYTES_PER_RAW_LINE*3);
data/sane-backends-1.0.31/backend/dmc.c:815:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/dmc.c:1354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, c->readPtr, max_len);
data/sane-backends-1.0.31/backend/dmc.c:1372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, c->readPtr, max_len);
data/sane-backends-1.0.31/backend/epjitsu.c:214:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char global_firmware_filename[PATH_MAX];
data/sane-backends-1.0.31/backend/epjitsu.c:316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/epjitsu.c:711:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/sane-backends-1.0.31/backend/epjitsu.c:713:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[2];
data/sane-backends-1.0.31/backend/epjitsu.c:732:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open((char *)global_firmware_filename,O_RDONLY);
data/sane-backends-1.0.31/backend/epjitsu.c:892:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:894:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[2];
data/sane-backends-1.0.31/backend/epjitsu.c:931:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[0x20];
data/sane-backends-1.0.31/backend/epjitsu.c:2655:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:2656:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:2710:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:2711:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:2974:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[28];
data/sane-backends-1.0.31/backend/epjitsu.c:2982:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pay,coarseCalData_S300,payLen);
data/sane-backends-1.0.31/backend/epjitsu.c:2985:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pay,coarseCalData_S1300i,payLen);
data/sane-backends-1.0.31/backend/epjitsu.c:2988:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pay,coarseCalData_S1100,payLen);
data/sane-backends-1.0.31/backend/epjitsu.c:2991:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pay,coarseCalData_FI60F,payLen);
data/sane-backends-1.0.31/backend/epjitsu.c:3019:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3022:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3182:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3451:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3453:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:3608:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:3750:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3752:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[4];
data/sane-backends-1.0.31/backend/epjitsu.c:3793:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3795:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:3797:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[2];
data/sane-backends-1.0.31/backend/epjitsu.c:3865:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:3971:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:4014:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[10];
data/sane-backends-1.0.31/backend/epjitsu.c:4091:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, page->image->buffer + page->bytes_read, *len);
data/sane-backends-1.0.31/backend/epjitsu.c:4111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/sane-backends-1.0.31/backend/epjitsu.c:4113:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stat[1];
data/sane-backends-1.0.31/backend/epjitsu.c:4394:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp->raw_data + tp->rx_bytes, buf, bytes);
data/sane-backends-1.0.31/backend/epjitsu.c:4951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/epjitsu.c:4969:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3x:", i);
data/sane-backends-1.0.31/backend/epjitsu.c:4972:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/epjitsu.h:242:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dt_lut[256];
data/sane-backends-1.0.31/backend/epson.c:985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_str[NUM_OF_HEX_ELEMENTS * 3 + 1];
data/sane-backends-1.0.31/backend/epson.c:986:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[NUM_OF_HEX_ELEMENTS * 3 + 1];
data/sane-backends-1.0.31/backend/epson.c:987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_str[NUM_OF_HEX_ELEMENTS * 2 + 1];
data/sane-backends-1.0.31/backend/epson.c:1263:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char cct[9];
data/sane-backends-1.0.31/backend/epson.c:1337:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gammaValues[16 * 3 + 1], newValue[4];
data/sane-backends-1.0.31/backend/epson.c:1343:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (newValue, " %02x", s->gamma_table[c][i + j]);
data/sane-backends-1.0.31/backend/epson.c:2016:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi (dev_name);
data/sane-backends-1.0.31/backend/epson.c:2391:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[DEVICE_NAME_LEN + 1];
data/sane-backends-1.0.31/backend/epson.c:2399:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (device_name, buf + 0x1A, DEVICE_NAME_LEN);
data/sane-backends-1.0.31/backend/epson.c:2411:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
dev->sane.model = (char *) memcpy (str, device_name, len);
data/sane-backends-1.0.31/backend/epson.c:2528:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[DEVICE_NAME_LEN + 1];
data/sane-backends-1.0.31/backend/epson.c:2536:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (device_name, buf + 0x1A, DEVICE_NAME_LEN);
data/sane-backends-1.0.31/backend/epson.c:2549:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
dev->sane.model = (char *) memcpy (str, device_name, len);
data/sane-backends-1.0.31/backend/epson.c:2675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/epson.c:3715:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, sval->wa, sopt->size);
data/sane-backends-1.0.31/backend/epson.c:3986:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sval->wa, value, sopt->size); /* Word arrays */
data/sane-backends-1.0.31/backend/epson.c:5657:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, s->ptr, max_length);
data/sane-backends-1.0.31/backend/epson.c:5793:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out_data_ptr, s->line_buffer[0], s->params.bytes_per_line);
data/sane-backends-1.0.31/backend/epson.c:5936:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_level[3];
data/sane-backends-1.0.31/backend/epson.c:5937:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(type_level, "%c%c", ident->type, ident->level);
data/sane-backends-1.0.31/backend/epson.c:6099:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(s->hw->resolution_list[1]), s->hw->res_list,
data/sane-backends-1.0.31/backend/epson.c:6371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(s->hw->resolution_list[1]), s->hw->res_list,
data/sane-backends-1.0.31/backend/epson2-commands.c:36:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[4];
data/sane-backends-1.0.31/backend/epson2-commands.c:97:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[8];
data/sane-backends-1.0.31/backend/epson2-commands.c:279:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:280:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[9];
data/sane-backends-1.0.31/backend/epson2-commands.c:319:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:320:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma[257];
data/sane-backends-1.0.31/backend/epson2-commands.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gammaValues[16 * 3 + 1], newValue[4];
data/sane-backends-1.0.31/backend/epson2-commands.c:346:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newValue, " %02x",
data/sane-backends-1.0.31/backend/epson2-commands.c:385:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:445:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char model[17];
data/sane-backends-1.0.31/backend/epson2-commands.c:448:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:486:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model, &buf[46], 16);
data/sane-backends-1.0.31/backend/epson2-commands.c:547:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:646:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:698:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:751:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:752:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/sane-backends-1.0.31/backend/epson2-commands.c:754:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seq[32] = {
data/sane-backends-1.0.31/backend/epson2-commands.c:790:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:843:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:879:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:914:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:937:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:960:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-commands.c:981:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[1];
data/sane-backends-1.0.31/backend/epson2-commands.c:1002:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[1];
data/sane-backends-1.0.31/backend/epson2-commands.c:1023:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-io.c:235:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[6];
data/sane-backends-1.0.31/backend/epson2-io.c:362:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-ops.c:286:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dev->resolution_list[1]), dev->res_list,
data/sane-backends-1.0.31/backend/epson2-ops.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_level[3];
data/sane-backends-1.0.31/backend/epson2-ops.c:334:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(type_level, "%c%c", level[0], level[1]);
data/sane-backends-1.0.31/backend/epson2-ops.c:361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, model, len);
data/sane-backends-1.0.31/backend/epson2-ops.c:684:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[80];
data/sane-backends-1.0.31/backend/epson2-ops.c:866:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/sane-backends-1.0.31/backend/epson2-ops.c:880:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/sane-backends-1.0.31/backend/epson2-ops.c:1533:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/sane-backends-1.0.31/backend/epson2-ops.c:1608:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/sane-backends-1.0.31/backend/epson2-ops.c:1645:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-ops.c:1663:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-ops.c:1664:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[14];
data/sane-backends-1.0.31/backend/epson2-ops.c:1749:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, s->ptr, max_length);
data/sane-backends-1.0.31/backend/epson2-ops.c:1838:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/sane-backends-1.0.31/backend/epson2-ops.c:1848:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[2];
data/sane-backends-1.0.31/backend/epson2-ops.c:2013:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data_ptr,
data/sane-backends-1.0.31/backend/epson2.c:403:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[76];
data/sane-backends-1.0.31/backend/epson2.c:457:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/backend/epson2.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INQUIRY_BUF_SIZE + 1];
data/sane-backends-1.0.31/backend/epson2.c:799:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[39+4];
data/sane-backends-1.0.31/backend/epson2.c:803:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "net:");
data/sane-backends-1.0.31/backend/epson2.c:1635:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, sval->wa, sopt->size);
data/sane-backends-1.0.31/backend/epson2.c:1871:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sval->wa, value, sopt->size); /* Word arrays */
data/sane-backends-1.0.31/backend/epson2_net.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->netptr, wanted);
data/sane-backends-1.0.31/backend/epson2_net.c:107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[12];
data/sane-backends-1.0.31/backend/epson2_net.c:228:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, buf, buf_size);
data/sane-backends-1.0.31/backend/epson2_net.c:245:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/sane-backends-1.0.31/backend/epson2_scsi.c:45:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6];
data/sane-backends-1.0.31/backend/epson2_scsi.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6];
data/sane-backends-1.0.31/backend/epson2_scsi.c:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6];
data/sane-backends-1.0.31/backend/epson2_scsi.c:90:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6];
data/sane-backends-1.0.31/backend/epson_scsi.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd + 8, buf, buf_size);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param[4];
data/sane-backends-1.0.31/backend/epsonds-cmd.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[13], rbuf[64]; /* add one more byte for header buffer to correct buffer overflow issue,*/
data/sane-backends-1.0.31/backend/epsonds-cmd.c:150:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(header, "%4.4sx%07x", cmd, (unsigned int)plen);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/sane-backends-1.0.31/backend/epsonds-cmd.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, buf, len);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[6];
data/sane-backends-1.0.31/backend/epsonds-cmd.c:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, buf, 4);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, buf + 4, hl);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tdata, token + 3, len);
data/sane-backends-1.0.31/backend/epsonds-jpeg.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src->linebuffer + src->linebuffer_index, *length);
data/sane-backends-1.0.31/backend/epsonds-jpeg.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src->linebuffer + src->linebuffer_index, *length);
data/sane-backends-1.0.31/backend/epsonds-net.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->netptr, wanted);
data/sane-backends-1.0.31/backend/epsonds-net.c:107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[12];
data/sane-backends-1.0.31/backend/epsonds-net.c:264:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[7] = "\x01\xa0\x04\x00\x00\x01\x2c";
data/sane-backends-1.0.31/backend/epsonds-ops.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ring->wp, buf, size);
data/sane-backends-1.0.31/backend/epsonds-ops.c:414:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ring->wp, buf, tail);
data/sane-backends-1.0.31/backend/epsonds-ops.c:418:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ring->wp, buf + tail, size);
data/sane-backends-1.0.31/backend/epsonds-ops.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ring->rp, size);
data/sane-backends-1.0.31/backend/epsonds-ops.c:451:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ring->rp, tail);
data/sane-backends-1.0.31/backend/epsonds-ops.c:455:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + tail, ring->rp, size);
data/sane-backends-1.0.31/backend/epsonds.c:182:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[76];
data/sane-backends-1.0.31/backend/epsonds.c:230:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/backend/epsonds.c:473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[39 + 4];
data/sane-backends-1.0.31/backend/epsonds.c:477:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "net:");
data/sane-backends-1.0.31/backend/epsonds.c:1193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65]; /* add one more byte to correct buffer overflow issue */
data/sane-backends-1.0.31/backend/epsonds.c:1194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100]; /* take care not to overflow */
data/sane-backends-1.0.31/backend/epsonds.c:1273:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "DFL2");
data/sane-backends-1.0.31/backend/epsonds.c:1275:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "DFL1");
data/sane-backends-1.0.31/backend/epsonds.c:1281:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "#FB ");
data/sane-backends-1.0.31/backend/epsonds.c:1290:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#COLM%03d", s->params.depth);
data/sane-backends-1.0.31/backend/epsonds.c:1292:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#COLC%03d", s->params.depth * 3);
data/sane-backends-1.0.31/backend/epsonds.c:1300:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "#FMTRAW ");
data/sane-backends-1.0.31/backend/epsonds.c:1303:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "#FMTJPG #JPGd090");
data/sane-backends-1.0.31/backend/epsonds.c:1309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#RSMi%07d#RSSi%07d", s->val[OPT_RESOLUTION].w, s->val[OPT_RESOLUTION].w);
data/sane-backends-1.0.31/backend/epsonds.c:1311:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#RSMd%03d#RSSd%03d", s->val[OPT_RESOLUTION].w, s->val[OPT_RESOLUTION].w);
data/sane-backends-1.0.31/backend/epsonds.c:1317:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#ACQi%07di%07di%07di%07d",
data/sane-backends-1.0.31/backend/escl/escl.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unix_path[PATH_MAX+7] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl.c:740:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
device->port_nb = atoi(port_str);
data/sane-backends-1.0.31/backend/escl/escl.c:1191:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, handler->scanner->img_data + handler->scanner->img_read, readbyte);
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mem->memory[mem->size]), contents, realsize);
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:240:154: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].SupportedResolutions = int_to_array(scanner->caps[type].SupportedResolutions, &scanner->caps[type].SupportedResolutionsSize, atoi((const char *)xmlNodeGetContent(node)));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:261:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].MinWidth = atoi((const char*)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:263:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxWidth = atoi((const char*)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:265:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].MaxWidth = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:268:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].MinHeight = atoi((const char*)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:270:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxHeight = atoi((const char*)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:272:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].MaxHeight = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:275:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].MaxScanRegions = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:277:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].MaxOpticalXResolution = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:279:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].RiskyLeftMargin = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:281:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].RiskyRightMargin = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:283:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].RiskyTopMargin = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_capabilities.c:285:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scanner->caps[type].RiskyBottomMargin = atoi((const char *)xmlNodeGetContent(node));
data/sane-backends-1.0.31/backend/escl/escl_devices.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[AVAHI_ADDRESS_STR_MAX], *t;
data/sane-backends-1.0.31/backend/escl/escl_jpeg.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[INPUT_BUFFER_SIZE];
data/sane-backends-1.0.31/backend/escl/escl_mupdf.c:51:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4096];
data/sane-backends-1.0.31/backend/escl/escl_mupdf.c:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(surface, pix->samples, (pix->h * pix->stride));
data/sane-backends-1.0.31/backend/escl/escl_newjob.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(download->memory[download->size]), str, realsize);
data/sane-backends-1.0.31/backend/escl/escl_newjob.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cap_data[PATH_MAX] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl_newjob.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char duplex_mode[1024] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl_newjob.c:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_ext_tmp[1024];
data/sane-backends-1.0.31/backend/escl/escl_pdf.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl_pdf.c:66:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(data[nx]), buffer, n);
data/sane-backends-1.0.31/backend/escl/escl_reset.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_cmd[PATH_MAX] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl_scan.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_cmd[PATH_MAX] = { 0 };
data/sane-backends-1.0.31/backend/escl/escl_scan.c:81:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
scanner->tmp = tmpfile();
data/sane-backends-1.0.31/backend/escl/escl_status.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(mem->memory[mem->size]), contents, realsize);
data/sane-backends-1.0.31/backend/escl/escl_status.c:106:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*image = atoi(state);
data/sane-backends-1.0.31/backend/fujitsu-scsi.h:697:43: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define set_S_endorser_string(sb,val,len) memcpy(sb+0x12,val,(size_t)len)
data/sane-backends-1.0.31/backend/fujitsu.c:814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/fujitsu.c:864:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/fujitsu.c:1159:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[INQUIRY_len];
data/sane-backends-1.0.31/backend/fujitsu.c:1162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[INQUIRY_std_len];
data/sane-backends-1.0.31/backend/fujitsu.c:1247:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[INQUIRY_len];
data/sane-backends-1.0.31/backend/fujitsu.c:1250:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[INQUIRY_vpd_len];
data/sane-backends-1.0.31/backend/fujitsu.c:1304:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in+0x1e,vpd3097g,sizeof(vpd3097g));
data/sane-backends-1.0.31/backend/fujitsu.c:1848:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SENSE_len];
data/sane-backends-1.0.31/backend/fujitsu.c:1851:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[MODE_SENSE_data_len];
data/sane-backends-1.0.31/backend/fujitsu.c:2566:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)s->u_endorser_string,"%05ud");
data/sane-backends-1.0.31/backend/fujitsu.c:2709:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_DIAGNOSTIC_len]; /*also big enough for READ_DIAG*/
data/sane-backends-1.0.31/backend/fujitsu.c:2712:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SD_gdi_len];
data/sane-backends-1.0.31/backend/fujitsu.c:2715:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[RD_gdi_len];
data/sane-backends-1.0.31/backend/fujitsu.c:2730:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,SD_gdi_string,outLen);
data/sane-backends-1.0.31/backend/fujitsu.c:5891:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:5894:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:5927:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_DIAGNOSTIC_len]; /*also big enough for READ_DIAG*/
data/sane-backends-1.0.31/backend/fujitsu.c:5930:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SD_powoff_len];
data/sane-backends-1.0.31/backend/fujitsu.c:5945:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,SD_powoff_string,SD_powoff_stringlen);
data/sane-backends-1.0.31/backend/fujitsu.c:5983:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[GET_HW_STATUS_len];
data/sane-backends-1.0.31/backend/fujitsu.c:5986:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[GHS_data_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6039:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[REQUEST_SENSE_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6042:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[RS_return_size];
data/sane-backends-1.0.31/backend/fujitsu.c:6091:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6096:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[S_e_data_max_len]; /*we probably send less below*/
data/sane-backends-1.0.31/backend/fujitsu.c:6225:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6228:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[S_lut_header_len + S_lut_data_max_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6304:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6307:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[S_q_table_header_len + S_q_table_y_len + S_q_table_uv_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (yp, ydata, S_q_table_y_len);
data/sane-backends-1.0.31/backend/fujitsu.c:6344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (uvp, uvdata, S_q_table_uv_len);
data/sane-backends-1.0.31/backend/fujitsu.c:6365:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6368:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6409:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_DIAGNOSTIC_len]; /*also big enough for READ_DIAG*/
data/sane-backends-1.0.31/backend/fujitsu.c:6412:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SD_preread_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out,SD_preread_string,SD_preread_stringlen);
data/sane-backends-1.0.31/backend/fujitsu.c:6458:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6461:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6529:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6532:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6579:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6582:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_max_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6622:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6625:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6665:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6668:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6707:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MODE_SELECT_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6710:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[MSEL_header_len + MSEL_data_min_len];
data/sane-backends-1.0.31/backend/fujitsu.c:6899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(s->u_params), &(s->s_params), sizeof(SANE_Parameters));
data/sane-backends-1.0.31/backend/fujitsu.c:7307:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[ENDORSER_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7310:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[ED_max_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7370:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SCANNER_CONTROL_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7427:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SCANNER_CONTROL_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7536:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_WINDOW_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7540:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SW_header_len + SW_desc_len + SW_desc_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7748:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (desc2, desc1, SW_desc_len);
data/sane-backends-1.0.31/backend/fujitsu.c:7786:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7789:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[R_PSIZE_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7902:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[OBJECT_POSITION_len];
data/sane-backends-1.0.31/backend/fujitsu.c:7944:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SCAN_len];
data/sane-backends-1.0.31/backend/fujitsu.c:8187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->buff_rx[side], out, outLen);
data/sane-backends-1.0.31/backend/fujitsu.c:8201:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/fujitsu.c:8506:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/fujitsu.c:8650:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/fujitsu.c:8901:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->buff_rx[side],buf+seen,len-seen);
data/sane-backends-1.0.31/backend/fujitsu.c:8961:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->buff_rx[side],buf,len);
data/sane-backends-1.0.31/backend/fujitsu.c:8969:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffers[side]+s->buff_rx[side],buf,len);
data/sane-backends-1.0.31/backend/fujitsu.c:9017:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,s->buffers[side]+s->buff_tx[side],bytes);
data/sane-backends-1.0.31/backend/fujitsu.c:9668:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char usb_cmdBuff[USB_COMMAND_LEN];
data/sane-backends-1.0.31/backend/fujitsu.c:9669:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char usb_statBuff[USB_STATUS_LEN];
data/sane-backends-1.0.31/backend/fujitsu.c:9691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&usb_cmdBuff[USB_COMMAND_OFFSET],cmdBuff,cmdLen);
data/sane-backends-1.0.31/backend/fujitsu.c:9814:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rs_cmd[REQUEST_SENSE_len];
data/sane-backends-1.0.31/backend/fujitsu.c:9817:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rs_in[RS_return_size];
data/sane-backends-1.0.31/backend/fujitsu.c:9869:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[TEST_UNIT_READY_len];
data/sane-backends-1.0.31/backend/fujitsu.c:10084:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[70]; /* 'xxx: xx xx ... xx xx abc */
data/sane-backends-1.0.31/backend/fujitsu.c:10108:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line, "%3.3x:", i);
data/sane-backends-1.0.31/backend/fujitsu.c:10112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (hex, " %2.2x", *p);
data/sane-backends-1.0.31/backend/fujitsu.h:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[1024]; /* The name of the device from sanei */
data/sane-backends-1.0.31/backend/fujitsu.h:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_name[9]; /* raw data as returned by SCSI inquiry. */
data/sane-backends-1.0.31/backend/fujitsu.h:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[17]; /* raw data as returned by SCSI inquiry. */
data/sane-backends-1.0.31/backend/fujitsu.h:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_name[5]; /* raw data as returned by SCSI inquiry. */
data/sane-backends-1.0.31/backend/fujitsu.h:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_name[28]; /* 16 char model, ':', 10 byte serial, null */
data/sane-backends-1.0.31/backend/fujitsu.h:517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u_endorser_string[81]; /*max length, plus null byte*/
data/sane-backends-1.0.31/backend/fujitsu.h:562:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * buffers[2];
data/sane-backends-1.0.31/backend/fujitsu.h:624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw_data_avail[NUM_OPTIONS-OPT_TOP];
data/sane-backends-1.0.31/backend/genesys/error.h:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_[MAX_BUF_SIZE];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:1243:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[80];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:1265:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[80];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:1564:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[40];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:1648:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[100];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:2129:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[30];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:3187:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shading_data+cmat[1]*2*words_per_color,
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:3190:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shading_data+cmat[2]*2*words_per_color,
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[80];
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5143:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
usb_dev.open(devname);
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5274:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
str.open(path);
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5298:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
str.open(path);
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5495:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev->interface->get_usb_device().open(dev->file_name.c_str());
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5500:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev->interface->get_usb_device().open(dev->file_name.c_str());
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:1978:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[30];
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2145:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[30];
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2251:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[30];
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2267:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[30];
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2294:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[30];
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[32];
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2407:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(title, "gl646_gain%02d.tiff", pass);
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2716:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data.data() + pixels_count * 3 * y, buffer.data(), pixels_count * 3);
data/sane-backends-1.0.31/backend/genesys/gl646.cpp:2731:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data.data() + pixels_count * 6 * y, buffer.data(),pixels_count * 6);
data/sane-backends-1.0.31/backend/genesys/gl841.cpp:1738:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[30];
data/sane-backends-1.0.31/backend/genesys/gl841.cpp:1881:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[30];
data/sane-backends-1.0.31/backend/genesys/gl841.cpp:1976:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[30];
data/sane-backends-1.0.31/backend/genesys/image.cpp:166:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out_data, in_data, get_pixel_row_bytes(in_format, count));
data/sane-backends-1.0.31/backend/genesys/image_buffer.cpp:66:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out_data, buffer_.data() + buffer_offset_, bytes_copy);
data/sane-backends-1.0.31/backend/genesys/image_pipeline.cpp:118:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out_data, data_.data() + row_bytes * next_row_, row_bytes);
data/sane-backends-1.0.31/backend/genesys/image_pipeline.cpp:134:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out_data, source_.get_row_ptr(next_row_), get_row_bytes());
data/sane-backends-1.0.31/backend/genesys/image_pipeline.cpp:699:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out_data, cached_line_.data() + offset_x_ * bpp,
data/sane-backends-1.0.31/backend/genesys/image_pipeline.cpp:792:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buffer_.get_back_row_ptr(), out_data, get_row_bytes());
data/sane-backends-1.0.31/backend/genesys/low.cpp:102:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::FILE* out = std::fopen(filename, "w");
data/sane-backends-1.0.31/backend/genesys/test_usb_device.cpp:67:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TestUsbDevice::open(const char* dev_name)
data/sane-backends-1.0.31/backend/genesys/test_usb_device.h:60:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char* dev_name) override;
data/sane-backends-1.0.31/backend/genesys/usb_device.cpp:60:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void UsbDevice::open(const char* dev_name)
data/sane-backends-1.0.31/backend/genesys/usb_device.h:68:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const char* dev_name) = 0;
data/sane-backends-1.0.31/backend/genesys/usb_device.h:95:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char* dev_name) override;
data/sane-backends-1.0.31/backend/gphoto2.c:467:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hack_fd = open (Cam_data.port + 7, O_RDONLY)) < 0)
data/sane-backends-1.0.31/backend/gphoto2.c:589:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strchr ((const char *) folder_list[n], ' '))
data/sane-backends-1.0.31/backend/gphoto2.c:591:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*strchr ((const char *) folder_list[n], ' ') = '\0';
data/sane-backends-1.0.31/backend/gphoto2.c:628:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sprintf (cmdbuf, "%s/%s", (char *) TopFolder,
data/sane-backends-1.0.31/backend/gphoto2.c:629:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gphoto2.c:679:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gp_log_add_func (atoi (getenv ("GP_DEBUG")), debug_func, NULL);
data/sane-backends-1.0.31/backend/gphoto2.c:842:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SubDirs = atoi (&dev_name[8]);
data/sane-backends-1.0.31/backend/gphoto2.c:1271:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy ((char *) value, (const char *) folder_list[current_folder],
data/sane-backends-1.0.31/backend/gphoto2.c:1271:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strncpy ((char *) value, (const char *) folder_list[current_folder],
data/sane-backends-1.0.31/backend/gphoto2.c:1346:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src->buffer, data_ptr + data_file_current_index, n);
data/sane-backends-1.0.31/backend/gphoto2.c:1431:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sprintf (cmdbuf, "%s/%s", (char *) TopFolder,
data/sane-backends-1.0.31/backend/gphoto2.c:1432:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gphoto2.c:1505:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, linebuffer + linebuffer_index, *length);
data/sane-backends-1.0.31/backend/gphoto2.c:1532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, linebuffer + linebuffer_index, *length);
data/sane-backends-1.0.31/backend/gphoto2.c:1615:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat (path, (const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gphoto2.c:1783:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "\\DCIM\\");
data/sane-backends-1.0.31/backend/gphoto2.c:1784:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat (path, (const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gphoto2.c:1837:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sprintf (cmdbuf, "%s/%s", (char *) TopFolder,
data/sane-backends-1.0.31/backend/gphoto2.c:1838:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *) folder_list[current_folder]);
data/sane-backends-1.0.31/backend/gt68xx.c:978:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "rb");
data/sane-backends-1.0.31/backend/gt68xx.c:1026:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (filename, "rb");
data/sane-backends-1.0.31/backend/gt68xx.c:2054:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->dev->afe,&(s->afe_params), sizeof(GT68xx_AFE_Parameters));
data/sane-backends-1.0.31/backend/gt68xx_gt6801.c:136:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (download_buf, data + addr, bytes_left);
data/sane-backends-1.0.31/backend/gt68xx_gt6816.c:103:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (download_buf, data + addr, bytes_left);
data/sane-backends-1.0.31/backend/gt68xx_high.c:1816:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_buffer + values->calwidth * line, buffer_pointers[0],
data/sane-backends-1.0.31/backend/gt68xx_high.c:1818:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (g_buffer + values->calwidth * line, buffer_pointers[1],
data/sane-backends-1.0.31/backend/gt68xx_high.c:1820:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b_buffer + values->calwidth * line, buffer_pointers[2],
data/sane-backends-1.0.31/backend/gt68xx_high.c:1859:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->dev->exposure, &scanner->dev->model->exposure,
data/sane-backends-1.0.31/backend/gt68xx_high.c:1948:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(scanner->afe_params), afe, sizeof(GT68xx_AFE_Parameters));
data/sane-backends-1.0.31/backend/gt68xx_high.c:2054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[50];
data/sane-backends-1.0.31/backend/gt68xx_high.c:2307:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "cal-%03d-red.pnm", scanner->calibrations[i].dpi);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2308:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcal = fopen (title, "wb");
data/sane-backends-1.0.31/backend/gt68xx_high.c:2317:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "cal-%03d-green.pnm", scanner->calibrations[i].dpi);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2318:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcal = fopen (title, "wb");
data/sane-backends-1.0.31/backend/gt68xx_high.c:2327:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "cal-%03d-blue.pnm", scanner->calibrations[i].dpi);
data/sane-backends-1.0.31/backend/gt68xx_high.c:2328:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcal = fopen (title, "wb");
data/sane-backends-1.0.31/backend/gt68xx_high.c:2399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->dev->afe, &(scanner->afe_params),
data/sane-backends-1.0.31/backend/gt68xx_high.c:2483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[PATH_MAX];
data/sane-backends-1.0.31/backend/gt68xx_high.c:2557:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcal = fopen (fname, "wb");
data/sane-backends-1.0.31/backend/gt68xx_high.c:2657:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcal = fopen (fname, "rb");
data/sane-backends-1.0.31/backend/gt68xx_low.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GT68XX_PACKET_SIZE * 3 + 1];
data/sane-backends-1.0.31/backend/gt68xx_low.c:131:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf + i * 3, " %02x", req[i]);
data/sane-backends-1.0.31/backend/gt68xx_low.c:386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->afe, &dev->model->afe_params, sizeof (*dev->afe));
data/sane-backends-1.0.31/backend/gt68xx_low.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->exposure, &dev->model->exposure, sizeof (*dev->exposure));
data/sane-backends-1.0.31/backend/gt68xx_low.c:527:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fixed_cmd + i * 8, cmd, 8);
data/sane-backends-1.0.31/backend/gt68xx_low.c:918:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->read_buffer, buffer_addr, buffer_bytes);
data/sane-backends-1.0.31/backend/gt68xx_low.c:942:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, dev->read_buffer + dev->read_pos, transfer_size);
data/sane-backends-1.0.31/backend/gt68xx_mid.c:997:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&reader->params, params, sizeof (GT68xx_Scan_Parameters));
data/sane-backends-1.0.31/backend/hp-device.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/sane-backends-1.0.31/backend/hp-hpmem.c:101:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(new, src, sz);
data/sane-backends-1.0.31/backend/hp-option.c:548:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_val, valp, optd->size); /* Save requested value */
data/sane-backends-1.0.31/backend/hp-option.c:574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[64];
data/sane-backends-1.0.31/backend/hp-option.c:584:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sval," value=%d", *(int*)valp);
data/sane-backends-1.0.31/backend/hp-option.c:604:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_val, valp, optd->size); /* Save requested value */
data/sane-backends-1.0.31/backend/hp-option.c:2188:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (calib_filename, "/.sane/calib-hp");
data/sane-backends-1.0.31/backend/hp-option.c:2200:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (calib_filename, ".dat");
data/sane-backends-1.0.31/backend/hp-option.c:2219:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
calib_file = fopen (calib_filename, "rb");
data/sane-backends-1.0.31/backend/hp-option.c:2275:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
calib_file = fopen (calib_filename, "wb");
data/sane-backends-1.0.31/backend/hp-scl.c:142:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wr_buf[HP_WR_BUF_SIZE];
data/sane-backends-1.0.31/backend/hp-scl.c:427:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lfd = open (devname, flags);
data/sane-backends-1.0.31/backend/hp-scl.c:618:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{char vendor[9], model[17], rev[5];
data/sane-backends-1.0.31/backend/hp-scl.c:622:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vendor, new->inq_data + 8, 8);
data/sane-backends-1.0.31/backend/hp-scl.c:623:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (model, new->inq_data + 16, 16);
data/sane-backends-1.0.31/backend/hp-scl.c:624:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rev, new->inq_data + 32, 4);
data/sane-backends-1.0.31/backend/hp-scl.c:696:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[9];
data/sane-backends-1.0.31/backend/hp-scl.c:697:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sanei_hp_scsi_inq(this) + 8, 8);
data/sane-backends-1.0.31/backend/hp-scl.c:706:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[17];
data/sane-backends-1.0.31/backend/hp-scl.c:707:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sanei_hp_scsi_inq(this) + 16, 16);
data/sane-backends-1.0.31/backend/hp-scl.c:878:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->bufp, data, len);
data/sane-backends-1.0.31/backend/hp-scl.c:911:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
count = sprintf((char *)this->bufp, "\033*%c%d%c", group, val, param);
data/sane-backends-1.0.31/backend/hp-scl.c:1040:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char map8x8[256];
data/sane-backends-1.0.31/backend/hp-scl.c:1188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(ph->procdata), procdata, sizeof (*procdata));
data/sane-backends-1.0.31/backend/hp-scl.c:1237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ph->wr_ptr, data, ncopy);
data/sane-backends-1.0.31/backend/hp-scl.c:1274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ph->wr_ptr, data, nbytes);
data/sane-backends-1.0.31/backend/hp-scl.c:1320:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ph->image_ptr, linebuf, out_bytes_per_line);
data/sane-backends-1.0.31/backend/hp-scl.c:1351:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ph->tmp_buf+ph->tmp_buf_len, read_ptr, nread);
data/sane-backends-1.0.31/backend/hp-scl.c:1355:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ph->tmp_buf+ph->tmp_buf_len, read_ptr, bytes_left);
data/sane-backends-1.0.31/backend/hp-scl.c:1371:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ph->tmp_buf, read_ptr, nread);
data/sane-backends-1.0.31/backend/hp-scl.c:1755:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[16], expect_char;
data/sane-backends-1.0.31/backend/hp-scl.c:1781:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
count = sprintf(expect, "\033*s%d%c", SCL_INQ_ID(scl), expect_char);
data/sane-backends-1.0.31/backend/hp-scl.c:1822:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(valp, buf , *lengthp); /* Get binary data */
data/sane-backends-1.0.31/backend/hp-scl.c:1837:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[16], expect_char;
data/sane-backends-1.0.31/backend/hp-scl.c:1860:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
count = sprintf(expect, "\033*s%d%c", SCL_INQ_ID(scl), expect_char);
data/sane-backends-1.0.31/backend/hp-scl.c:1899:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hpdata, buf, n);
data/sane-backends-1.0.31/backend/hp-scl.c:2005:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)valp)[nread] = '\0';
data/sane-backends-1.0.31/backend/hp.c:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128], pt[32];
data/sane-backends-1.0.31/backend/hp.c:265:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (line," 0x%04X ", offset);
data/sane-backends-1.0.31/backend/hp.c:268:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pt," %02X", buf[i]);
data/sane-backends-1.0.31/backend/hp.c:272:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (line, " ");
data/sane-backends-1.0.31/backend/hp.c:273:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (line, " ");
data/sane-backends-1.0.31/backend/hp.c:276:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pt, "%c", isprint(buf[i]) ? buf[i] : '.');
data/sane-backends-1.0.31/backend/hp.c:400:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(info->config), config, sizeof (info->config));
data/sane-backends-1.0.31/backend/hp.c:640:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX], arg1[PATH_MAX], arg2[PATH_MAX], arg3[PATH_MAX];
data/sane-backends-1.0.31/backend/hp.c:644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cu_device[PATH_MAX];
data/sane-backends-1.0.31/backend/hp.c:742:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hp_global_config_get(), &dev_config,sizeof (dev_config));
data/sane-backends-1.0.31/backend/hp.c:757:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hp_global_config_get (), &dev_config, sizeof (dev_config));
data/sane-backends-1.0.31/backend/hp.c:764:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hp_global_config_get (), &df_config, sizeof (df_config));
data/sane-backends-1.0.31/backend/hp.c:771:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hp_global_config_get (), &df_config, sizeof (df_config));
data/sane-backends-1.0.31/backend/hp.h:129:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char brightness_map[256]; /* Map to simulate brightness level */
data/sane-backends-1.0.31/backend/hp.h:130:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char contrast_map[256]; /* Map to simulate contrast level */
data/sane-backends-1.0.31/backend/hp.h:131:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_map[256]; /* Map to simulate custom gamma table */
data/sane-backends-1.0.31/backend/hp.h:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[64]; /* unique device name */
data/sane-backends-1.0.31/backend/hp3500.c:208:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const *channeldata[3];
data/sane-backends-1.0.31/backend/hp3500.c:234:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char const *scan_mode_list[HP3500_TOTAL_SCANS + 1] = { 0 };
data/sane-backends-1.0.31/backend/hp3500.c:1226:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char command_buffer[MAX_COMMANDS_BYTES];
data/sane-backends-1.0.31/backend/hp3500.c:1228:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *command_readmem_outstanding[MAX_READ_COMMANDS];
data/sane-backends-1.0.31/backend/hp3500.c:1249:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbuf[MAX_READ_BYTES];
data/sane-backends-1.0.31/backend/hp3500.c:1273:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (command_readmem_outstanding[i],
data/sane-backends-1.0.31/backend/hp3500.c:1447:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char regs[2];
data/sane-backends-1.0.31/backend/hp3500.c:1458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0x818];
data/sane-backends-1.0.31/backend/hp3500.c:1459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testbuf[0x818];
data/sane-backends-1.0.31/backend/hp3500.c:1488:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_data[32];
data/sane-backends-1.0.31/backend/hp3500.c:1489:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_data[32];
data/sane-backends-1.0.31/backend/hp3500.c:1523:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[3];
data/sane-backends-1.0.31/backend/hp3500.c:1660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r3ab[2];
data/sane-backends-1.0.31/backend/hp3500.c:2022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regs[255];
data/sane-backends-1.0.31/backend/hp3500.c:2024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (regs, regs_, 255);
data/sane-backends-1.0.31/backend/hp3500.c:2071:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char regs[13];
data/sane-backends-1.0.31/backend/hp3500.c:2152:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdbuffer[NVR_MAX_COMMAND_SIZE];
data/sane-backends-1.0.31/backend/hp3500.c:2178:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdbuffer[NVR_MAX_COMMAND_SIZE];
data/sane-backends-1.0.31/backend/hp3500.c:2249:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmdbuffer[NVR_MAX_COMMAND_SIZE];
data/sane-backends-1.0.31/backend/hp3500.c:2251:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbit_command[2];
data/sane-backends-1.0.31/backend/hp3500.c:2440:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffers[3];
data/sane-backends-1.0.31/backend/hp3500.c:2451:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char regs[255];
data/sane-backends-1.0.31/backend/hp3500.c:2500:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[0xffc0];
data/sane-backends-1.0.31/backend/hp3500.c:2560:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/sane-backends-1.0.31/backend/hp3500.c:2564:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + strlen (buffer), "%02x:", i);
data/sane-backends-1.0.31/backend/hp3500.c:2567:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + strlen (buffer), " %02x", regs[i++]);
data/sane-backends-1.0.31/backend/hp3500.c:2570:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + strlen (buffer), " -");
data/sane-backends-1.0.31/backend/hp3500.c:2572:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + strlen (buffer), " %02x", regs[i++]);
data/sane-backends-1.0.31/backend/hp3500.c:2691:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fname, "w");
data/sane-backends-1.0.31/backend/hp3500.c:2696:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/sane-backends-1.0.31/backend/hp3500.c:2773:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *channel_data[3][2];
data/sane-backends-1.0.31/backend/hp3500.c:2830:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[0xffc0];
data/sane-backends-1.0.31/backend/hp3500.c:2847:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (row_buffer + rownow * rowbytes + bytenow,
data/sane-backends-1.0.31/backend/hp3500.c:2999:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char regs[256];
data/sane-backends-1.0.31/backend/hp3500.c:3286:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cd->buffer, data, bytes);
data/sane-backends-1.0.31/backend/hp3500.c:3328:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char calib_info[9];
data/sane-backends-1.0.31/backend/hp3500.c:3329:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char calibbuf[2400];
data/sane-backends-1.0.31/backend/hp3500.c:3830:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (getenv ("HP3500_NOWARMUP") && atoi (getenv ("HP3500_NOWARMUP")) > 0)
data/sane-backends-1.0.31/backend/hp3500.c:3843:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int seconds = atoi (getenv ("HP3500_SLEEP"));
data/sane-backends-1.0.31/backend/hp3900_config.c:512:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &myreg[a].value, sizeof(struct st_buttons));
data/sane-backends-1.0.31/backend/hp3900_config.c:614:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &myreg[a].motor, sizeof(struct st_motorcfg));
data/sane-backends-1.0.31/backend/hp3900_config.c:664:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &myreg[a].sensor, sizeof(struct st_sensorcfg));
data/sane-backends-1.0.31/backend/hp3900_config.c:1029:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(constrain, ®[a].constrain, sizeof(struct st_constrains));
data/sane-backends-1.0.31/backend/hp3900_config.c:1059:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rst, &Resource, sizeof(SANE_Byte) * 32);
data/sane-backends-1.0.31/backend/hp3900_config.c:1067:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rst, &Resource, sizeof(SANE_Byte) * 32);
data/sane-backends-1.0.31/backend/hp3900_config.c:1112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &myreg[a].value, sizeof(struct st_autoref));
data/sane-backends-1.0.31/backend/hp3900_config.c:1316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myreg, ®[a].values, sizeof(struct st_gain_offset));
data/sane-backends-1.0.31/backend/hp3900_config.c:1352:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myreg, ®[a].values, sizeof(struct st_gain_offset));
data/sane-backends-1.0.31/backend/hp3900_config.c:1392:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myreg, ®[a].values, sizeof(struct st_gain_offset));
data/sane-backends-1.0.31/backend/hp3900_config.c:1428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myreg, ®[a].values, sizeof(struct st_gain_offset));
data/sane-backends-1.0.31/backend/hp3900_config.c:1464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(myreg, ®[a].values, sizeof(struct st_gain_offset));
data/sane-backends-1.0.31/backend/hp3900_config.c:1536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check, ®[a].values, sizeof(struct st_checkstable));
data/sane-backends-1.0.31/backend/hp3900_config.c:1573:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check, ®[a].values, sizeof(struct st_checkstable));
data/sane-backends-1.0.31/backend/hp3900_config.c:1610:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check, ®[a].values, sizeof(struct st_checkstable));
data/sane-backends-1.0.31/backend/hp3900_config.c:1647:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(check, ®[a].values, sizeof(struct st_checkstable));
data/sane-backends-1.0.31/backend/hp3900_config.c:2064:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &mv[item], sizeof(struct st_motormove));
data/sane-backends-1.0.31/backend/hp3900_config.c:2089:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &mv[item], sizeof(struct st_motormove));
data/sane-backends-1.0.31/backend/hp3900_config.c:2136:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &mv[a].move, sizeof(struct st_motormove));
data/sane-backends-1.0.31/backend/hp3900_config.c:2391:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymode, &md->mode, sizeof(struct st_scanmode));
data/sane-backends-1.0.31/backend/hp3900_config.c:2521:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymode, &md->mode, sizeof(struct st_scanmode));
data/sane-backends-1.0.31/backend/hp3900_config.c:2639:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymode, &md->mode, sizeof(struct st_scanmode));
data/sane-backends-1.0.31/backend/hp3900_config.c:2737:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymode, &md->mode, sizeof(struct st_scanmode));
data/sane-backends-1.0.31/backend/hp3900_config.c:2815:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mymode, &md->mode, sizeof(struct st_scanmode));
data/sane-backends-1.0.31/backend/hp3900_config.c:3618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &data[tm], sizeof(struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_config.c:3662:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &data[tm], sizeof(struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_config.c:3697:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &data[tm], sizeof(struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_config.c:3719:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &data[tm], sizeof(struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_config.c:3754:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &data[tm], sizeof(struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_config.c:3784:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reg, &data[tm], sizeof(struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_config.c:3846:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rst, &steps, sizeof(steps));
data/sane-backends-1.0.31/backend/hp3900_config.c:3947:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rst, &steps, sizeof(steps));
data/sane-backends-1.0.31/backend/hp3900_config.c:4048:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rst, &steps, sizeof(steps));
data/sane-backends-1.0.31/backend/hp3900_config.c:4193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rst, &steps, sizeof(steps));
data/sane-backends-1.0.31/backend/hp3900_debug.c:113:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
shadingfile[0] = fopen ("RShading.txt", "w");
data/sane-backends-1.0.31/backend/hp3900_debug.c:114:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
shadingfile[1] = fopen ("GShading.txt", "w");
data/sane-backends-1.0.31/backend/hp3900_debug.c:115:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
shadingfile[2] = fopen ("BShading.txt", "w");
data/sane-backends-1.0.31/backend/hp3900_debug.c:310:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "ACC, ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:312:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "DEC, ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:317:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "NORMALSCAN, ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:320:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "PARKHOME , ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:323:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "SMEARING , ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:326:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "BUFFERFULL, ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:352:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "...");
data/sane-backends-1.0.31/backend/hp3900_debug.c:356:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, ", ");
data/sane-backends-1.0.31/backend/hp3900_debug.c:367:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "NONE\n");
data/sane-backends-1.0.31/backend/hp3900_debug.c:370:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sline, "NULL ...\n");
data/sane-backends-1.0.31/backend/hp3900_debug.c:556:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/sane-backends-1.0.31/backend/hp3900_debug.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[256];
data/sane-backends-1.0.31/backend/hp3900_debug.c:746:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[9];
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:1004:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (curve->step, buffer,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:1151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mode, ®, sizeof (struct st_scanmode));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:1562:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scan.coord, ¶m->coords, sizeof (struct st_coords));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:1655:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scan2, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:2330:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmg, ®, sizeof (struct st_timing));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:2583:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Regs, dev->init_regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:2618:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mymotor, dev->motormove[movement],
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:2670:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cpRegs, Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:2975:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mm, ®, sizeof (struct st_motormove));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:3655:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dev->init_regs[0x104], resource, data);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:4779:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (gammabuffer + (c * table_size), mygamma->table[c],
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7314:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, rz->v3628, rz->bytesperline); /*f6a8 */
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7668:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pImage, readbuffer, *transferred);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7833:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptDMABuffer, ptImg,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7835:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rd->DMABuffer,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7839:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptDMABuffer, ptImg, iAmount);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7879:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptBuffer, rd->RDStart, rest);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7880:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptBuffer + rest, rd->DMABuffer, iAmount - rest);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:7885:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptBuffer, rd->RDStart, iAmount);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8069:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Regs, dev->init_regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8070:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scancfg, &scan, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8147:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Regs, dev->init_regs,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:9070:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scan2, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:9274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Regs[0x14], &fake, 18);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:9477:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tablepos, pos, sizeof (SANE_Int) * 4);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:9665:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (calbuffers->tables[a], calbuffers->table2, tablepos[a]);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10336:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myscancfg, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10986:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Regs, dev->init_regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11294:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Regs, dev->init_regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11297:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mymotor, dev->motormove[speed],
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11611:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, &calibdata->Regs, sizeof (SANE_Byte) * RT_BUFFER_LEN);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11620:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scancfg, &calibdata->scancfg,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11925:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Regs, &calibdata->Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11926:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scancfg, &calibdata->scancfg,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:12186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&Regs, &calibdata->Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:12187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scancfg, &calibdata->scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:12270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[30];
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:12651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, &calibdata->Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:12652:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scancfg, &calibdata->scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, &calibdata->Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scancfg, &calibdata->scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13294:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&calibdata->Regs, myRegs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13630:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&calibdata->Regs, Regs, sizeof (SANE_Byte) * RT_BUFFER_LEN);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13656:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&calibdata->scancfg, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13839:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&myCalib->gain_offset, &calibdata->gain_offset,
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mitabla2, &calibdata->gain_offset, sizeof (struct st_gain_offset));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14484:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myscancfg, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14487:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texto[1024];
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14656:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
archivo = fopen ("wShading.txt", "w");
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14698:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myscancfg, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14701:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14768:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14838:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myscancfg, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myscancfg, scancfg, sizeof (struct st_scanparams));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14969:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (myRegs, Regs, RT_BUFFER_LEN * sizeof (SANE_Byte));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:15034:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/sane-backends-1.0.31/backend/hp3900_sane.c:283:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, &myres, sizeof (myres));
data/sane-backends-1.0.31/backend/hp3900_sane.c:295:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, &myres, sizeof (myres));
data/sane-backends-1.0.31/backend/hp3900_sane.c:308:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, &myres, sizeof (myres));
data/sane-backends-1.0.31/backend/hp3900_sane.c:319:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, &myres, sizeof (myres));
data/sane-backends-1.0.31/backend/hp3900_sane.c:356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (model, &mymodel, sizeof (mymodel));
data/sane-backends-1.0.31/backend/hp3900_sane.c:393:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (colormode, &mycolormode, sizeof (mycolormode));
data/sane-backends-1.0.31/backend/hp3900_sane.c:426:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (source, &mysource, sizeof (mysource));
data/sane-backends-1.0.31/backend/hp3900_sane.c:436:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (source, &mysource, sizeof (mysource));
data/sane-backends-1.0.31/backend/hp3900_sane.c:473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (depth, &mydepth, sizeof (mydepth));
data/sane-backends-1.0.31/backend/hp3900_sane.c:497:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/sane-backends-1.0.31/backend/hp3900_sane.c:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sdevname[10] =
data/sane-backends-1.0.31/backend/hp3900_sane.c:1631:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/sane-backends-1.0.31/backend/hp3900_sane.c:1632:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[128];
data/sane-backends-1.0.31/backend/hp3900_sane.c:1634:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "button %d", i - opt_button_0);
data/sane-backends-1.0.31/backend/hp3900_sane.c:1635:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "Scanner button %d", i - opt_button_0);
data/sane-backends-1.0.31/backend/hp3900_sane.c:1982:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, scanner->aValues[optid].wa,
data/sane-backends-1.0.31/backend/hp3900_sane.c:2055:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->aValues[optid].wa, value,
data/sane-backends-1.0.31/backend/hp3900_sane.c:2411:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&s->ScanParams.coords, &coords,
data/sane-backends-1.0.31/backend/hp3900_sane.c:2536:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pbuffer, s->rest, bufflength);
data/sane-backends-1.0.31/backend/hp3900_sane.c:2561:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pbuffer, s->image, bufflength);
data/sane-backends-1.0.31/backend/hp3900_sane.c:2569:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->rest, s->image + bufflength,
data/sane-backends-1.0.31/backend/hp3900_sane.c:2642:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, buffer, *len);
data/sane-backends-1.0.31/backend/hp4200.c:402:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sensor_bit[2] = { 0x02, 0x10 };
data/sane-backends-1.0.31/backend/hp4200.c:703:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma[1024];
data/sane-backends-1.0.31/backend/hp4200.c:704:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char read_gamma[1024];
data/sane-backends-1.0.31/backend/hp4200.c:1020:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->scanner_buffer.buffer, s->scanner_buffer.data_ptr, 3);
data/sane-backends-1.0.31/backend/hp4200.c:1683:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kaka = fopen ("corr.raw", "w");
data/sane-backends-1.0.31/backend/hp4200.c:2093:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, cb->buffer_position, upper_block_size);
data/sane-backends-1.0.31/backend/hp4200.c:2112:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf + biggest_upper_block_size, cb->buffer, lower_block_size);
data/sane-backends-1.0.31/backend/hp4200.c:2370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/hp4200.c:2769:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/hp4200.c:2813:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/hp5400_internal.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strVersion[128];
data/sane-backends-1.0.31/backend/hp5400_internal.c:116:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( MatchVersions[0].strVersion, "SilitekIBlizd C3 ScannerV0.84");
data/sane-backends-1.0.31/backend/hp5400_internal.c:117:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( MatchVersions[1].strVersion, "SilitekIBlizd C3 ScannerV0.86");
data/sane-backends-1.0.31/backend/hp5400_internal.c:118:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( MatchVersions[2].strVersion, "SilitekIBlizd C3 ScannerV0.87");
data/sane-backends-1.0.31/backend/hp5400_internal.c:291:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dataVerify[0x02];
data/sane-backends-1.0.31/backend/hp5400_internal.c:297:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data0300[3];
data/sane-backends-1.0.31/backend/hp5400_internal.c:341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[8];
data/sane-backends-1.0.31/backend/hp5400_internal.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char highr[2], highg[2], highb[2];
data/sane-backends-1.0.31/backend/hp5400_internal.c:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowr[2], lowg[2], lowb[2];
data/sane-backends-1.0.31/backend/hp5400_internal.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[8];
data/sane-backends-1.0.31/backend/hp5400_internal.c:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[3];
data/sane-backends-1.0.31/backend/hp5400_internal.c:527:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp = fopen ("imagedebug.dat", "w+b");
data/sane-backends-1.0.31/backend/hp5400_internal.c:569:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p->buffer, tmpBuf, p->buffersize);
data/sane-backends-1.0.31/backend/hp5400_internal.c:580:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
data/sane-backends-1.0.31/backend/hp5400_internal.c:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p[3];
data/sane-backends-1.0.31/backend/hp5400_internal.c:713:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen (filename, "wb");
data/sane-backends-1.0.31/backend/hp5400_internal.c:839:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (filename, "w+b");
data/sane-backends-1.0.31/backend/hp5400_internal.c:880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/sane-backends-1.0.31/backend/hp5400_internal.c:911:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Average %d: \n", i);
data/sane-backends-1.0.31/backend/hp5400_internal.c:916:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + len, "%04X ", high_array[i][j]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:919:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " ... \n");
data/sane-backends-1.0.31/backend/hp5400_internal.c:924:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + len, "%04X ", high_array[i][j]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:927:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " ... \n");
data/sane-backends-1.0.31/backend/hp5400_internal.c:932:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + len, "%04X ", high_array[i][j]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:935:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " ... \n");
data/sane-backends-1.0.31/backend/hp5400_internal.c:969:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "Average %d: \n", i);
data/sane-backends-1.0.31/backend/hp5400_internal.c:974:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + len, "%04X ", low_array[i][j]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:977:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " ... \n");
data/sane-backends-1.0.31/backend/hp5400_internal.c:982:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + len, "%04X ", low_array[i][j]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:985:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " ... \n");
data/sane-backends-1.0.31/backend/hp5400_internal.c:990:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer + len, "%04X ", low_array[i][j]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:993:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buffer, " ... \n");
data/sane-backends-1.0.31/backend/hp5400_internal.c:1059:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
imageFile = fopen ("output.dat", "r+b");
data/sane-backends-1.0.31/backend/hp5400_internal.c:1248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4] = { 0x02, 0x03, 0x03, 0x3C };
data/sane-backends-1.0.31/backend/hp5400_internal.c:1295:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
HP5400_DBG (DBG_MSG, "%02X ", ((unsigned char *) req)[i]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:1374:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, &res, sizeof (*result));
data/sane-backends-1.0.31/backend/hp5400_internal.c:1403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersion[32];
data/sane-backends-1.0.31/backend/hp5400_internal.c:1485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersion[32];
data/sane-backends-1.0.31/backend/hp5400_internal.c:1558:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int width = atoi (argv[3]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:1559:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int height = atoi (argv[4]);
data/sane-backends-1.0.31/backend/hp5400_internal.c:1560:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *temp = fopen (argv[2], "r+b");
data/sane-backends-1.0.31/backend/hp5400_sane.c:229:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usb_devfile[128];
data/sane-backends-1.0.31/backend/hp5400_sane.c:620:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(usb_devfile, "/dev/usb/scanner0");
data/sane-backends-1.0.31/backend/hp5400_sane.c:870:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pVal, s->aValues[n].wa, s->aOptions[n].size);
data/sane-backends-1.0.31/backend/hp5400_sane.c:1057:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->aValues[n].wa, pVal, s->aOptions[n].size);
data/sane-backends-1.0.31/backend/hp5400_sanei.c:82:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
HP5400_DBG (DBG_MSG, "%02X ", ((unsigned char *) pabData)[i]);
data/sane-backends-1.0.31/backend/hp5400_sanei.c:171:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abData[4];
data/sane-backends-1.0.31/backend/hp5400_sanei.c:371:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char text2400[3];
data/sane-backends-1.0.31/backend/hp5590.c:1005:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_MODE_LINEART, strlen (SANE_VALUE_SCAN_MODE_LINEART));
data/sane-backends-1.0.31/backend/hp5590.c:1009:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_MODE_GRAY, strlen (SANE_VALUE_SCAN_MODE_GRAY));
data/sane-backends-1.0.31/backend/hp5590.c:1013:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_MODE_COLOR_24, strlen (SANE_VALUE_SCAN_MODE_COLOR_24));
data/sane-backends-1.0.31/backend/hp5590.c:1017:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_MODE_COLOR_48, strlen (SANE_VALUE_SCAN_MODE_COLOR_48));
data/sane-backends-1.0.31/backend/hp5590.c:1029:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_SOURCE_FLATBED, strlen (SANE_VALUE_SCAN_SOURCE_FLATBED));
data/sane-backends-1.0.31/backend/hp5590.c:1033:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_SOURCE_ADF, strlen (SANE_VALUE_SCAN_SOURCE_ADF));
data/sane-backends-1.0.31/backend/hp5590.c:1037:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_SOURCE_ADF_DUPLEX, strlen (SANE_VALUE_SCAN_SOURCE_ADF_DUPLEX));
data/sane-backends-1.0.31/backend/hp5590.c:1041:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_SOURCE_TMA_SLIDES, strlen (SANE_VALUE_SCAN_SOURCE_TMA_SLIDES));
data/sane-backends-1.0.31/backend/hp5590.c:1045:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, SANE_VALUE_SCAN_SOURCE_TMA_NEGATIVES, strlen (SANE_VALUE_SCAN_SOURCE_TMA_NEGATIVES));
data/sane-backends-1.0.31/backend/hp5590.c:1162:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, TRAILING_LINES_MODE_RAW_KEY, strlen (TRAILING_LINES_MODE_RAW_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1166:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, TRAILING_LINES_MODE_LAST_KEY, strlen (TRAILING_LINES_MODE_LAST_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1170:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, TRAILING_LINES_MODE_RASTER_KEY, strlen (TRAILING_LINES_MODE_RASTER_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1174:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, TRAILING_LINES_MODE_BLACK_KEY, strlen (TRAILING_LINES_MODE_BLACK_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1178:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, TRAILING_LINES_MODE_WHITE_KEY, strlen (TRAILING_LINES_MODE_WHITE_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1182:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, TRAILING_LINES_MODE_COLOR_KEY, strlen (TRAILING_LINES_MODE_COLOR_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1759:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->eop_last_line_data, buf, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:1843:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->adf_next_page_lines_data + scanner->adf_next_page_lines_data_wpos, buf, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:1852:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, scanner->eop_last_line_data, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:2012:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->eop_last_line_data, buf, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:2093:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->adf_next_page_lines_data + scanner->adf_next_page_lines_data_wpos, buf, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:2102:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, scanner->eop_last_line_data, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:2106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, bufptr, size);
data/sane-backends-1.0.31/backend/hp5590.c:2128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, scanner->one_line_read_buffer + scanner->one_line_read_buffer_rpos, rest_len);
data/sane-backends-1.0.31/backend/hp5590.c:2259:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scan_data + wpos, scanner->eop_last_line_data + scanner->eop_last_line_data_rpos, n1);
data/sane-backends-1.0.31/backend/hp5590.c:2281:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scan_data + wpos, scanner->adf_next_page_lines_data + scanner->adf_next_page_lines_data_rpos, n1);
data/sane-backends-1.0.31/backend/hp5590.c:2363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src1, n_copy * bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590.c:2431:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pdst, psrc, bytes_per_line);
data/sane-backends-1.0.31/backend/hp5590_cmds.c:479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_buf[sizeof (init_resp.id) + 1];
data/sane-backends-1.0.31/backend/hp5590_cmds.c:480:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ver_buf[sizeof (init_resp.version) + 1];
data/sane-backends-1.0.31/backend/hp5590_cmds.c:777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (max_count, max_scan_count, sizeof (max_scan_count));
data/sane-backends-1.0.31/backend/hp5590_cmds.c:832:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LEN];
data/sane-backends-1.0.31/backend/hp5590_cmds.c:836:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int n = sprintf(p, "\n%04x ", (int)i);
data/sane-backends-1.0.31/backend/hp5590_cmds.c:842:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int n = sprintf(p, " %02x", eeprom[i]);
data/sane-backends-1.0.31/backend/hp5590_cmds.c:861:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char part_number[PART_NUMBER_LEN + 1];
data/sane-backends-1.0.31/backend/hp5590_low.c:831:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bytes, bulk_read_state->buffer_out_ptr, bytes_until_buffer_end);
data/sane-backends-1.0.31/backend/hp5590_low.c:837:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bytes + bytes_until_buffer_end,
data/sane-backends-1.0.31/backend/hp5590_low.c:846:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bytes, bulk_read_state->buffer_out_ptr, size);
data/sane-backends-1.0.31/backend/hpljm1005.c:675:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!strcmp ((char *) value, mode_list[0]))
data/sane-backends-1.0.31/backend/hpljm1005.c:677:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else if (!strcmp ((char *) value, mode_list[1]))
data/sane-backends-1.0.31/backend/hpljm1005.c:931:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->buffer + dev->write_offset_r, buffer, size);
data/sane-backends-1.0.31/backend/hpljm1005.c:1054:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->buffer + dev->read_offset, *len);
data/sane-backends-1.0.31/backend/hpsj5s.c:68:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char scanner_path[PATH_MAX] = ""; /*String for device-file */
data/sane-backends-1.0.31/backend/hpsj5s.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX]; /*Line from config file */
data/sane-backends-1.0.31/backend/hs2p-scsi.c:449:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sdp, sense_buffer, sizeof (SENSE_DATA));
data/sane-backends-1.0.31/backend/hs2p-scsi.c:472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (print_sense + strlen (print_sense), "%02x ", sense_buffer[i]);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:877:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&msc.mp, settings, msc.cmd.len); /* Copy hdr+pages from Settings to msc.mp */
data/sane-backends-1.0.31/backend/hs2p-scsi.c:974:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &(msp.page), nbytes);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1012:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (!memcpy (&(win.swd), swd, sizeof (*swd)))
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cmd, buf, sizeof (*buf)); /* Fill in our struct with set values */
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out.endorser[0], s, len);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1316:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "EEPROM ALL ALL RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1319:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "EEPROM ALL RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1322:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "ADF RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1325:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "FLATBED RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1328:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "LAMP RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1331:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (out.string, "EEPROM ADF %c %+4.1d", XorY, number);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1334:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (out.string, "EEPROM BOOK %c %4.1d", XorY, number);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1337:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (out.string, "WHITE ADJUST DATA %3d", number);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1340:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "EEPROM FIRST WHITE ODD");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1343:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "EEPROM FIRST WHITE EVEN");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1346:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "R ADF RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1349:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "R LAMP RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1352:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (out.string, "EEPROM R ADF %c %4.1d", XorY, number);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1355:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (out.string, "ENDORSER RESET");
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dbs, &buf.data, sizeof (*dbs));
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1836:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (settings, &buf, nbytes);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1843:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&buf, settings, nbytes);
data/sane-backends-1.0.31/backend/hs2p.c:973:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_string[60];
data/sane-backends-1.0.31/backend/hs2p.c:1457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX], *s, *t;
data/sane-backends-1.0.31/backend/hs2p.c:2135:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/hs2p.c:2347:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/hs2p.h:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inquiry_data[256];
data/sane-backends-1.0.31/backend/ibm-scsi.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&select_cmd.mp, mp, sizeof(*mp));
data/sane-backends-1.0.31/backend/ibm-scsi.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp, &select_data.mp, sizeof(*mp));
data/sane-backends-1.0.31/backend/ibm-scsi.c:225:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char window_id_list[1] = { '\0' }; /* scan start data out */
data/sane-backends-1.0.31/backend/ibm-scsi.c:259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&win.iwd, iwd, sizeof(*iwd));
data/sane-backends-1.0.31/backend/ibm-scsi.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dbs, &ssd.desc, sizeof(*dbs));
data/sane-backends-1.0.31/backend/ibm.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnam[PATH_MAX] = "/dev/scanner";
data/sane-backends-1.0.31/backend/ibm.c:559:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX], *lp;
data/sane-backends-1.0.31/backend/kodak-cmd.h:405:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define set_SR_datatype_qual(sb, val) memcpy(sb + 4, val, 2)
data/sane-backends-1.0.31/backend/kodak.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/kodak.c:266:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buf = atoi (lp);
data/sane-backends-1.0.31/backend/kodak.c:475:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[INQUIRY_len];
data/sane-backends-1.0.31/backend/kodak.c:478:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[I_data_len];
data/sane-backends-1.0.31/backend/kodak.c:761:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SEND_len];
data/sane-backends-1.0.31/backend/kodak.c:763:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SR_len_time]; /*longest used in this function*/
data/sane-backends-1.0.31/backend/kodak.c:1709:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SCAN_len];
data/sane-backends-1.0.31/backend/kodak.c:1710:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[SR_len_startstop];
data/sane-backends-1.0.31/backend/kodak.c:1827:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[SET_WINDOW_len];
data/sane-backends-1.0.31/backend/kodak.c:1832:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[WINDOW_HEADER_len + WINDOW_DESCRIPTOR_len];
data/sane-backends-1.0.31/backend/kodak.c:2047:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/kodak.c:2049:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[SR_len_config];
data/sane-backends-1.0.31/backend/kodak.c:2139:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/kodak.c:2140:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pay[SR_len_imageheader];
data/sane-backends-1.0.31/backend/kodak.c:2274:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[READ_len];
data/sane-backends-1.0.31/backend/kodak.c:2352:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buffer+s->bytes_rx,buf,len);
data/sane-backends-1.0.31/backend/kodak.c:2386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,s->buffer+s->bytes_tx,bytes);
data/sane-backends-1.0.31/backend/kodak.c:2799:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[TEST_UNIT_READY_len];
data/sane-backends-1.0.31/backend/kodak.c:2868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/kodak.c:2886:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3x:", i);
data/sane-backends-1.0.31/backend/kodak.c:2889:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/kodak.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_name[9]; /* null-term data returned by SCSI inquiry.*/
data/sane-backends-1.0.31/backend/kodak.h:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product_name[17]; /* null-term data returned by SCSI inquiry.*/
data/sane-backends-1.0.31/backend/kodak.h:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_name[5]; /* null-term data returned by SCSI inquiry.*/
data/sane-backends-1.0.31/backend/kodak.h:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char build_name[3]; /* null-term data returned by SCSI inquiry.*/
data/sane-backends-1.0.31/backend/kodakaio.c:797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024], fmt_buf[1024];
data/sane-backends-1.0.31/backend/kodakaio.c:806:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt_buf, " 0x%04lx ", (unsigned long)k);
data/sane-backends-1.0.31/backend/kodakaio.c:812:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt_buf, " %02x" , buf[k]);
data/sane-backends-1.0.31/backend/kodakaio.c:825:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt_buf, "esc %c %c %02x %02x %02x %02x %02x",
data/sane-backends-1.0.31/backend/kodakaio.c:829:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt_buf, "%02x %02x %02x %02x %02x %02x %02x %02x",
data/sane-backends-1.0.31/backend/kodakaio.c:837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buf[25];
data/sane-backends-1.0.31/backend/kodakaio.c:873:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buf[25];
data/sane-backends-1.0.31/backend/kodakaio.c:1062:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reply[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1063:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buf[25];
data/sane-backends-1.0.31/backend/kodakaio.c:1096:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reply[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1129:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reply[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_col[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1191:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rx[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1192:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_curve[256];
data/sane-backends-1.0.31/backend/kodakaio.c:1225:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_S[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1226:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_dpi[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1227:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_topleft[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1228:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_widthheight[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1229:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufread[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1452:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, model, len);
data/sane-backends-1.0.31/backend/kodakaio.c:1573:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reply[8];
data/sane-backends-1.0.31/backend/kodakaio.c:1720:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->line_buffer + s->bytes_read_in_line, s->ptr, bytes_to_copy);
data/sane-backends-1.0.31/backend/kodakaio.c:1871:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rx[8];
data/sane-backends-1.0.31/backend/kodakaio.c:2045:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IP[1024];
data/sane-backends-1.0.31/backend/kodakaio.c:2313:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[AVAHI_ADDRESS_STR_MAX];
data/sane-backends-1.0.31/backend/kodakaio.c:2503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/sane-backends-1.0.31/backend/kodakaio.c:2558:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IP[1024];
data/sane-backends-1.0.31/backend/kodakaio.c:2816:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(res_list[1]), s->hw->cap->res_list, s->hw->cap->res_list_size * sizeof(SANE_Word));
data/sane-backends-1.0.31/backend/kodakaio.c:3456:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
RawScan = fopen(RawScanPath, "wb");/* open the debug file if it has a name */
data/sane-backends-1.0.31/backend/kvs1025.c:160:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dev->params[1], &dev->params[0], sizeof (SANE_Parameters));
data/sane-backends-1.0.31/backend/kvs1025.c:407:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->img_pt[side], size);
data/sane-backends-1.0.31/backend/kvs1025_cmds.h:32:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cdb[12];
data/sane-backends-1.0.31/backend/kvs1025_cmds.h:69:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reserved[16];
data/sane-backends-1.0.31/backend/kvs1025_cmds.h:70:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense[18];
data/sane-backends-1.0.31/backend/kvs1025_low.c:835:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pt, buffer, size);
data/sane-backends-1.0.31/backend/kvs1025_low.c:917:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pt[current_side], buffer, size);
data/sane-backends-1.0.31/backend/kvs1025_low.h:24:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:25:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:29:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:30:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:31:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:35:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:36:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:37:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:38:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/kvs1025_low.h:43:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/kvs1025_low.h:44:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/kvs1025_low.h:45:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/kvs1025_low.h:46:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/kvs1025_low.h:50:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[0] << 16) | \
data/sane-backends-1.0.31/backend/kvs1025_low.h:51:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 8) | \
data/sane-backends-1.0.31/backend/kvs1025_low.h:52:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 0))
data/sane-backends-1.0.31/backend/kvs1025_low.h:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/kvs1025_low.h:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_type_str[32];
data/sane-backends-1.0.31/backend/kvs1025_low.h:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[12];
data/sane-backends-1.0.31/backend/kvs1025_low.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[20];
data/sane-backends-1.0.31/backend/kvs1025_low.h:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[8];
data/sane-backends-1.0.31/backend/kvs1025_low.h:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[100];
data/sane-backends-1.0.31/backend/kvs1025_opt.c:1369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/kvs1025_opt.c:1384:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/kvs1025_opt.c:1387:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/kvs1025_usb.c:77:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dev->scsi_type_str, "ADF Scanner");
data/sane-backends-1.0.31/backend/kvs1025_usb.c:78:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dev->scsi_vendor, "Panasonic");
data/sane-backends-1.0.31/backend/kvs1025_usb.c:84:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dev->scsi_version, "1.00");
data/sane-backends-1.0.31/backend/kvs1025_usb.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usb_str[18];
data/sane-backends-1.0.31/backend/kvs1025_usb.c:112:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(usb_str,"usb %#04x %#04x",VENDOR_ID,KV_S1020C);
data/sane-backends-1.0.31/backend/kvs1025_usb.c:115:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(usb_str,"usb %#04x %#04x",VENDOR_ID,KV_S1025C);
data/sane-backends-1.0.31/backend/kvs1025_usb.c:118:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(usb_str,"usb %#04x %#04x",VENDOR_ID,KV_S1045C);
data/sane-backends-1.0.31/backend/kvs1025_usb.c:206:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd_buff[24];
data/sane-backends-1.0.31/backend/kvs1025_usb.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd_buff + 12, header->cdb, header->cdb_size);
data/sane-backends-1.0.31/backend/kvs20xx.c:118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (devlist[i], &known_devices[curr_scan_dev].scanner,
data/sane-backends-1.0.31/backend/kvs20xx.c:493:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, head);
data/sane-backends-1.0.31/backend/kvs20xx.c:498:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, ls);
data/sane-backends-1.0.31/backend/kvs20xx.c:501:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, tail);
data/sane-backends-1.0.31/backend/kvs20xx.c:517:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, s->data + s->read, *len);
data/sane-backends-1.0.31/backend/kvs20xx.h:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, (u8 *) &x, sizeof (x));
data/sane-backends-1.0.31/backend/kvs20xx_cmd.c:36:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (h + 1, c->cmd, c->cmd_size);
data/sane-backends-1.0.31/backend/kvs20xx_cmd.c:70:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (h + 1, c->data, c->data_size);
data/sane-backends-1.0.31/backend/kvs20xx_cmd.c:141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, c->cmd, c->cmd_size);
data/sane-backends-1.0.31/backend/kvs20xx_cmd.c:142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer + c->cmd_size, c->data, c->data_size);
data/sane-backends-1.0.31/backend/kvs20xx_cmd.c:330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, c.data, *size);
data/sane-backends-1.0.31/backend/kvs20xx_cmd.h:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MAX_CMD_SIZE];
data/sane-backends-1.0.31/backend/kvs20xx_cmd.h:66:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[RESPONSE_SIZE];
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:800:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (params, p, sizeof (SANE_Parameters));
data/sane-backends-1.0.31/backend/kvs40xx.c:221:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (devlist[i], &known_devices[curr_scan_dev].scanner,
data/sane-backends-1.0.31/backend/kvs40xx.c:371:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16];
data/sane-backends-1.0.31/backend/kvs40xx.c:682:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->data + BUF_SIZE - s->read, *len);
data/sane-backends-1.0.31/backend/kvs40xx.c:697:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s->data, *len);
data/sane-backends-1.0.31/backend/kvs40xx.h:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/sane-backends-1.0.31/backend/kvs40xx.h:196:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[32];
data/sane-backends-1.0.31/backend/kvs40xx.h:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, (u8 *) &x, sizeof (x));
data/sane-backends-1.0.31/backend/kvs40xx.h:240:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, (u8 *) &x, sizeof (x));
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:74:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[MAX_CMD_SIZE];
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:83:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[RESPONSE_SIZE];
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (h + 1, c->cmd, c->cmd_size);
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:149:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (h + 1, c->data, c->data_size);
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:316:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, c->cmd, c->cmd_size);
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer + c->cmd_size, c->data, c->data_size);
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:533:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, c.data, *size);
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:554:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (inf, c.data, sizeof (*inf));
data/sane-backends-1.0.31/backend/kvs40xx_cmd.c:575:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (id, (unsigned char *)c.data + 16, 16);
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:1415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (params, p, sizeof (SANE_Parameters));
data/sane-backends-1.0.31/backend/leo.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/leo.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_buf[17];
data/sane-backends-1.0.31/backend/leo.c:184:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/leo.c:187:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/leo.c:190:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
asc_ptr += sprintf (asc_ptr, "%c", *p);
data/sane-backends-1.0.31/backend/leo.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_vendor, dev->buffer + 0x08, 0x08);
data/sane-backends-1.0.31/backend/leo.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_product, dev->buffer + 0x10, 0x010);
data/sane-backends-1.0.31/backend/leo.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_version, dev->buffer + 0x20, 0x04);
data/sane-backends-1.0.31/backend/leo.c:501:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[48];
data/sane-backends-1.0.31/backend/leo.c:1084:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src, dev->buffer, dev->params.bytes_per_line);
data/sane-backends-1.0.31/backend/leo.c:1117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image + dev->image_begin, size);
data/sane-backends-1.0.31/backend/leo.c:1194:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_R[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/leo.c:1195:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_G[GAMMA_LENGTH]; /* also gray */
data/sane-backends-1.0.31/backend/leo.c:1196:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_B[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/leo.c:1300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/leo.c:1416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_R, gamma_init, dev->opt[OPT_GAMMA_VECTOR_R].size);
data/sane-backends-1.0.31/backend/leo.c:1417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_G, gamma_init, dev->opt[OPT_GAMMA_VECTOR_G].size);
data/sane-backends-1.0.31/backend/leo.c:1418:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_B, gamma_init, dev->opt[OPT_GAMMA_VECTOR_B].size);
data/sane-backends-1.0.31/backend/leo.c:1419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_GRAY, gamma_init, dev->opt[OPT_GAMMA_VECTOR_GRAY].size);
data/sane-backends-1.0.31/backend/leo.c:1506:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, dev->val[option].wa, dev->opt[option].size);
data/sane-backends-1.0.31/backend/leo.c:1629:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->val[option].wa, val, dev->opt[option].size);
data/sane-backends-1.0.31/backend/leo.h:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/leo.h:76:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:77:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:81:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:82:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:83:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:87:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:88:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:89:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:90:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/leo.h:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/leo.h:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/leo.h:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/leo.h:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/leo.h:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[5];
data/sane-backends-1.0.31/backend/leo.h:362:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/leo.h:363:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/leo.h:364:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/leo.h:365:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/leo.h:368:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 16) | \
data/sane-backends-1.0.31/backend/leo.h:369:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 8) | \
data/sane-backends-1.0.31/backend/leo.h:370:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 0))
data/sane-backends-1.0.31/backend/leo.h:373:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 8) | \
data/sane-backends-1.0.31/backend/leo.h:374:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 0))
data/sane-backends-1.0.31/backend/leo.h:379:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char halftone_pattern_t[256];
data/sane-backends-1.0.31/backend/lexmark_low.c:425:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdbg = fopen (title, "wb");
data/sane-backends-1.0.31/backend/lexmark_low.c:1166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[2048];
data/sane-backends-1.0.31/backend/lexmark_low.c:1193:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (msg + i * 5, "0x%02x ", shadow_regs[i]);
data/sane-backends-1.0.31/backend/lexmark_low.c:1352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titre[80];
data/sane-backends-1.0.31/backend/lexmark_low.c:1354:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (titre, "lgn%03d.pnm", numero);
data/sane-backends-1.0.31/backend/lexmark_low.c:1355:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trace = fopen (titre, "wb");
data/sane-backends-1.0.31/backend/lexmark_low.c:2186:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
img = fopen ("find_bwd.pnm", "wb");
data/sane-backends-1.0.31/backend/lexmark_low.c:2788:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdbg = fopen ("find_start.pnm", "wb");
data/sane-backends-1.0.31/backend/lexmark_low.c:2818:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdbg = fopen ("find_start_after.pnm", "wb");
data/sane-backends-1.0.31/backend/lexmark_low.c:5428:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, rb->readptr, available_bytes);
data/sane-backends-1.0.31/backend/lexmark_low.c:5436:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, rb->readptr, rqst_size);
data/sane-backends-1.0.31/backend/lexmark_low.c:5450:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, rb->readptr, available_bytes);
data/sane-backends-1.0.31/backend/lexmark_low.c:5461:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, rb->readptr, rqst_size);
data/sane-backends-1.0.31/backend/lexmark_low.c:5539:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[20];
data/sane-backends-1.0.31/backend/lexmark_low.c:5601:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "offset%02x.pnm", ro);
data/sane-backends-1.0.31/backend/lexmark_low.c:5679:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[20];
data/sane-backends-1.0.31/backend/lexmark_low.c:5728:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "gain%02d.pnm", i);
data/sane-backends-1.0.31/backend/ma1509.c:146:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) buffer_byte, " %02x", *pp);
data/sane-backends-1.0.31/backend/ma1509.c:373:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) inquiry_text, "%c",
data/sane-backends-1.0.31/backend/ma1509.c:377:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) inquiry_byte, " %02x", *pp);
data/sane-backends-1.0.31/backend/ma1509.c:399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev, &new_dev, sizeof (*dev));
data/sane-backends-1.0.31/backend/ma1509.c:1525:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/ma1509.c:1572:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/ma1509.c:1931:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, s->buffer_start, *len);
data/sane-backends-1.0.31/backend/magicolor.c:305:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, buf, buf_size);
data/sane-backends-1.0.31/backend/magicolor.c:313:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/backend/magicolor.c:370:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/sane-backends-1.0.31/backend/magicolor.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024], fmt_buf[1024];
data/sane-backends-1.0.31/backend/magicolor.c:420:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt_buf, " 0x%04lx ", (unsigned long)k);
data/sane-backends-1.0.31/backend/magicolor.c:426:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (fmt_buf, " %02x" , buf[k]);
data/sane-backends-1.0.31/backend/magicolor.c:459:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b+6, arg1, len1);
data/sane-backends-1.0.31/backend/magicolor.c:493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b+6, arg1, len1);
data/sane-backends-1.0.31/backend/magicolor.c:501:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b+10+len1, arg2, len2);
data/sane-backends-1.0.31/backend/magicolor.c:609:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params[1];
data/sane-backends-1.0.31/backend/magicolor.c:702:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char params1[4], params2[1];
data/sane-backends-1.0.31/backend/magicolor.c:768:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buf, returned[0x0b];
data/sane-backends-1.0.31/backend/magicolor.c:800:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *txbuf, rxbuf[8];
data/sane-backends-1.0.31/backend/magicolor.c:873:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char param[0x11];
data/sane-backends-1.0.31/backend/magicolor.c:977:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char param[4];
data/sane-backends-1.0.31/backend/magicolor.c:1061:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, model, len);
data/sane-backends-1.0.31/backend/magicolor.c:1276:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[0x0b];
data/sane-backends-1.0.31/backend/magicolor.c:1339:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->line_buffer + s->bytes_read_in_line, s->ptr, bytes_to_copy);
data/sane-backends-1.0.31/backend/magicolor.c:1389:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, s->ptr, bytes_to_copy);
data/sane-backends-1.0.31/backend/magicolor.c:1631:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IP[1024];
data/sane-backends-1.0.31/backend/magicolor.c:1837:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr[1024];
data/sane-backends-1.0.31/backend/magicolor.c:1858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_addr[1024] = "";
data/sane-backends-1.0.31/backend/magicolor.c:1859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[1024] = "";
data/sane-backends-1.0.31/backend/magicolor.c:1860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[1024] = "";
data/sane-backends-1.0.31/backend/magicolor.c:1936:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(model, vp->val.string, model_len);
data/sane-backends-1.0.31/backend/magicolor.c:2147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/sane-backends-1.0.31/backend/magicolor.c:2197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IP[1024];
data/sane-backends-1.0.31/backend/magicolor.c:2431:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(res_list[1]), s->hw->cap->res_list, s->hw->cap->res_list_size * sizeof(SANE_Word));
data/sane-backends-1.0.31/backend/matsushita.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/matsushita.c:501:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/matsushita.c:504:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/matsushita.c:714:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_vendor, dev->buffer + 0x08, 0x08);
data/sane-backends-1.0.31/backend/matsushita.c:716:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_product, dev->buffer + 0x10, 0x010);
data/sane-backends-1.0.31/backend/matsushita.c:718:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_version, dev->buffer + 0x20, 0x04);
data/sane-backends-1.0.31/backend/matsushita.c:1383:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[72];
data/sane-backends-1.0.31/backend/matsushita.c:1650:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->image + dev->image_end, dev->buffer, size);
data/sane-backends-1.0.31/backend/matsushita.c:1679:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image + dev->image_begin, size);
data/sane-backends-1.0.31/backend/matsushita.c:1713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/matsushita.h:56:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/matsushita.h:72:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:73:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:77:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:78:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:79:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:83:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:84:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:85:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/matsushita.h:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/matsushita.h:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/matsushita.h:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/matsushita.h:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/matsushita.h:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[5];
data/sane-backends-1.0.31/backend/matsushita.h:366:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/matsushita.h:367:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/matsushita.h:368:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/matsushita.h:369:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/microtek.c:161:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _mdebug_string[MAX_MDBG_LENGTH];
data/sane-backends-1.0.31/backend/microtek.c:1496:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[0x60] = {
data/sane-backends-1.0.31/backend/microtek.c:1929:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_id[64], model_name[64], revision_num[16];
data/sane-backends-1.0.31/backend/microtek.c:2132:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[0x60];
data/sane-backends-1.0.31/backend/microtek.c:2660:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rb->base + start, s->scsi_buffer, length);
data/sane-backends-1.0.31/backend/microtek.c:2664:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rb->base + start, s->scsi_buffer, chunk1);
data/sane-backends-1.0.31/backend/microtek.c:2665:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rb->base, s->scsi_buffer + chunk1, chunk2);
data/sane-backends-1.0.31/backend/microtek.c:3032:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_buffer, rb->base + rb->head_complete, ret_length);
data/sane-backends-1.0.31/backend/microtek.c:3037:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_buffer, rb->base + rb->head_complete, chunk1);
data/sane-backends-1.0.31/backend/microtek.c:3038:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_buffer + chunk1, rb->base, chunk2);
data/sane-backends-1.0.31/backend/microtek.c:3060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/microtek.c:3415:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, val[option].wa, sod[option].size);
data/sane-backends-1.0.31/backend/microtek.c:3616:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val[option].wa, value, sod[option].size);
data/sane-backends-1.0.31/backend/microtek.h:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_id[9];
data/sane-backends-1.0.31/backend/microtek.h:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[17];
data/sane-backends-1.0.31/backend/microtek.h:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char revision_num[5];
data/sane-backends-1.0.31/backend/microtek.h:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor_string[21];
data/sane-backends-1.0.31/backend/microtek2.c:781:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &md->info[source_info],
data/sane-backends-1.0.31/backend/microtek2.c:1436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[SANE_MAX_USERNAME_LEN];
data/sane-backends-1.0.31/backend/microtek2.c:1437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[SANE_MAX_PASSWORD_LEN];
data/sane-backends-1.0.31/backend/microtek2.c:1438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/sane-backends-1.0.31/backend/microtek2.c:1454:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(PASSWD_FILE, "r");
data/sane-backends-1.0.31/backend/microtek2.c:1556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputline[100];
data/sane-backends-1.0.31/backend/microtek2.c:1568:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, " %4d: ", o * BPL);
data/sane-backends-1.0.31/backend/microtek2.c:1577:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%02x", area[o * BPL + i]);
data/sane-backends-1.0.31/backend/microtek2.c:1593:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%c", isprint(area[o * BPL + i])
data/sane-backends-1.0.31/backend/microtek2.c:1615:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputline[100];
data/sane-backends-1.0.31/backend/microtek2.c:1626:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%02x,", *(area + i));
data/sane-backends-1.0.31/backend/microtek2.c:1647:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, mode);
data/sane-backends-1.0.31/backend/microtek2.c:1900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PATH_MAX];
data/sane-backends-1.0.31/backend/microtek2.c:3129:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, val[option].wa, sod[option].size);
data/sane-backends-1.0.31/backend/microtek2.c:3198:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val[option].wa, value, sod[option].size);
data/sane-backends-1.0.31/backend/microtek2.c:4223:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + SG_CMD_L, ms->gamma_table, 3 * ms->lut_size_bytes);
data/sane-backends-1.0.31/backend/microtek2.c:4251:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + SG_CMD_L,
data/sane-backends-1.0.31/backend/microtek2.c:4861:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + SSI_CMD_L, shading_data, length);
data/sane-backends-1.0.31/backend/microtek2.c:5661:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("shading_buf_w.pnm", "w");
data/sane-backends-1.0.31/backend/microtek2.c:5751:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile_w = fopen("microtek2_shading_w.pnm", "w");
data/sane-backends-1.0.31/backend/microtek2.c:5757:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile_d = fopen("microtek2_shading_d.pnm", "w");
data/sane-backends-1.0.31/backend/microtek2.c:5828:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("microtek2_cshading_w.pnm", "w");
data/sane-backends-1.0.31/backend/microtek2.c:8313:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*temp_current, ms->buf.src_buf, ms->transfer_length);
data/sane-backends-1.0.31/backend/microtek2.h:858:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX]; /* name from config file */
data/sane-backends-1.0.31/backend/mustek.c:295:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) bytetxt, " %02x", *pp);
data/sane-backends-1.0.31/backend/mustek.c:604:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) cmd_byte, " %02x", *pp);
data/sane-backends-1.0.31/backend/mustek.c:628:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) cmd_byte, " %02x", *pp);
data/sane-backends-1.0.31/backend/mustek.c:1041:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) inquiry_text, "%c",
data/sane-backends-1.0.31/backend/mustek.c:1045:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((SANE_String) inquiry_byte, " %02x", *pp);
data/sane-backends-1.0.31/backend/mustek.c:1129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev, &new_dev, sizeof (*dev));
data/sane-backends-1.0.31/backend/mustek.c:3447:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, s->ld.buf[0], num_saved_lines * bpl);
data/sane-backends-1.0.31/backend/mustek.c:3483:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->ld.buf[0], out + num_lines * bpl,
data/sane-backends-1.0.31/backend/mustek.c:3529:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, s->ld.buf[0], num_saved_lines * bpl);
data/sane-backends-1.0.31/backend/mustek.c:3575:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->ld.buf[0], out + num_lines * bpl, num_saved_lines * bpl);
data/sane-backends-1.0.31/backend/mustek.c:3842:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->ld.buf[s->ld.color] + s->ld.saved[s->ld.color]
data/sane-backends-1.0.31/backend/mustek.c:3981:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, raw, num_lines * bpl);
data/sane-backends-1.0.31/backend/mustek.c:4073:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out, s->ld.buf[0], num_saved_lines * bpl);
data/sane-backends-1.0.31/backend/mustek.c:4126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->ld.buf[0], out + num_lines * bpl,
data/sane-backends-1.0.31/backend/mustek.c:5839:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/mustek.c:5916:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/mustek_pp.c:704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[1024];
data/sane-backends-1.0.31/backend/mustek_pp.c:724:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver_name[64];
data/sane-backends-1.0.31/backend/mustek_pp.c:1133:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((status = dev->func->open (dev->port, dev->caps, &fd)) != SANE_STATUS_GOOD) {
data/sane-backends-1.0.31/backend/mustek_pp.c:1333:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, hndl->val[option].wa, hndl->opt[option].size);
data/sane-backends-1.0.31/backend/mustek_pp.c:1388:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hndl->val[option].wa, val, hndl->opt[option].size);
data/sane-backends-1.0.31/backend/mustek_pp.h:109:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SANE_Status (*open)(SANE_String port, SANE_Int caps, SANE_Int *fd);
data/sane-backends-1.0.31/backend/mustek_pp_ccd300.c:1762:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (optval);
data/sane-backends-1.0.31/backend/mustek_pp_ccd300.c:1784:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (optval);
data/sane-backends-1.0.31/backend/mustek_pp_ccd300.c:1805:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi (optval);
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:135:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
M1015_LOG_1 = fopen("cis_ll.log", "w");
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:206:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hl_prev_line[4096], hl_next_line[4096], hl_repeat_count;
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:218:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
M1015_LOG_2 = fopen("cis_hl.log", "w");\
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:313:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[Mustek_PP_1015_RING_BUFFER_SIZE][64];
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:323:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(current, "---- (---) --------");
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:327:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(current, "0x%02X (%3d) ", val & 0xFF, val & 0xFF);
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:330:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(current+11+i, "%d", (val >> (7-i)) & 1);
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:2471:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(optval);
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:2497:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(optval);
data/sane-backends-1.0.31/backend/mustek_usb.c:1231:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/mustek_usb.c:1283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/mustek_usb.c:1530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, s->hw->scan_buffer_start, *len);
data/sane-backends-1.0.31/backend/mustek_usb2.c:1041:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pImageRows->pBuffer,
data/sane-backends-1.0.31/backend/mustek_usb2.c:2105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&s->model, &mustek_A2nu2_model, sizeof (Scanner_Model));
data/sane-backends-1.0.31/backend/mustek_usb2.c:2555:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->Scan_data_buf, tempbuf, s->scan_buffer_len);
data/sane-backends-1.0.31/backend/mustek_usb2.c:2589:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, s->Scan_data_buf_start, lines_read);
data/sane-backends-1.0.31/backend/mustek_usb2_high.c:2362:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (g_lpBefLineImageData, lpTemp, g_SWBytesPerRow);
data/sane-backends-1.0.31/backend/mustek_usb2_high.c:2369:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (g_lpBefLineImageData,
data/sane-backends-1.0.31/backend/mustek_usb2_high.c:2616:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (g_lpBefLineImageData, lpTemp, g_SWBytesPerRow);
data/sane-backends-1.0.31/backend/mustek_usb2_high.c:2623:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (g_lpBefLineImageData,
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:663:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/AD(Ref).pnm\n", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:664:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P6\n%d %d\n255\n\n", wCalWidth, 1);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1197:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/bound(Ref).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1204:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P5\n%d %d\n255\n", wCalWidth, wCalHeight);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1524:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/whiteshading(Ref).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1525:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P6\n%d %d\n65535\n", wCalWidth, wCalHeight);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1531:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/darkshading(Ref).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1532:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P6\n%d %d\n65535\n", wCalWidth, wCalHeight);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:699:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/AD(Tra).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:700:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P6\n%d %d\n255\n", wCalWidth, 3);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1193:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/bound(Tra).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1194:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P5\n%d %d\n255\n", wCalWidth, wCalHeight);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1377:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/whiteshading(Tra).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1378:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P6\n%d %d\n65535\n", wCalWidth, wCalHeight);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1384:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/root/darkshading(Tra).pnm", "wb+\n");
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lpBuf, "P6\n%d %d\n65535\n", wCalWidth, wCalHeight);
data/sane-backends-1.0.31/backend/nec.c:300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sdat->sb, sense_buffer, 16);
data/sane-backends-1.0.31/backend/nec.c:540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (winp, wp, len);
data/sane-backends-1.0.31/backend/nec.c:883:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(bc->buffer[bc->start]), copysize);
data/sane-backends-1.0.31/backend/nec.c:988:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inquiry_data[INQUIRY_LEN];
data/sane-backends-1.0.31/backend/nec.c:1875:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnam[PATH_MAX] = "/dev/scanner";
data/sane-backends-1.0.31/backend/nec.c:1876:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/nec.c:2268:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/nec.c:2515:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
= atoi(s->opt[OPT_RESOLUTION_LIST].constraint.string_list[i]);
data/sane-backends-1.0.31/backend/nec.c:2530:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/nec.c:2665:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf((char *) p, "%i", val.wa[0]);
data/sane-backends-1.0.31/backend/nec.c:2667:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf((char *) p, ",%i", val.wa[i] > 255 ? 255 : val.wa[i]);
data/sane-backends-1.0.31/backend/nec.c:2813:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf((char *) &cmd[10], "%i/%i/%i/%i",
data/sane-backends-1.0.31/backend/nec.c:3535:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf, &(s->buffer[s->buf_pos]), transfer);
data/sane-backends-1.0.31/backend/nec.c:3636:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dst_buf[*len]), s->buffer, transfer);
data/sane-backends-1.0.31/backend/net.c:304:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sin->sin_addr, he->h_addr_list[0], he->h_length);
data/sane-backends-1.0.31/backend/net.c:613:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->local_opt.desc[option_number], s->opt.desc[option_number],
data/sane-backends-1.0.31/backend/net.c:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[AVAHI_ADDRESS_STR_MAX];
data/sane-backends-1.0.31/backend/net.c:946:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[PATH_MAX];
data/sane-backends-1.0.31/backend/net.c:1036:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connect_timeout = atoi(optval);
data/sane-backends-1.0.31/backend/net.c:1114:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connect_timeout = atoi(env);
data/sane-backends-1.0.31/backend/net.c:1454:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, full_name + 1, dev_name - full_name - 2);
data/sane-backends-1.0.31/backend/net.c:1459:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, full_name, dev_name - full_name);
data/sane-backends-1.0.31/backend/net.c:1465:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, full_name, dev_name - full_name);
data/sane-backends-1.0.31/backend/net.c:1487:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (nd_name, full_name + 1, strlen (full_name) - 2);
data/sane-backends-1.0.31/backend/net.c:1814:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, reply.value, reply.value_size);
data/sane-backends-1.0.31/backend/niash.c:127:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char CalWhite[3]; /* values for the last calibration of white */
data/sane-backends-1.0.31/backend/niash.c:402:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char CalWhite[2][3]; /* toggling buffer */
data/sane-backends-1.0.31/backend/niash.c:981:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szTable[100];
data/sane-backends-1.0.31/backend/niash.c:1036:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pVal, s->aValues[n].wa, s->aOptions[n].size);
data/sane-backends-1.0.31/backend/niash.c:1042:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy ((char *) pVal, modeList[s->aValues[optMode].w]);
data/sane-backends-1.0.31/backend/niash.c:1124:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->aValues[n].wa, pVal, s->aOptions[n].size);
data/sane-backends-1.0.31/backend/niash.c:1127:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (szTable, "Gamma table summary:");
data/sane-backends-1.0.31/backend/niash.c:1138:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (szTable + strlen(szTable), " %04X", pi[i]);
data/sane-backends-1.0.31/backend/niash.c:1282:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abGamma[HW_GAMMA_SIZE];
data/sane-backends-1.0.31/backend/niash.c:1283:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abCalibTable[HW_PIXELS * 6];
data/sane-backends-1.0.31/backend/niash.c:1447:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf,
data/sane-backends-1.0.31/backend/niash_core.c:318:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abGamma[60000];
data/sane-backends-1.0.31/backend/niash_core.c:368:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&abGamma[j], pabCalibTable, HW_PIXELS * 6);
data/sane-backends-1.0.31/backend/niash_core.c:516:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abMotor[512];
data/sane-backends-1.0.31/backend/niash_core.c:770:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pabLine, &p->pabXferBuf[p->iCurLine * p->iBytesPerLine],
data/sane-backends-1.0.31/backend/niash_core.c:1217:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abGamma[4096];
data/sane-backends-1.0.31/backend/niash_core.c:1219:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abBuf[HW_PIXELS * 3 * 71]; /* Carefull : see startWhite and endWhite below */
data/sane-backends-1.0.31/backend/niash_core.c:1220:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abLine[HW_PIXELS * 3];
data/sane-backends-1.0.31/backend/niash_core.c:1221:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char abWhite[HW_PIXELS * 3];
data/sane-backends-1.0.31/backend/p5.c:1272:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->buffer + dev->position, *len);
data/sane-backends-1.0.31/backend/p5.c:1314:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->buffer,
data/sane-backends-1.0.31/backend/p5_device.c:492:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDWR);
data/sane-backends-1.0.31/backend/p5_device.c:928:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + read * length, inbuffer + 1, length);
data/sane-backends-1.0.31/backend/p5_device.c:1048:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[256];
data/sane-backends-1.0.31/backend/p5_device.c:1253:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdbg = fopen (name, "wb");
data/sane-backends-1.0.31/backend/p5_device.c:1269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[PATH_MAX];
data/sane-backends-1.0.31/backend/p5_device.c:1310:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcalib = fopen (fname, "rb");
data/sane-backends-1.0.31/backend/p5_device.c:1377:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcalib = fopen (fname, "wb");
data/sane-backends-1.0.31/backend/p5_device.c:1430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[40];
data/sane-backends-1.0.31/backend/p5_device.c:1432:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *dbg = fopen ("debug.pnm", "wb");
data/sane-backends-1.0.31/backend/p5_device.c:1563:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "calibration-white-%d.pnm",
data/sane-backends-1.0.31/backend/p5_device.c:1566:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (title, "calibration-black-%d.pnm",
data/sane-backends-1.0.31/backend/pie.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9]; /* will be xxxxx */
data/sane-backends-1.0.31/backend/pie.c:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[17]; /* e.g. "SuperVista_S12" or so */
data/sane-backends-1.0.31/backend/pie.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5]; /* e.g. V1.3 */
data/sane-backends-1.0.31/backend/pie.c:353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80], *p = s;
data/sane-backends-1.0.31/backend/pie.c:359:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf (p, " %04X ", a);
data/sane-backends-1.0.31/backend/pie.c:361:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf (p, "%02X ", *buf++);
data/sane-backends-1.0.31/backend/pie.c:854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/sane-backends-1.0.31/backend/pie.c:855:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[0x11];
data/sane-backends-1.0.31/backend/pie.c:856:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5];
data/sane-backends-1.0.31/backend/pie.c:859:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inquiry_block[256];
data/sane-backends-1.0.31/backend/pie.c:939:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/sane-backends-1.0.31/backend/pie.c:962:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:972:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:1027:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[280];
data/sane-backends-1.0.31/backend/pie.c:1038:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:1482:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:1493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:1519:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:1530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:1585:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:1596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:1818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (send_buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:1991:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:2081:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:2093:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, swrite.cmd, swrite.size);
data/sane-backends-1.0.31/backend/pie.c:2142:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:2153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, smode.cmd, smode.size);
data/sane-backends-1.0.31/backend/pie.c:2394:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/sane-backends-1.0.31/backend/pie.c:2615:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (red_in, buffer + 2, bytes_per_line);
data/sane-backends-1.0.31/backend/pie.c:2631:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (green_in, buffer + 2, bytes_per_line);
data/sane-backends-1.0.31/backend/pie.c:2935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/pie.c:3283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->val[option].wa, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/pie.c:3360:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->val[option].wa, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/pieusb.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/pieusb.c:625:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->val[option].wa, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/pieusb.c:714:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->val[option].wa, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/pieusb_buffer.c:159:25: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
buffer->data_file = mkstemp(buffer->buffer_name);
data/sane-backends-1.0.31/backend/pieusb_buffer.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_name[L_tmpnam];
data/sane-backends-1.0.31/backend/pieusb_specific.c:325:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, inq->vendor, 8);
data/sane-backends-1.0.31/backend/pieusb_specific.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, inq->product, 16);
data/sane-backends-1.0.31/backend/pieusb_specific.c:349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, inq->productRevision, 4);
data/sane-backends-1.0.31/backend/pieusb_specific.c:1260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[64];
data/sane-backends-1.0.31/backend/pieusb_specific.c:1264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (¶meters, &scanner->scan_parameters, sizeof (SANE_Parameters));
data/sane-backends-1.0.31/backend/pieusb_specific.c:1412:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen (filename, "w");
data/sane-backends-1.0.31/backend/pieusb_specific.c:1758:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fs = fopen("pieusb.shading", "w");
data/sane-backends-1.0.31/backend/pieusb_specific.c:2114:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fs = fopen ("pieusb.ccd", "w");
data/sane-backends-1.0.31/backend/pieusb_usb.c:392:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": Logical unit is in the process of becoming ready");
data/sane-backends-1.0.31/backend/pieusb_usb.c:396:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, ": senseCode 0x%02x, senseQualifier 0x%02x", sense->senseCode, sense->senseQualifier);
data/sane-backends-1.0.31/backend/pieusb_usb.c:402:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": Invalid field in parameter list");
data/sane-backends-1.0.31/backend/pieusb_usb.c:406:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": Invalid command operation code");
data/sane-backends-1.0.31/backend/pieusb_usb.c:410:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": Calibration disable not granted");
data/sane-backends-1.0.31/backend/pieusb_usb.c:414:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": I/O process terminated");
data/sane-backends-1.0.31/backend/pieusb_usb.c:418:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": MODE SELECT value invalid: resolution too high (vs)");
data/sane-backends-1.0.31/backend/pieusb_usb.c:422:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": MODE SELECT value invalid: select only one color (vs)");
data/sane-backends-1.0.31/backend/pieusb_usb.c:426:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptr, ": MODE SELECT value invalid: unsupported bit depth (vs)");
data/sane-backends-1.0.31/backend/pieusb_usb.c:446:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, ": senseCode 0x%02x, senseQualifier 0x%02x", sense->senseCode, sense->senseQualifier);
data/sane-backends-1.0.31/backend/pint.c:116:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (devname, O_RDONLY, 0);
data/sane-backends-1.0.31/backend/pint.c:544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[gobble_up_buf_len];
data/sane-backends-1.0.31/backend/pint.c:571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/pint.c:819:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s->fd = open (s->hw->sane.name, O_RDONLY, 0);
data/sane-backends-1.0.31/backend/pixma/pixma.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char button_option_is_cached[BUTTON_GROUP_SIZE];
data/sane-backends-1.0.31/backend/pixma/pixma.c:218:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (str) ? atoi (str) : def;
data/sane-backends-1.0.31/backend/pixma/pixma.c:1452:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src->linebuffer + src->linebuffer_index, *length);
data/sane-backends-1.0.31/backend/pixma/pixma.c:1520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src->linebuffer + src->linebuffer_index, *length);
data/sane-backends-1.0.31/backend/pixma/pixma.h:347:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lineart_lut[256];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:173:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hdigit[16] =
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100]; /* actually only 1+8+1+8*3+1+8*3+1 = 61 bytes needed */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_addr[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:326:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(addr_string, "Unknown address family");
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[BJNP_IEEE1284_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[1024];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_string[256];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanner_id[BJNP_IEEE1284_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:755:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[BJNP_RESP_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:760:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (model, "Unidentified scanner");
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_address[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:818:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[64];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:842:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(service, "%d", port);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:982:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &local_sa_copy, local_sa, sa_size(local_sa) );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1003:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_sa, broadcast_sa, sa_size(dest_sa) );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[BJNP_RESP_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[BJNP_CMD_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[BJNP_RESP_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_host[256];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1220:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( status, response->status, size);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[BJNP_CMD_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[BJNP_RESP_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[BJNP_CMD_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp_buf[BJNP_RESP_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (bjnp_buf.scan_data, buf, count);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device[dn].addr, sa, sa_size((bjnp_sockaddr_t *)sa) );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_hostname[HOST_NAME_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_str[64];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1671:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pid_str, "Process ID = %d", getpid ());
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1744:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[BJNP_METHOD_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1745:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1746:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[BJNP_PORT_MAX] = "";
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1747:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[BJNP_ARGS_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1768:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ip_timeout = atoi(args + strlen("timeout="));
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1788:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( port, "%d", protocol_defs->default_port );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanner_host[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[BJNP_SERIAL_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char makemodel[BJNP_MODEL_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1954:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[BJNP_METHOD_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1955:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[BJNP_PORT_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1966:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(port_str);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1985:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(args, "timeout=%d", timeout);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2025:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp_buf[2048];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2036:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanner_host[HOST_NAME_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2037:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HOST_NAME_MAX + 32];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2075:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout_default = atoi(conf_devices[i] + strlen("bjnp-timeout=") );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2246:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bjnp_id[5];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2613:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJNP_id[4]; /* string: BJNP */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown1[4]; /* 00 01 08 00 */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:194:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_addr[6]; /* printers mac address */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:197:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv4_addr[4];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:200:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv6_addr_1[16];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:201:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv6_addr_2[16];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown[8]; /* don't know what these are for */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[64]; /* hostname of sender */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[64]; /* username */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobtitle[256]; /* job title */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty0[78]; /* type 0 has only 0 */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty1[6]; /* 0 */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:231:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_host[64]; /* unicode user <space> <space> hostname */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:238:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_host[64]; /* unicode user <space> <space> hostname */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:242:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_date[16]; /* YYYYMMDDHHMMSS only for type 2 */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:248:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_host[64]; /* unicode user <space> <space> hostname */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:263:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[4]; /* unknown stuff, result[2] = 80 -> status is available*/
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:268:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char status[20]; /* interrupt status */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:281:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[BJNP_IEEE1284_MAX]; /* identity */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:285:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[BJNP_IEEE1284_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_data[65536];
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:348:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open; /* connection to scanner is opened */
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp_private.h:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_address[BJNP_HOST_MAX];
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:102:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hdigit[16] =
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100]; /* actually only 1+8+1+8*3+1+8*3+1 = 61 bytes needed */
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:235:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[50];
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:817:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
error = s->ops->open (s);
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:1003:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ib.wptr, ib.rptr, count);
data/sane-backends-1.0.31/backend/pixma/pixma_common.h:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[PIXMA_MAX_ID_LEN + 1];
data/sane-backends-1.0.31/backend/pixma/pixma_common.h:138:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open) (pixma_t *);
data/sane-backends-1.0.31/backend/pixma/pixma_imageclass.c:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mf->current_status, data, 12);
data/sane-backends-1.0.31/backend/pixma/pixma_imageclass.c:356:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, mf->cb.buf + hlen, *datalen);
data/sane-backends-1.0.31/backend/pixma/pixma_imageclass.c:426:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, size);
data/sane-backends-1.0.31/backend/pixma/pixma_imageclass.c:801:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mf->lineptr, mf->blkptr, n * s->param->line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_imageclass.c:807:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mf->blkptr, mf->blkptr + lines_size, mf->blk_len);
data/sane-backends-1.0.31/backend/pixma/pixma_io_sanei.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[PIXMA_MAX_ID_LEN + 1]; /* "xxxxyyyy_zzzzzzz..."
data/sane-backends-1.0.31/backend/pixma/pixma_io_sanei.c:186:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hdigit[16] =
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:578:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + 4, lut, 4096);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:599:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + 4, lut, 1024 * 2);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:767:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, status_len);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:781:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, status_len);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:829:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header, mp->cb.buf, hlen);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:834:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, mp->cb.buf + hlen, datalen);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:866:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:1027:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * (i % m) + i / m), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:1029:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sptr, linebuf, line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c:161:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, 12);
data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header, mp->cb.buf, hlen);
data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c:268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, mp->cb.buf + hlen, datalen);
data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c:398:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c:712:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->lbuf, mp->imgbuf, n * s->param->line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp730.c:716:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->imgbuf, mp->imgbuf + block_size, mp->imgbuf_len);
data/sane-backends-1.0.31/backend/pixma/pixma_mp750.c:175:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, 12);
data/sane-backends-1.0.31/backend/pixma/pixma_mp750.c:352:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp750.c:763:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->img, mp->img + mp->last_block_size, block_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp750.c:850:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->rawimg, mp->rawimg + n, mp->rawimg_left);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->tpu_data, data, 0x34);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:428:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, mp->tpu_data, 0x34);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:447:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + 4, lut, 4096);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:468:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data + 4, lut, 1024 * 2);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1031:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, status_len);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1044:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, status_len);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1090:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header, mp->cb.buf, hlen);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1096:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, mp->cb.buf + hlen, datalen);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, data, size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1250:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp->current_status, data, status_len);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * (i % m) + i / m), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sptr, linebuf, line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1443:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m)), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1445:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m)), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1450:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 1), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1452:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 1), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1456:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sptr, linebuf, line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1468:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (i + i8 - ((i8 > 3) ? 7 : 0)), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1470:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sptr, linebuf, line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1487:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m)), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1489:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m)), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1494:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 1), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1496:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 1), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1501:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 2), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1503:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 2), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1508:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 3), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1510:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 3), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1515:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 4), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1517:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 4), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1522:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 5), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1524:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 5), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1529:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 6), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1531:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 6), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1536:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i) % m) + ((i) / m) + 7), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1538:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (n * ((i - 1) % m) + 1 + ((i) / m) + 7), sptr + c * i, c);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1542:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sptr, linebuf, line_size);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1566:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (linebuf + c * (i + shifts[i8]), sptr + c * i, c * 2);
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:1569:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sptr, linebuf, line_size);
data/sane-backends-1.0.31/backend/plustek-pp.h:573:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open) ( const char*, void* );
data/sane-backends-1.0.31/backend/plustek-pp.h:630:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devName[PATH_MAX];
data/sane-backends-1.0.31/backend/plustek-pp_dac.c:1179:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pbDest, pbSrce, ps->BufferSizePerModel );
data/sane-backends-1.0.31/backend/plustek-pp_dac.c:1527:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->pScanBuffer1 + 64 + 8 + ps->Offset70, pData,
data/sane-backends-1.0.31/backend/plustek-pp_dac.c:1702:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->pScanBuffer1, ps->pPrescan16, 140 );
data/sane-backends-1.0.31/backend/plustek-pp_dac.c:1703:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->pScanBuffer1 + 140,
data/sane-backends-1.0.31/backend/plustek-pp_dac.c:2410:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->Bufs.b1.pShadingMap + 4096, ps->Bufs.b1.pShadingMap, 4096 );
data/sane-backends-1.0.31/backend/plustek-pp_dac.c:2411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->Bufs.b1.pShadingMap + 8192, ps->Bufs.b1.pShadingMap, 4096 );
data/sane-backends-1.0.31/backend/plustek-pp_image.c:305:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pBuf, pImg, bl );
data/sane-backends-1.0.31/backend/plustek-pp_image.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->pFilterBuf, pImage, ps->DataInf.dwAsicBytesPerPlane );
data/sane-backends-1.0.31/backend/plustek-pp_image.c:1041:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->DataInf.pCurrentBuffer +
data/sane-backends-1.0.31/backend/plustek-pp_image.c:1046:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->DataInf.pCurrentBuffer,
data/sane-backends-1.0.31/backend/plustek-pp_image.c:1052:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->DataInf.pCurrentBuffer +
data/sane-backends-1.0.31/backend/plustek-pp_image.c:1059:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->DataInf.pCurrentBuffer,
data/sane-backends-1.0.31/backend/plustek-pp_image.c:1064:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ps->DataInf.pCurrentBuffer +
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:180:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf, "Plustek Flatbed Scanner Driver version "_PTDRV_VERSTR"\n" );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:181:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf + len, "IOCTL-Version: 0x%08x\n",_PTDRV_IOCTL_VERSION);
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:198:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf+len, "Portaddress : 0x%X\n", ps->IO.portBase );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:203:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf+len, "Buttons : %u\n", ps->Device.buttons);
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:204:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf+len, "Warmuptime : %us\n", ps->warmup );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:205:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf+len, "Lamp timeout: %us\n", ps->lampoff );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:206:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf+len, "mov-switch : %u\n", ps->ModelOverride );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:207:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf+len, "I/O-delay : %u\n", ps->IO.delay );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:242:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf + len, "%u\n", b );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:248:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf( buf + len, "none\n" );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:409:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "device%u", ps->devno );
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:424:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "button%u", i );
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:279:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open: pt_drv_open,
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( where, useraddr, size );
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:366:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( useraddr, ptr, size );
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:375:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, src, len );
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:381:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, src, len );
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:1591:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char controlname[24];
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:1594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[20];
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:1635:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( controlname, "scanner/pt_drv%d", devCount );
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:1647:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(devname, "pt_drv%d", devCount);
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:1706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char controlname[24];
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:1720:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( controlname, "scanner/pt_drv%d", i );
data/sane-backends-1.0.31/backend/plustek-pp_scale.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( outBuf, inBuf, ps->DataInf.dwAppBytesPerLine );
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:126:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open( dev_name, O_RDONLY );
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:175:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &compatAdj.pos, &dev->adj.pos, sizeof(OffsDef));
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:176:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &compatAdj.neg, &dev->adj.neg, sizeof(OffsDef));
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &compatAdj.tpa, &dev->adj.tpa, sizeof(OffsDef));
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:195:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &adj.pos, &dev->adj.pos, sizeof(OffsDef));
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &adj.neg, &dev->adj.neg, sizeof(OffsDef));
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &adj.tpa, &dev->adj.tpa, sizeof(OffsDef));
data/sane-backends-1.0.31/backend/plustek-usb.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str1[PATH_MAX];
data/sane-backends-1.0.31/backend/plustek-usb.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str2[PATH_MAX];
data/sane-backends-1.0.31/backend/plustek-usb.c:210:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dev->usbDev.Caps, Settings[idx].pDevCaps, sizeof(DCapsDef));
data/sane-backends-1.0.31/backend/plustek-usb.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dev->usbDev.HwSetting, Settings[idx].pHwDef, sizeof(HWDef));
data/sane-backends-1.0.31/backend/plustek-usb.c:309:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( tmp_str1, "plustek-default" );
data/sane-backends-1.0.31/backend/plustek-usb.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[50];
data/sane-backends-1.0.31/backend/plustek-usb.c:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcbStr[10];
data/sane-backends-1.0.31/backend/plustek-usb.c:392:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pcbStr, "-%u", pcbID );
data/sane-backends-1.0.31/backend/plustek-usb.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[512];
data/sane-backends-1.0.31/backend/plustek-usb.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devStr[50];
data/sane-backends-1.0.31/backend/plustek-usb.c:667:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( devStr, "0x%04X-0x%04X", vendor, product );
data/sane-backends-1.0.31/backend/plustek-usb.c:682:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( dev->usbId, "0x%04X-0x%04X", vendor, product );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbcal.c:338:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "coarse-lamp-%u.raw", i );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:346:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "coarse-lamp-swap%u.raw", i );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:512:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbcal.c:519:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char max[3], min[3];
data/sane-backends-1.0.31/backend/plustek-usbcal.c:580:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "coarse-gain-%u.raw", i++ );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbcal.c:760:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char low[3] = {-32,-32,-32 };
data/sane-backends-1.0.31/backend/plustek-usbcal.c:761:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char now[3] = { 0, 0, 0 };
data/sane-backends-1.0.31/backend/plustek-usbcal.c:762:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char high[3] = { 31, 31, 31 };
data/sane-backends-1.0.31/backend/plustek-usbcal.c:824:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "coarse-off-%u.raw", i );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbcal.c:961:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "fine-dark.raw" );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:1050:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( a_wDarkShading + m_ScanParam.Size.dwPhyPixels,
data/sane-backends-1.0.31/backend/plustek-usbcal.c:1052:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( a_wDarkShading + m_ScanParam.Size.dwPhyPixels * 2,
data/sane-backends-1.0.31/backend/plustek-usbcal.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbcal.c:1089:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "fine-white.raw" );
data/sane-backends-1.0.31/backend/plustek-usbcal.c:1175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( a_wWhiteShading + m_ScanParam.Size.dwPhyPixels,
data/sane-backends-1.0.31/backend/plustek-usbcal.c:1177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( a_wWhiteShading + m_ScanParam.Size.dwPhyPixels * 2,
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024+30];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:279:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%u", buffer[c] );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bd[5];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:347:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case SOURCE_Transparency: strcpy( pfx, "tpa-" ); break;
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:348:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case SOURCE_Negative: strcpy( pfx, "neg-" ); break;
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:349:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case SOURCE_ADF: strcpy( pfx, "adf-" ); break;
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:353:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bd, "%u=", param->bBitDepth );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:355:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( pfx, "color" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:357:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( pfx, "gray" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[20];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:392:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( tmp, "r" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[20];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char set_tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:527:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( fn, "r+" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:552:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( fn, "w+" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[30];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:581:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:604:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( fn, "r+" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:629:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( fn, "w+" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[30];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:685:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( tmp, "r" );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:838:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp_sp, sp, sizeof(ScanParam));
data/sane-backends-1.0.31/backend/plustek-usbhw.c:956:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &hw->red_lamp_on,
data/sane-backends-1.0.31/backend/plustek-usbhw.c:964:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &hw->red_lamp_on,
data/sane-backends-1.0.31/backend/plustek-usbhw.c:1396:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( regs+0x0b, &hw->bSensorConfiguration, 4 );
data/sane-backends-1.0.31/backend/plustek-usbhw.c:1397:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( regs+0x0f, &hw->bReg_0x0f_Color, 10 );
data/sane-backends-1.0.31/backend/plustek-usbhw.c:1437:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( regs+0x54, &hw->bReg_0x54, 0x58 - 0x54 + 1 );
data/sane-backends-1.0.31/backend/plustek-usbhw.c:1446:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( regs+0x54, &hw->bReg_0x54, 0x5e - 0x54 + 1 );
data/sane-backends-1.0.31/backend/plustek-usbimg.c:734:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( scan->UserBuf.pb, scan->Green.pb, scan->sParam.Size.dwBytes );
data/sane-backends-1.0.31/backend/plustek-usbimg.c:817:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( scan->UserBuf.pb, scan->Green.pb, scan->sParam.Size.dwBytes );
data/sane-backends-1.0.31/backend/plustek-usbio.c:112:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( name, "w+b" );
data/sane-backends-1.0.31/backend/plustek-usbio.c:132:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( name, "a+b" );
data/sane-backends-1.0.31/backend/plustek-usbio.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], b2[10];
data/sane-backends-1.0.31/backend/plustek-usbio.c:194:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "0x%02x:", i );
data/sane-backends-1.0.31/backend/plustek-usbio.c:202:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buf, "XX ");
data/sane-backends-1.0.31/backend/plustek-usbio.c:205:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( b2, "%02x ", regs[i]);
data/sane-backends-1.0.31/backend/plustek-usbio.c:223:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "0x%02x:", i );
data/sane-backends-1.0.31/backend/plustek-usbio.c:230:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( buf, "XX ");
data/sane-backends-1.0.31/backend/plustek-usbio.c:232:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( b2, "%02x ", cmp[i]);
data/sane-backends-1.0.31/backend/plustek-usbio.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/sane-backends-1.0.31/backend/plustek-usbio.c:301:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "usbio_DetectLM983x: found " );
data/sane-backends-1.0.31/backend/plustek-usbio.c:305:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 4: strcat( buf, "LM9832/3" ); break;
data/sane-backends-1.0.31/backend/plustek-usbio.c:306:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 3: strcat( buf, "LM9831" ); break;
data/sane-backends-1.0.31/backend/plustek-usbio.c:307:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 2: strcat( buf, "LM9830 --> unsupported!!!" );
data/sane-backends-1.0.31/backend/plustek-usbscan.c:303:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ®s[0x0f], hw->bReg_0x0f_Color, 10 );
data/sane-backends-1.0.31/backend/plustek-usbscan.c:309:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ®s[0x0f], hw->bReg_0x0f_Mono, 10 );
data/sane-backends-1.0.31/backend/plustek-usbscan.c:315:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ®s[0x0f], hw->bReg_0x0f_Mono, 10 );
data/sane-backends-1.0.31/backend/plustek-usbscan.c:1266:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ®s[0x38], reg38, sizeof(reg38));
data/sane-backends-1.0.31/backend/plustek-usbscan.c:1267:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ®s[0x48], reg48, sizeof(reg48));
data/sane-backends-1.0.31/backend/plustek-usbshading.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[50];
data/sane-backends-1.0.31/backend/plustek-usbshading.c:136:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( fn, "w+b" );
data/sane-backends-1.0.31/backend/plustek-usbshading.c:781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbshading.c:870:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "coarse-gain-%u.raw", i++ );
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1253:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char cOffset[3];
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1352:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "coarse-off-%u.raw", i++ );
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1574:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1662:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "fine-black.raw" );
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1703:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( a_wDarkShading + m_ScanParam.Size.dwPhyPixels,
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1705:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( a_wDarkShading + m_ScanParam.Size.dwPhyPixels * 2,
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1855:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[40];
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1923:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "fine-white.raw" );
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1999:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src, dest, m_ScanParam.Size.dwPhyPixels * 3 * 2 );
data/sane-backends-1.0.31/backend/plustek.c:1088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [128];
data/sane-backends-1.0.31/backend/plustek.c:1160:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( *dest, "0x%04X-0x%04X", vi, pi );
data/sane-backends-1.0.31/backend/plustek.c:1311:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dev->adj, &cnf->adj, sizeof(AdjDef));
data/sane-backends-1.0.31/backend/plustek.c:1437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[PATH_MAX] = _DEFAULT_DEVICE;
data/sane-backends-1.0.31/backend/plustek.c:1945:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, s->val[option].wa, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:1950:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, s->val[option].wa, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:1955:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, s->val[option].wa, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:1960:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, s->val[option].wa, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:2277:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( s->val[option].wa, value, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:2285:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( s->val[option].wa, value, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:2293:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( s->val[option].wa, value, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:2301:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( s->val[option].wa, value, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek.c:2507:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &sinfo.ImgDef, &crop.ImgDef, sizeof(ImgDef));
data/sane-backends-1.0.31/backend/plustek.h:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbId[_MAX_ID_LEN];/* to keep Vendor and product */
data/sane-backends-1.0.31/backend/plustek.h:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devName[PATH_MAX];
data/sane-backends-1.0.31/backend/plustek.h:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbId[_MAX_ID_LEN];
data/sane-backends-1.0.31/backend/plustek_pp.c:264:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = dev->open((const char*)dev->name, (void *)dev );
data/sane-backends-1.0.31/backend/plustek_pp.c:1010:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dev->adj, &cnf->adj, sizeof(AdjDef));
data/sane-backends-1.0.31/backend/plustek_pp.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[PATH_MAX] = _DEFAULT_DEVICE;
data/sane-backends-1.0.31/backend/plustek_pp.c:1472:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, s->val[option].wa, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek_pp.c:1701:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( s->val[option].wa, value, s->opt[option].size );
data/sane-backends-1.0.31/backend/plustek_pp.c:1932:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(crop.ImgDef), &sinfo.ImgDef, sizeof(ImgDef));
data/sane-backends-1.0.31/backend/pnm.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[PATH_MAX] = "/tmp/input.ppm";
data/sane-backends-1.0.31/backend/pnm.c:792:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&gamma[0][0], (SANE_Word *) value,
data/sane-backends-1.0.31/backend/pnm.c:797:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&gamma[1][0], (SANE_Word *) value,
data/sane-backends-1.0.31/backend/pnm.c:802:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&gamma[2][0], (SANE_Word *) value,
data/sane-backends-1.0.31/backend/pnm.c:807:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&gamma[3][0], (SANE_Word *) value,
data/sane-backends-1.0.31/backend/pnm.c:962:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((SANE_Word *) value, &gamma[0][0],
data/sane-backends-1.0.31/backend/pnm.c:966:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((SANE_Word *) value, &gamma[1][0],
data/sane-backends-1.0.31/backend/pnm.c:970:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((SANE_Word *) value, &gamma[2][0],
data/sane-backends-1.0.31/backend/pnm.c:974:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((SANE_Word *) value, &gamma[3][0],
data/sane-backends-1.0.31/backend/pnm.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sane-backends-1.0.31/backend/pnm.c:1028:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fn = fopen (filename, "rb")) == NULL)
data/sane-backends-1.0.31/backend/pnm.c:1112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sane-backends-1.0.31/backend/pnm.c:1148:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen (filename, "rb")) == NULL)
data/sane-backends-1.0.31/backend/qcam.c:293:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile[128];
data/sane-backends-1.0.31/backend/qcam.c:295:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lockfile, "/tmp/LOCK.qcam.0x%x", q->port);
data/sane-backends-1.0.31/backend/qcam.c:296:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
q->lock_fd = open (lockfile, O_WRONLY | O_CREAT | O_EXCL, 0666);
data/sane-backends-1.0.31/backend/qcam.c:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockfile[128];
data/sane-backends-1.0.31/backend/qcam.c:360:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (lockfile, "/tmp/LOCK.qcam.0x%x", q->port);
data/sane-backends-1.0.31/backend/qcam.c:717:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out[i * 3], &in[i * 3], 3);
data/sane-backends-1.0.31/backend/qcam.c:775:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out[i * 4], &in[i * 4], 4);
data/sane-backends-1.0.31/backend/qcam.c:1456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX], *str;
data/sane-backends-1.0.31/backend/qcam.c:2192:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sane-backends-1.0.31/backend/ricoh-scsi.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&select_cmd.mp, mp, sizeof(*mp));
data/sane-backends-1.0.31/backend/ricoh-scsi.c:201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mp, &select_data.mp, sizeof(*mp));
data/sane-backends-1.0.31/backend/ricoh-scsi.c:212:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char window_id_list[1] = { '\0' }; /* scan start data out */
data/sane-backends-1.0.31/backend/ricoh-scsi.c:244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&win.rwd, rwd, sizeof(*rwd));
data/sane-backends-1.0.31/backend/ricoh-scsi.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dbs, &ssd.desc, sizeof(*dbs));
data/sane-backends-1.0.31/backend/ricoh.c:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnam[PATH_MAX] = "/dev/scanner";
data/sane-backends-1.0.31/backend/ricoh.c:506:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX], *lp;
data/sane-backends-1.0.31/backend/ricoh2.c:615:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (send_buffer, transfer->send_buffer, transfer->to_send);
data/sane-backends-1.0.31/backend/rts8891.c:262:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdbg = fopen (name, "wb");
data/sane-backends-1.0.31/backend/rts8891.c:278:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdbg = fopen (name, "wb");
data/sane-backends-1.0.31/backend/rts8891.c:373:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free ((char *) devlist[i]);
data/sane-backends-1.0.31/backend/rts8891.c:824:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/rts8891.c:900:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/rts8891.c:2068:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scanned_data, dev->end - (dev->lds_max + dev->ripple),
data/sane-backends-1.0.31/backend/rts8891.c:2798:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[39];
data/sane-backends-1.0.31/backend/rts8891.c:2799:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[64];
data/sane-backends-1.0.31/backend/rts8891.c:4032:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256 * 6];
data/sane-backends-1.0.31/backend/rts8891.c:4142:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "init_device: initial register settings: ");
data/sane-backends-1.0.31/backend/rts8891.c:4144:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + strlen (message), "0x%02x ", dev->regs[i]);
data/sane-backends-1.0.31/backend/rts8891.c:4528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256 * 5];
data/sane-backends-1.0.31/backend/rts8891.c:4576:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message, "init_device: initial register settings: ");
data/sane-backends-1.0.31/backend/rts8891.c:4578:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + strlen (message), "0x%02x ", dev->regs[i]);
data/sane-backends-1.0.31/backend/rts8891.c:4615:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[CALIBRATION_SIZE];
data/sane-backends-1.0.31/backend/rts8891.c:4618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sane-backends-1.0.31/backend/rts8891.c:4771:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "dark%03d.pnm", num);
data/sane-backends-1.0.31/backend/rts8891.c:4874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sane-backends-1.0.31/backend/rts8891.c:4877:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[CALIBRATION_SIZE];
data/sane-backends-1.0.31/backend/rts8891.c:5076:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "gain%03d.pnm", num);
data/sane-backends-1.0.31/backend/rts8891.c:5232:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[CALIBRATION_SIZE];
data/sane-backends-1.0.31/backend/rts8891.c:5235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/sane-backends-1.0.31/backend/rts8891.c:5360:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "offset%03d.pnm", num);
data/sane-backends-1.0.31/backend/rts8891.c:6192:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbg = fopen ("shading.pnm", "wb");
data/sane-backends-1.0.31/backend/rts8891.c:6225:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbg = fopen ("shading_data.pnm", "wb");
data/sane-backends-1.0.31/backend/rts8891.c:6391:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
red_code = atoi (getenv ("RED_CODE"));
data/sane-backends-1.0.31/backend/rts8891.c:6395:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blue_code = atoi (getenv ("GREEN_CODE"));
data/sane-backends-1.0.31/backend/rts8891.c:6399:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
green_code = atoi (getenv ("BLUE_CODE"));
data/sane-backends-1.0.31/backend/rts8891.c:6444:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
calib = fopen ("calibration.hex", "wb");
data/sane-backends-1.0.31/backend/rts8891_low.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256 * 5];
data/sane-backends-1.0.31/backend/rts8891_low.c:95:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + 5 * i, "0x%02x ", regs[i]);
data/sane-backends-1.0.31/backend/rts8891_low.c:97:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + 5 * i, "---- ");
data/sane-backends-1.0.31/backend/rts8891_low.c:633:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[RTS88XX_MAX_XFER_SIZE];
data/sane-backends-1.0.31/backend/rts8891_low.c:751:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
raw = fopen ("raw_data.pnm", "wb");
data/sane-backends-1.0.31/backend/rts8891_low.h:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *button_name[11]; /* option names for buttons */
data/sane-backends-1.0.31/backend/rts8891_low.h:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *button_title[11]; /* option titles for buttons */
data/sane-backends-1.0.31/backend/rts88xx_lib.c:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256 * 5];
data/sane-backends-1.0.31/backend/rts88xx_lib.c:197:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + 5 * i, "0x%02x ", source[i]);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256 * 5];
data/sane-backends-1.0.31/backend/rts88xx_lib.c:292:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + 5 * i, "0x%02x ", dest[i]);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[(0xFFC0 + 10) * 3] = "";
data/sane-backends-1.0.31/backend/rts88xx_lib.c:478:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + 3 * i, "%02x ", buffer[i + 4]);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[60 * 5];
data/sane-backends-1.0.31/backend/rts88xx_lib.c:616:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (message + 5 * i, "0x%02x ", value[i]);
data/sane-backends-1.0.31/backend/s9036.c:828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/s9036.c:1247:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*buf, s->bufstart, s->in_buffer);
data/sane-backends-1.0.31/backend/s9036.c:1257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*buf, s->bufstart, *max_len);
data/sane-backends-1.0.31/backend/sane_strstatus.c:54:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/sane-backends-1.0.31/backend/sane_strstatus.c:106:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "Unknown SANE status code %d", status);
data/sane-backends-1.0.31/backend/sceptre.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/sceptre.c:162:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/sceptre.c:165:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/sceptre.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_vendor, dev->buffer + 0x08, 0x08);
data/sane-backends-1.0.31/backend/sceptre.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_product, dev->buffer + 0x10, 0x010);
data/sane-backends-1.0.31/backend/sceptre.c:294:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_version, dev->buffer + 0x20, 0x04);
data/sane-backends-1.0.31/backend/sceptre.c:989:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[82];
data/sane-backends-1.0.31/backend/sceptre.c:1160:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->image + dev->image_end, dev->buffer, size);
data/sane-backends-1.0.31/backend/sceptre.c:1188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image + dev->image_begin, size);
data/sane-backends-1.0.31/backend/sceptre.c:1263:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_R[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/sceptre.c:1264:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_G[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/sceptre.c:1265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_B[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/sceptre.c:1317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/sceptre.c:1433:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_R, gamma_init, dev->opt[OPT_GAMMA_VECTOR_R].size);
data/sane-backends-1.0.31/backend/sceptre.c:1434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_G, gamma_init, dev->opt[OPT_GAMMA_VECTOR_G].size);
data/sane-backends-1.0.31/backend/sceptre.c:1435:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->gamma_B, gamma_init, dev->opt[OPT_GAMMA_VECTOR_B].size);
data/sane-backends-1.0.31/backend/sceptre.c:1521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, dev->val[option].wa, dev->opt[option].size);
data/sane-backends-1.0.31/backend/sceptre.c:1614:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->val[option].wa, val, dev->opt[option].size);
data/sane-backends-1.0.31/backend/sceptre.h:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/sceptre.h:80:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:81:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:85:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:87:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:91:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:92:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:93:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:94:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/sceptre.h:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/sceptre.h:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/sceptre.h:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/sceptre.h:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/sceptre.h:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[5];
data/sane-backends-1.0.31/backend/sceptre.h:406:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/sceptre.h:407:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/sceptre.h:408:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/sceptre.h:409:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/sceptre.h:413:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 8) | \
data/sane-backends-1.0.31/backend/sceptre.h:414:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 0))
data/sane-backends-1.0.31/backend/sharp.c:333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sdat->sb, sense_buffer, 16);
data/sane-backends-1.0.31/backend/sharp.c:752:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (winp, wp, len);
data/sane-backends-1.0.31/backend/sharp.c:1107:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(bc->buffer[bc->start]), copysize);
data/sane-backends-1.0.31/backend/sharp.c:1288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inquiry_data[INQUIRY_LEN];
data/sane-backends-1.0.31/backend/sharp.c:2341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnam[PATH_MAX] = "/dev/scanner";
data/sane-backends-1.0.31/backend/sharp.c:2342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/sharp.c:2781:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/sharp.c:3001:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
= atoi(s->opt[OPT_RESOLUTION_LIST].constraint.string_list[i]);
data/sane-backends-1.0.31/backend/sharp.c:3003:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
= atoi(s->opt[OPT_RESOLUTION_LIST].constraint.string_list[i]);
data/sane-backends-1.0.31/backend/sharp.c:3017:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/sharp.c:3147:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf((char *) p, "%i", val.wa[0] > 255 ? 255 : val.wa[0]);
data/sane-backends-1.0.31/backend/sharp.c:3150:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf((char *) p, ",%i", val.wa[i] > 255 ? 255 : val.wa[i]);
data/sane-backends-1.0.31/backend/sharp.c:3286:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf((char *) &cmd[10], "%i/%i/%i/%i",
data/sane-backends-1.0.31/backend/sharp.c:4031:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf, &(s->buffer[s->buf_pos]), transfer);
data/sane-backends-1.0.31/backend/sharp.c:4133:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dst_buf[*len]), s->buffer, transfer);
data/sane-backends-1.0.31/backend/sm3600-homerun.c:108:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char achLine[CCH_BONSAI+1];
data/sane-backends-1.0.31/backend/sm3600-homerun.c:277:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aauchY[MAX_CALIB_STRIPES][MAX_PIXEL_PER_SCANLINE];
data/sane-backends-1.0.31/backend/sm3600-homerun.c:278:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auchRow[MAX_CALIB_STRIPES];
data/sane-backends-1.0.31/backend/sm3600-homerun.c:281:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char auchHanning[MAX_PIXEL_PER_SCANLINE];
data/sane-backends-1.0.31/backend/sm3600-scanusb.c:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(puchBufferOut,pchBuffer,cchRead);
data/sane-backends-1.0.31/backend/sm3600-scanutil.c:255:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(achOut,
data/sane-backends-1.0.31/backend/sm3600-scanutil.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(achOut,
data/sane-backends-1.0.31/backend/sm3600-scanutil.c:423:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->pchPageBuffer+this->ichPageBuffer,
data/sane-backends-1.0.31/backend/sm3600.c:593:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pVal,this->aoptVal[iOpt].wa, this->aoptDesc[iOpt].size);
data/sane-backends-1.0.31/backend/sm3600.c:631:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->aoptVal[iOpt].wa, pVal, this->aoptDesc[iOpt].size);
data/sane-backends-1.0.31/backend/sm3840.c:235:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, s->offset + s->line_buffer, min (max_len, s->remaining));
data/sane-backends-1.0.31/backend/sm3840_lib.c:195:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[8] = { 0x64, 0x65, 0x16, 0x17, 0x64, 0x65, 0x44, 0x45 };
data/sane-backends-1.0.31/backend/sm3840_lib.c:209:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[512];
data/sane-backends-1.0.31/backend/sm3840_lib.c:249:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[65536];
data/sane-backends-1.0.31/backend/sm3840_lib.c:253:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "wb");
data/sane-backends-1.0.31/backend/sm3840_lib.c:391:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptrcur, scan_line, linelen);
data/sane-backends-1.0.31/backend/sm3840_lib.c:402:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (color_remap + linelen * lineptr, scan_line, linelen);
data/sane-backends-1.0.31/backend/sm3840_lib.c:445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (storeline, ptrcur + linelen - (j + 1) * pixsize,
data/sane-backends-1.0.31/backend/sm3840_lib.c:480:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (storeline, ptrcur + linelen - (j + 1) * pixsize,
data/sane-backends-1.0.31/backend/sm3840_lib.c:483:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (storeline, ptrprev + linelen - (j + 1) * pixsize,
data/sane-backends-1.0.31/backend/sm3840_lib.c:518:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (fname, "wb");
data/sane-backends-1.0.31/backend/sm3840_lib.c:544:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[65536];
data/sane-backends-1.0.31/backend/sm3840_lib.c:556:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mem, buff, len);
data/sane-backends-1.0.31/backend/sm3840_scan.c:105:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi (argv[++i]);
data/sane-backends-1.0.31/backend/sm3840_scan.c:161:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hello[2] = { 0x55, 0xaa };
data/sane-backends-1.0.31/backend/sm3840_scan.c:162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char howdy[3];
data/sane-backends-1.0.31/backend/sm3840_scan.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[64];
data/sane-backends-1.0.31/backend/sm3840_scan.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[128];
data/sane-backends-1.0.31/backend/sm3840_scan.c:922:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (head, "P%d\n%d %d\n%d\n", gray ? 5 : 6, scanpix, scanlines,
data/sane-backends-1.0.31/backend/snapscan-options.c:1172:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (v, pss->val[n].wa, pss->options[n].size);
data/sane-backends-1.0.31/backend/snapscan-options.c:1557:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pss->val[n].wa, v, pss->options[n].size);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[36];
data/sane-backends-1.0.31/backend/snapscan-scsi.c:411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vendor, data + 8, 7);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:413:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (model, data + 16, 16);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[10];
data/sane-backends-1.0.31/backend/snapscan-scsi.c:429:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr," 0x%02x",((int)data[i]) & 0xff);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:435:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str," ...");
data/sane-backends-1.0.31/backend/snapscan-scsi.c:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[150]; /* TODO: Remove */
data/sane-backends-1.0.31/backend/snapscan-scsi.c:476:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exptime[4] = {' ', '.', ' ', 0};
data/sane-backends-1.0.31/backend/snapscan-scsi.c:803:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + SEND_LENGTH, calibration_data_5150, length);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:1605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cModelName[8], cModel[255];
data/sane-backends-1.0.31/backend/snapscan-scsi.c:1610:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cModelName, "%d", bModelNo);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:1628:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(firmware,"rb");
data/sane-backends-1.0.31/backend/snapscan-sources.c:196:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pbuf, ps->pss->buf + ps->scsi_buf_pos, (size_t)ndata);
data/sane-backends-1.0.31/backend/snapscan-sources.c:339:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pbuf, ps->buf + ps->buf_pos, to_move);
data/sane-backends-1.0.31/backend/snapscan-usb.c:213:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[120];
data/sane-backends-1.0.31/backend/snapscan-usb.c:223:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[120];
data/sane-backends-1.0.31/backend/snapscan-usb.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[10];
data/sane-backends-1.0.31/backend/snapscan-usb.c:264:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr," 0x%02x",((int)data[i]) & 0xff);
data/sane-backends-1.0.31/backend/snapscan-usb.c:270:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str," ...");
data/sane-backends-1.0.31/backend/snapscan-usb.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgmsg[16384];
data/sane-backends-1.0.31/backend/snapscan-usb.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgmsg[16384];
data/sane-backends-1.0.31/backend/snapscan-usb.c:315:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char status_buf[8];
data/sane-backends-1.0.31/backend/snapscan-usb.c:369:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
command = ((const char *)src)[0];
data/sane-backends-1.0.31/backend/snapscan-usb.c:444:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bqe->src,src,src_size);
data/sane-backends-1.0.31/backend/snapscan.c:526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[8];
data/sane-backends-1.0.31/backend/snapscan.c:527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[17];
data/sane-backends-1.0.31/backend/snapscan.c:582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[8];
data/sane-backends-1.0.31/backend/snapscan.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[17];
data/sane-backends-1.0.31/backend/snapscan.c:691:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/snapscan.c:985:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[8];
data/sane-backends-1.0.31/backend/snapscan.c:986:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[17];
data/sane-backends-1.0.31/backend/snapscan.c:1560:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pss->buf + SEND_LENGTH, matrix, matrix_sz);
data/sane-backends-1.0.31/backend/snapscan.c:1570:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pss->buf + SEND_LENGTH + matrix_sz,
data/sane-backends-1.0.31/backend/snapscan.c:1573:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pss->buf + SEND_LENGTH + 2 * matrix_sz,
data/sane-backends-1.0.31/backend/sp15c.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/sp15c.c:476:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (val, "ADF");
data/sane-backends-1.0.31/backend/sp15c.c:480:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (val, "FB");
data/sane-backends-1.0.31/backend/sp15c.c:1247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/sane-backends-1.0.31/backend/sp15c.c:1248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[0x11];
data/sane-backends-1.0.31/backend/sp15c.c:1249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5];
data/sane-backends-1.0.31/backend/sp15c.c:1367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/sp15c.c:1382:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/sp15c.c:1385:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/sp15c.c:1712:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, object_positionB.cmd, object_positionB.size);
data/sane-backends-1.0.31/backend/sp15c.c:1809:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, object_positionB.cmd, object_positionB.size);
data/sane-backends-1.0.31/backend/sp15c.c:1821:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_r[WDB_size_max];
data/sane-backends-1.0.31/backend/sp15c.c:1830:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer_r, window_descriptor_blockB.cmd,
data/sane-backends-1.0.31/backend/sp15c.c:1892:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->buffer, set_windowB.cmd, set_windowB.size);
data/sane-backends-1.0.31/backend/sp15c.c:1893:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((s->buffer + set_windowB.size),
data/sane-backends-1.0.31/backend/sp15c.c:1896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((s->buffer + set_windowB.size + window_parameter_data_blockB.size),
data/sane-backends-1.0.31/backend/sp15c.h:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/sane-backends-1.0.31/backend/sp15c.h:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[17];
data/sane-backends-1.0.31/backend/sp15c.h:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5];
data/sane-backends-1.0.31/backend/st400.c:225:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "ab");
data/sane-backends-1.0.31/backend/st400.c:689:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX], *str;
data/sane-backends-1.0.31/backend/st400.c:802:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( dev->status.open )
data/sane-backends-1.0.31/backend/st400.c:820:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( dev->status.open ) {
data/sane-backends-1.0.31/backend/st400.c:961:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( dev->status.open && optnum >= 0 && optnum < NUM_OPTIONS )
data/sane-backends-1.0.31/backend/st400.c:979:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !dev->status.open )
data/sane-backends-1.0.31/backend/st400.c:1061:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !dev->status.open )
data/sane-backends-1.0.31/backend/st400.c:1121:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !dev->status.open )
data/sane-backends-1.0.31/backend/st400.h:54:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unsigned open :1;
data/sane-backends-1.0.31/backend/stubs.c:27:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ENTRY(open) (name, h);
data/sane-backends-1.0.31/backend/stv680.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/stv680.c:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_buf[17];
data/sane-backends-1.0.31/backend/stv680.c:190:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %2.2x", *buf);
data/sane-backends-1.0.31/backend/stv680.c:194:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
asc_ptr += sprintf (asc_ptr, "%c", *buf);
data/sane-backends-1.0.31/backend/stv680.c:204:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " ");
data/sane-backends-1.0.31/backend/stv680.c:221:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %3.3d:", i);
data/sane-backends-1.0.31/backend/stv680.c:1173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->image + dev->image_end, dev->buffer, size);
data/sane-backends-1.0.31/backend/stv680.c:1206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MSG_MAXLEN + 1];
data/sane-backends-1.0.31/backend/stv680.c:1209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtstring[25] = " %Y-%m-%d %H:%M:%S";
data/sane-backends-1.0.31/backend/stv680.c:1210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmttxt[46];
data/sane-backends-1.0.31/backend/stv680.c:1410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->output, (dev->output + i), i);
data/sane-backends-1.0.31/backend/stv680.c:1412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((dev->output + (vh * i)), (dev->output + ((vh - 1) * i)), i);
data/sane-backends-1.0.31/backend/stv680.c:1418:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((dev->output + i), (dev->output + i + 3), 3);
data/sane-backends-1.0.31/backend/stv680.c:1419:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((dev->output + i + (vw * 3)),
data/sane-backends-1.0.31/backend/stv680.c:1498:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (dev->picmsg_ps, "STVcam ");
data/sane-backends-1.0.31/backend/stv680.c:1519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PATH_MAX];
data/sane-backends-1.0.31/backend/stv680.c:2069:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image, size);
data/sane-backends-1.0.31/backend/stv680.h:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char picmsg_ps[50];
data/sane-backends-1.0.31/backend/tamarack.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[INQ_LEN];
data/sane-backends-1.0.31/backend/tamarack.c:434:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char winid[1];
data/sane-backends-1.0.31/backend/tamarack.c:910:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/tamarack.c:1140:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, s->val[option].wa, s->opt[option].size);
data/sane-backends-1.0.31/backend/tamarack.c:1183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s->val[option].wa, val, s->opt[option].size);
data/sane-backends-1.0.31/backend/tamarack.h:181:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad0[6];
data/sane-backends-1.0.31/backend/tamarack.h:182:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wpll[2];
data/sane-backends-1.0.31/backend/tamarack.h:189:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xres[2];
data/sane-backends-1.0.31/backend/tamarack.h:190:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char yres[2];
data/sane-backends-1.0.31/backend/tamarack.h:191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ulx[4];
data/sane-backends-1.0.31/backend/tamarack.h:192:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uly[4];
data/sane-backends-1.0.31/backend/tamarack.h:193:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char width[4];
data/sane-backends-1.0.31/backend/tamarack.h:194:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length[4];
data/sane-backends-1.0.31/backend/tamarack.h:200:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char halftone[2];
data/sane-backends-1.0.31/backend/tamarack.h:205:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad4[5];
data/sane-backends-1.0.31/backend/tamarack.h:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad0[3];
data/sane-backends-1.0.31/backend/tamarack.h:220:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad0[5];
data/sane-backends-1.0.31/backend/tamarack.h:221:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len[3];
data/sane-backends-1.0.31/backend/tamarack.h:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad0[4];
data/sane-backends-1.0.31/backend/teco1.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/teco1.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_buf[17];
data/sane-backends-1.0.31/backend/teco1.c:257:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/teco1.c:260:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/teco1.c:263:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
asc_ptr += sprintf (asc_ptr, "%c", *p);
data/sane-backends-1.0.31/backend/teco1.c:460:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->buffer, table, sizeof (table));
data/sane-backends-1.0.31/backend/teco1.c:481:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->buffer + 0x29, "\0TECO VM3510", 12);
data/sane-backends-1.0.31/backend/teco1.c:496:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_vendor, dev->buffer + 0x08, 0x08);
data/sane-backends-1.0.31/backend/teco1.c:498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_product, dev->buffer + 0x10, 0x010);
data/sane-backends-1.0.31/backend/teco1.c:500:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_version, dev->buffer + 0x20, 0x04);
data/sane-backends-1.0.31/backend/teco1.c:502:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_teco_name, dev->buffer + 0x2A, 0x0B);
data/sane-backends-1.0.31/backend/teco1.c:628:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char select[24] = {
data/sane-backends-1.0.31/backend/teco1.c:653:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[99];
data/sane-backends-1.0.31/backend/teco1.c:870:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma[4 * MAX_GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/teco1.c:1382:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src, dev->buffer, dev->params.bytes_per_line);
data/sane-backends-1.0.31/backend/teco1.c:1432:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image + dev->image_begin, size);
data/sane-backends-1.0.31/backend/teco1.c:1478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/teco1.c:1702:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, dev->val[option].wa, dev->opt[option].size);
data/sane-backends-1.0.31/backend/teco1.c:1809:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->val[option].wa, val, dev->opt[option].size);
data/sane-backends-1.0.31/backend/teco1.h:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/teco1.h:80:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:81:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:85:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:87:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:91:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:92:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:93:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:94:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco1.h:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_teco_name[12]; /* real name of the scanner */
data/sane-backends-1.0.31/backend/teco1.h:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/teco1.h:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/teco1.h:309:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[5];
data/sane-backends-1.0.31/backend/teco1.h:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_teco_name[12]; /* real name of the scanner */
data/sane-backends-1.0.31/backend/teco1.h:387:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/teco1.h:388:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/teco1.h:389:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/teco1.h:390:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/teco1.h:393:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 16) | \
data/sane-backends-1.0.31/backend/teco1.h:394:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 8) | \
data/sane-backends-1.0.31/backend/teco1.h:395:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 0))
data/sane-backends-1.0.31/backend/teco1.h:398:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 8) | \
data/sane-backends-1.0.31/backend/teco1.h:399:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 0))
data/sane-backends-1.0.31/backend/teco2.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/teco2.c:453:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_buf[17];
data/sane-backends-1.0.31/backend/teco2.c:465:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %2.2x", *buf);
data/sane-backends-1.0.31/backend/teco2.c:469:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
asc_ptr += sprintf (asc_ptr, "%c", *buf);
data/sane-backends-1.0.31/backend/teco2.c:479:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " ");
data/sane-backends-1.0.31/backend/teco2.c:496:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %3.3d:", i);
data/sane-backends-1.0.31/backend/teco2.c:733:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->buffer, table, sizeof (table));
data/sane-backends-1.0.31/backend/teco2.c:753:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_vendor, dev->buffer + 0x08, 0x08);
data/sane-backends-1.0.31/backend/teco2.c:755:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_product, dev->buffer + 0x10, 0x010);
data/sane-backends-1.0.31/backend/teco2.c:757:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_version, dev->buffer + 0x20, 0x04);
data/sane-backends-1.0.31/backend/teco2.c:759:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_teco_name, dev->buffer + 0x2A, 0x0B);
data/sane-backends-1.0.31/backend/teco2.c:814:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[56];
data/sane-backends-1.0.31/backend/teco2.c:1056:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDONLY);
data/sane-backends-1.0.31/backend/teco2.c:1179:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cal_algo = atoi (calibration_algo);
data/sane-backends-1.0.31/backend/teco2.c:1528:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[255];
data/sane-backends-1.0.31/backend/teco2.c:1564:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_R[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/teco2.c:1565:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_G[GAMMA_LENGTH]; /* also gray */
data/sane-backends-1.0.31/backend/teco2.c:1566:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_B[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/teco2.c:2420:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->buffer, image_buf + image_buf_begin, size);
data/sane-backends-1.0.31/backend/teco2.c:2440:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->image + dev->image_end, dev->buffer, size);
data/sane-backends-1.0.31/backend/teco2.c:2485:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image + dev->image_begin, size);
data/sane-backends-1.0.31/backend/teco2.c:2521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/teco2.c:2735:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, dev->val[option].wa, dev->opt[option].size);
data/sane-backends-1.0.31/backend/teco2.c:2943:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->val[option].wa, val, dev->opt[option].size);
data/sane-backends-1.0.31/backend/teco2.h:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/teco2.h:83:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:84:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:88:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:89:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:90:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:94:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:95:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:96:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:97:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco2.h:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_teco_name[12]; /* real name of the scanner */
data/sane-backends-1.0.31/backend/teco2.h:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/teco2.h:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/teco2.h:363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[5];
data/sane-backends-1.0.31/backend/teco2.h:364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_teco_name[12]; /* real name of the scanner */
data/sane-backends-1.0.31/backend/teco2.h:458:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/teco2.h:459:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/teco2.h:460:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/teco2.h:461:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/teco2.h:464:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 8) | \
data/sane-backends-1.0.31/backend/teco2.h:465:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 0))
data/sane-backends-1.0.31/backend/teco3.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/backend/teco3.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_buf[17];
data/sane-backends-1.0.31/backend/teco3.c:197:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ptr, "%3.3d:", i);
data/sane-backends-1.0.31/backend/teco3.c:200:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %2.2x", *p);
data/sane-backends-1.0.31/backend/teco3.c:203:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
asc_ptr += sprintf (asc_ptr, "%c", *p);
data/sane-backends-1.0.31/backend/teco3.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_vendor, dev->buffer + 0x08, 0x08);
data/sane-backends-1.0.31/backend/teco3.c:393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_product, dev->buffer + 0x10, 0x010);
data/sane-backends-1.0.31/backend/teco3.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_version, dev->buffer + 0x20, 0x04);
data/sane-backends-1.0.31/backend/teco3.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->scsi_teco_name, dev->buffer + 0x2A, 0x0B);
data/sane-backends-1.0.31/backend/teco3.c:473:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[255];
data/sane-backends-1.0.31/backend/teco3.c:719:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_R[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/teco3.c:720:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_G[GAMMA_LENGTH]; /* also gray */
data/sane-backends-1.0.31/backend/teco3.c:721:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_B[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/teco3.c:722:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_unused[GAMMA_LENGTH];
data/sane-backends-1.0.31/backend/teco3.c:1115:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[255];
data/sane-backends-1.0.31/backend/teco3.c:1466:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->image + dev->image_begin, size);
data/sane-backends-1.0.31/backend/teco3.c:1500:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX];
data/sane-backends-1.0.31/backend/teco3.c:1716:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, dev->val[option].wa, dev->opt[option].size);
data/sane-backends-1.0.31/backend/teco3.c:1823:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->val[option].wa, val, dev->opt[option].size);
data/sane-backends-1.0.31/backend/teco3.h:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/sane-backends-1.0.31/backend/teco3.h:81:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:82:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:87:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:88:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:92:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[0] = ((val) >> 24) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:93:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[1] = ((val) >> 16) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:94:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[2] = ((val) >> 8) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:95:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[3] = ((val) >> 0) & 0xff; \
data/sane-backends-1.0.31/backend/teco3.h:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_teco_name[12]; /* real name of the scanner */
data/sane-backends-1.0.31/backend/teco3.h:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_vendor[9];
data/sane-backends-1.0.31/backend/teco3.h:311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_product[17];
data/sane-backends-1.0.31/backend/teco3.h:312:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_version[5];
data/sane-backends-1.0.31/backend/teco3.h:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_teco_name[12]; /* real name of the scanner */
data/sane-backends-1.0.31/backend/teco3.h:415:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 24) | \
data/sane-backends-1.0.31/backend/teco3.h:416:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 16) | \
data/sane-backends-1.0.31/backend/teco3.h:417:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 8) | \
data/sane-backends-1.0.31/backend/teco3.h:418:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[3] << 0))
data/sane-backends-1.0.31/backend/teco3.h:421:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 16) | \
data/sane-backends-1.0.31/backend/teco3.h:422:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 8) | \
data/sane-backends-1.0.31/backend/teco3.h:423:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[2] << 0))
data/sane-backends-1.0.31/backend/teco3.h:426:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((((unsigned char *)buf)[0] << 8) | \
data/sane-backends-1.0.31/backend/teco3.h:427:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)buf)[1] << 0))
data/sane-backends-1.0.31/backend/test.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[200];
data/sane-backends-1.0.31/backend/test.c:225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + strlen(str), " %04X", tablePtr[i]);
data/sane-backends-1.0.31/backend/test.c:1527:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_SOFT_SELECT ");
data/sane-backends-1.0.31/backend/test.c:1529:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_HARD_SELECT ");
data/sane-backends-1.0.31/backend/test.c:1531:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_SOFT_DETECT ");
data/sane-backends-1.0.31/backend/test.c:1533:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_EMULATED ");
data/sane-backends-1.0.31/backend/test.c:1535:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_AUTOMATIC ");
data/sane-backends-1.0.31/backend/test.c:1537:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_INACTIVE ");
data/sane-backends-1.0.31/backend/test.c:1539:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (caps, "SANE_CAP_ADVANCED ");
data/sane-backends-1.0.31/backend/test.c:1852:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (test_device->open)
data/sane-backends-1.0.31/backend/test.c:1894:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:1923:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:1961:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:2182:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (test_device->val[option].wa, value,
data/sane-backends-1.0.31/backend/test.c:2419:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value, test_device->val[option].wa,
data/sane-backends-1.0.31/backend/test.c:2474:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:2617:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:2778:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:2861:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:2901:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.c:2945:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test_device->open)
data/sane-backends-1.0.31/backend/test.h:142:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SANE_Bool open;
data/sane-backends-1.0.31/backend/u12-if.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devStr[50];
data/sane-backends-1.0.31/backend/u12-if.c:327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( devStr, "0x%04X-0x%04X", vendor, product );
data/sane-backends-1.0.31/backend/u12-if.c:341:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( dev->usbId, "0x%04X-0x%04X", vendor, product );
data/sane-backends-1.0.31/backend/u12-image.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, src, len );
data/sane-backends-1.0.31/backend/u12-image.c:854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ob, ib, dev->DataInf.dwAppBytesPerLine );
data/sane-backends-1.0.31/backend/u12-io.c:293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cacheLen, len_info, 13 );
data/sane-backends-1.0.31/backend/u12-io.c:781:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, cacheLen, 13 );
data/sane-backends-1.0.31/backend/u12-io.c:799:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cacheLen, data, 13 );
data/sane-backends-1.0.31/backend/u12-shading.c:834:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dev->bufs.b1.pShadingMap + 4096, dev->bufs.b1.pShadingMap, 4096 );
data/sane-backends-1.0.31/backend/u12-shading.c:835:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dev->bufs.b1.pShadingMap + 8192, dev->bufs.b1.pShadingMap, 4096 );
data/sane-backends-1.0.31/backend/u12.c:703:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( *dest, "0x%04X-0x%04X", vi, pi );
data/sane-backends-1.0.31/backend/u12.c:854:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dev->adj, &cnf->adj, sizeof(AdjDef));
data/sane-backends-1.0.31/backend/u12.c:923:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[PATH_MAX] = _DEFAULT_DEVICE;
data/sane-backends-1.0.31/backend/u12.c:1248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, s->val[option].wa, s->opt[option].size );
data/sane-backends-1.0.31/backend/u12.c:1449:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( s->val[option].wa, value, s->opt[option].size );
data/sane-backends-1.0.31/backend/u12.h:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbId[_MAX_ID_LEN];/* to keep Vendor and product */
data/sane-backends-1.0.31/backend/u12.h:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devName[PATH_MAX];
data/sane-backends-1.0.31/backend/u12.h:327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbId[_MAX_ID_LEN];
data/sane-backends-1.0.31/backend/umax-usb.c:92:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG(DBG_info, "Sending SCSI cmd 0x%02x cdb len %ld, param len %ld, result len %ld\n", ((const unsigned char *)src)[0], (long)cmd_size, (long)param_size, dst_size? (long)*dst_size:(long)0);
data/sane-backends-1.0.31/backend/umax.c:893:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->buffer[0], result, len+1); /* copy sense data to buffer */
data/sane-backends-1.0.31/backend/umax.c:1764:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->buffer[0], send.cmd, send.size); /* send */
data/sane-backends-1.0.31/backend/umax.c:1773:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, gamma_DCF0.cmd, gamma_DCF0.size);
data/sane-backends-1.0.31/backend/umax.c:1786:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, 1024); /* copy data */
data/sane-backends-1.0.31/backend/umax.c:1804:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, 1024); /* copy red data */
data/sane-backends-1.0.31/backend/umax.c:1808:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, 1024); /* copy green data */
data/sane-backends-1.0.31/backend/umax.c:1812:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, 1024); /* copy blue data */
data/sane-backends-1.0.31/backend/umax.c:1826:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, gamma_DCF1.cmd, gamma_DCF1.size);
data/sane-backends-1.0.31/backend/umax.c:1835:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, 256); /* copy data */
data/sane-backends-1.0.31/backend/umax.c:1848:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, gamma_DCF2.cmd, gamma_DCF2.size);
data/sane-backends-1.0.31/backend/umax.c:1901:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, color*length); /* copy data */
data/sane-backends-1.0.31/backend/umax.c:1929:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->buffer[0], send.cmd, send.size); /* send */
data/sane-backends-1.0.31/backend/umax.c:1934:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, data, size); /* copy data */
data/sane-backends-1.0.31/backend/umax.c:2102:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_r[max_WDB_size], buffer_g[max_WDB_size], buffer_b[max_WDB_size];
data/sane-backends-1.0.31/backend/umax.c:2107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_r, window_descriptor_block.cmd, window_descriptor_block.size); /* copy preset data */
data/sane-backends-1.0.31/backend/umax.c:2232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_g, buffer_r, max_WDB_size); /* copy WDB for green */
data/sane-backends-1.0.31/backend/umax.c:2233:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_b, buffer_r, max_WDB_size); /* copy WDB for blue */
data/sane-backends-1.0.31/backend/umax.c:2326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->buffer[0], set_window.cmd, set_window.size); /* SET-WINDOW cmd */
data/sane-backends-1.0.31/backend/umax.c:2327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WPDB_OFF(dev->buffer[0]), window_parameter_data_block.cmd, window_parameter_data_block.size); /* WPDB */
data/sane-backends-1.0.31/backend/umax.c:2329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WDB_OFF(dev->buffer[0],1), buffer_r, window_descriptor_block.size); /* add WD_block */
data/sane-backends-1.0.31/backend/umax.c:2333:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WDB_OFF(dev->buffer[0],2), buffer_g, window_descriptor_block.size); /* add green */
data/sane-backends-1.0.31/backend/umax.c:2334:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WDB_OFF(dev->buffer[0],3), buffer_b, window_descriptor_block.size); /* add blue */
data/sane-backends-1.0.31/backend/umax.c:3133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[10];
data/sane-backends-1.0.31/backend/umax.c:3134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[0x12];
data/sane-backends-1.0.31/backend/umax.c:3135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[6];
data/sane-backends-1.0.31/backend/umax.c:3219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->buffer[0]+0x24, inq_data.inquiry, inq_data.inquiry_len-0x24);
data/sane-backends-1.0.31/backend/umax.c:5978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/umax.c:6543:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, scanner->val[option].wa, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/umax.c:6855:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (scanner->val[option].wa, val, scanner->opt[option].size);
data/sane-backends-1.0.31/backend/umax.h:205:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffer[SANE_UMAX_SCSI_MAXQUEUE]; /* buffer used for scsi-transfer */
data/sane-backends-1.0.31/backend/umax.h:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9]; /* will be UMAX */
data/sane-backends-1.0.31/backend/umax.h:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[17]; /* e.g. "SuperVista_S12" or so */
data/sane-backends-1.0.31/backend/umax.h:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5]; /* e.g. V1.3 */
data/sane-backends-1.0.31/backend/umax1220u-common.c:245:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char caldata[16070 + PAD];
data/sane-backends-1.0.31/backend/umax1220u-common.c:263:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb8[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:270:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb9[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:277:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb10[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:284:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc5[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:289:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc6[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc7[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:299:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opd2[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:309:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[65536];
data/sane-backends-1.0.31/backend/umax1220u-common.c:380:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/sane-backends-1.0.31/backend/umax1220u-common.c:548:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16384];
data/sane-backends-1.0.31/backend/umax1220u-common.c:583:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc1[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:600:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb3[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:621:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb3[36] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:649:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb[34] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:655:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb1[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:661:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb2[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:667:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb4[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:673:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opbx[35];
data/sane-backends-1.0.31/backend/umax1220u-common.c:674:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:678:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opcx[16];
data/sane-backends-1.0.31/backend/umax1220u-common.c:679:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opd[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:685:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ramp[800];
data/sane-backends-1.0.31/backend/umax1220u-common.c:824:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opx[36];
data/sane-backends-1.0.31/backend/umax1220u-common.c:825:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opy[16];
data/sane-backends-1.0.31/backend/umax1220u-common.c:855:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc4[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:859:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb5[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:865:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb7[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:872:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:876:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope2[3] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:879:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512 + PAD];
data/sane-backends-1.0.31/backend/umax1220u-common.c:953:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc4[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:957:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb5[36] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:963:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb7[36] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:969:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:972:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope2[3] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:975:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/sane-backends-1.0.31/backend/umax1220u-common.c:1155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc3[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1159:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope1[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb6[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1168:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opd1[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1191:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f2 = fopen ("find_zero.pgm", "wb");
data/sane-backends-1.0.31/backend/umax1220u-common.c:1213:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc3[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1217:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope1[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1220:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb6[36] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1226:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opd1[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1249:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f2 = fopen ("find_zero.pgm", "wb");
data/sane-backends-1.0.31/backend/umax1220u-common.c:1283:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc9[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1287:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb11[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1298:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opd4[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1348:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f2 = fopen ("calibration.pgm", "wb");
data/sane-backends-1.0.31/backend/umax1220u-common.c:1416:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opc9[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1420:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opb11[36] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1426:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opd4[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1429:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ope[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1435:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ggamma[256] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1526:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f2 = fopen ("calibration.pgm", "wb");
data/sane-backends-1.0.31/backend/umax1220u-common.c:1592:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opbgo[35] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1600:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opcgo[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1606:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opdgo[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1610:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subsamp[9] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1690:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opbgo[36] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1698:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opcgo[16] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1704:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opdgo[8] = {
data/sane-backends-1.0.31/backend/umax1220u-common.c:1708:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char subsamp[9] = {
data/sane-backends-1.0.31/backend/umax1220u.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/backend/umax1220u.c:878:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/sane-backends-1.0.31/backend/umax_pp.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[32];
data/sane-backends-1.0.31/backend/umax_pp.c:211:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sanei_umax_pp_setastra (atoi((SANE_Char *) config->values[CFG_ASTRA]));
data/sane-backends-1.0.31/backend/umax_pp.c:224:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prt = atoi (devname);
data/sane-backends-1.0.31/backend/umax_pp.c:304:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev + 1, devlist, sizeof (Umax_PP_Descriptor) * (num_devices));
data/sane-backends-1.0.31/backend/umax_pp.c:1088:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prt = atoi (devlist[0].port);
data/sane-backends-1.0.31/backend/umax_pp.c:1130:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prt = atoi (devlist[i].port);
data/sane-backends-1.0.31/backend/umax_pp.c:1405:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (val, dev->val[option].wa, dev->opt[option].size);
data/sane-backends-1.0.31/backend/umax_pp.c:1496:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dev->val[option].wa, val, dev->opt[option].size);
data/sane-backends-1.0.31/backend/umax_pp.c:1991:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (params, &(dev->params), sizeof (dev->params));
data/sane-backends-1.0.31/backend/umax_pp.c:2308:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (lbuf + UMAX_PP_RESERVE - 2 * delta * ll,
data/sane-backends-1.0.31/backend/umax_pp.c:2326:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->buf + dev->bufread + UMAX_PP_RESERVE, length);
data/sane-backends-1.0.31/backend/umax_pp.c:2328:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, dev->buf + dev->bufread, length);
data/sane-backends-1.0.31/backend/umax_pp_low.c:166:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/io", O_RDONLY);
data/sane-backends-1.0.31/backend/umax_pp_low.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80], buffer[80];
data/sane-backends-1.0.31/backend/umax_pp_low.c:786:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "/dev/lp%d", i);
data/sane-backends-1.0.31/backend/umax_pp_low.c:787:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fic = fopen (name, "wb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:790:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "/proc/sys/dev/parport/parport%d/base-addr", i);
data/sane-backends-1.0.31/backend/umax_pp_low.c:791:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fic = fopen (name, "rb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:802:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ports[found], "0x%X", addr);
data/sane-backends-1.0.31/backend/umax_pp_low.c:845:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = open (devices[i], O_RDWR);
data/sane-backends-1.0.31/backend/umax_pp_low.c:937:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strmodes[160];
data/sane-backends-1.0.31/backend/umax_pp_low.c:998:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/sane-backends-1.0.31/backend/umax_pp_low.c:1177:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDONLY);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5832:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dest[2048];
data/sane-backends-1.0.31/backend/umax_pp_low.c:8118:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", val[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8210:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", val[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8408:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", val[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8540:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", val[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/sane-backends-1.0.31/backend/umax_pp_low.c:9595:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", (unsigned char) op[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9667:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/sane-backends-1.0.31/backend/umax_pp_low.c:9674:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", (unsigned char) op[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titre[80];
data/sane-backends-1.0.31/backend/umax_pp_low.c:9763:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (titre, "dump%04d.bin", num);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9770:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fic = fopen (titre, "wb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:9785:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titre[80];
data/sane-backends-1.0.31/backend/umax_pp_low.c:9789:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (titre, "dump%04d.pnm", num);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9796:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fic = fopen (titre, "wb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:9814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titre[80];
data/sane-backends-1.0.31/backend/umax_pp_low.c:9819:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (titre, "dump%04d.pnm", num);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9826:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fic = fopen (titre, "wb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:9850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titre[80];
data/sane-backends-1.0.31/backend/umax_pp_low.c:9855:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (titre, "dump%04d.pnm", num);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9862:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fic = fopen (titre, "wb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:9904:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnst=atol(getenv("AREA"));
data/sane-backends-1.0.31/backend/umax_pp_low.c:9906:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnst=atol(getenv("COEFF"));
data/sane-backends-1.0.31/backend/umax_pp_low.c:9908:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnst=atol(getenv("CNST"));
data/sane-backends-1.0.31/backend/umax_pp_low.c:10012:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[0x200];
data/sane-backends-1.0.31/backend/umax_pp_low.c:10201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[54000];
data/sane-backends-1.0.31/backend/umax_pp_low.c:10417:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[0x105798];
data/sane-backends-1.0.31/backend/umax_pp_low.c:10716:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen ("out.pnm", "wb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:10833:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, buffer + hp * bpl, reserve + remain);
data/sane-backends-1.0.31/backend/umax_pp_low.c:10857:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, buffer + hp * bpl, remain);
data/sane-backends-1.0.31/backend/umax_pp_low.c:10979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], *ptr;
data/sane-backends-1.0.31/backend/umax_pp_low.c:11415:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("/tmp/dangerous.params", "rb");
data/sane-backends-1.0.31/backend/umax_pp_low.c:11492:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (calibration,
data/sane-backends-1.0.31/backend/umax_pp_low.c:11854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[106];
data/sane-backends-1.0.31/backend/umax_pp_low.c:11864:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", buffer[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:11885:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str + 3 * i, "%02X ", buffer[i]);
data/sane-backends-1.0.31/backend/umax_pp_low.c:11903:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[5300];
data/sane-backends-1.0.31/backend/umax_pp_low.c:12114:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[40];
data/sane-backends-1.0.31/backend/umax_pp_low.c:12327:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[5400];
data/sane-backends-1.0.31/backend/umax_pp_low.c:12556:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[5300];
data/sane-backends-1.0.31/backend/v4l.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[PATH_MAX], *str;
data/sane-backends-1.0.31/backend/xerox_mfp-tcp.c:125:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(strport);
data/sane-backends-1.0.31/backend/xerox_mfp.c:113:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pInfile = fopen(infilename, "rb")) == NULL) {
data/sane-backends-1.0.31/backend/xerox_mfp.c:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDest, dev->decData + dev->currentDecDataIndex, data_size);
data/sane-backends-1.0.31/backend/xerox_mfp.c:197:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pInfile = fopen(encTmpFileName, "a")) == NULL) {
data/sane-backends-1.0.31/backend/xerox_mfp.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[MAX_DUMP * 3 + 1], *dptr = dbuf;
data/sane-backends-1.0.31/backend/xerox_mfp.c:240:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dptr, " %02x", dev->res[i]);
data/sane-backends-1.0.31/backend/xerox_mfp.c:1499:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(encTmpFileName, O_CREAT|O_EXCL, 0600);
data/sane-backends-1.0.31/frontend/saned.c:758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_addr[64];
data/sane-backends-1.0.31/frontend/saned.c:765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line_buf[1024];
data/sane-backends-1.0.31/frontend/saned.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/sane-backends-1.0.31/frontend/saned.c:941:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (config_file_names[j], "r");
data/sane-backends-1.0.31/frontend/saned.c:1147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_addr[64];
data/sane-backends-1.0.31/frontend/saned.c:1148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line_buf[1024];
data/sane-backends-1.0.31/frontend/saned.c:1151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/sane-backends-1.0.31/frontend/saned.c:1212:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text_addr, "[error]");
data/sane-backends-1.0.31/frontend/saned.c:1240:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (config_file_names[j], "r");
data/sane-backends-1.0.31/frontend/saned.c:1316:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (text_addr, "[error]");
data/sane-backends-1.0.31/frontend/saned.c:2095:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_addr[64];
data/sane-backends-1.0.31/frontend/saned.c:2587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[32];
data/sane-backends-1.0.31/frontend/saned.c:2722:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_line[PATH_MAX];
data/sane-backends-1.0.31/frontend/saned.c:3177:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", O_RDWR);
data/sane-backends-1.0.31/frontend/saned.c:3198:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile = fopen (SANED_PID_FILE, "w");
data/sane-backends-1.0.31/frontend/saned.c:3349:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dave_null = open ("/dev/null", O_RDWR);
data/sane-backends-1.0.31/frontend/saned.c:3372:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fd = _impsockhandle (atoi (sock), 0);
data/sane-backends-1.0.31/frontend/saned.c:3419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[64] = "";
data/sane-backends-1.0.31/frontend/saned.c:3460:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(optarg);
data/sane-backends-1.0.31/frontend/saned.c:3490:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(options, "AF-indep");
data/sane-backends-1.0.31/frontend/saned.c:3492:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(options, "+IPv6");
data/sane-backends-1.0.31/frontend/saned.c:3495:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(options, "IPv4 only");
data/sane-backends-1.0.31/frontend/saned.c:3500:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(options, "+systemd");
data/sane-backends-1.0.31/frontend/scanimage.c:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3 + 128 + SANE_MAX_USERNAME_LEN + SANE_MAX_PASSWORD_LEN], *wipe;
data/sane-backends-1.0.31/frontend/scanimage.c:165:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5digest[16];
data/sane-backends-1.0.31/frontend/scanimage.c:192:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pass_file = fopen (tmp, "r")) != NULL)
data/sane-backends-1.0.31/frontend/scanimage.c:290:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp, "%.128s%.*s", (strstr (resource, "$MD5$")) + 5,
data/sane-backends-1.0.31/frontend/scanimage.c:297:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (password, "$MD5$%02x%02x%02x%02x%02x%02x%02x%02x"
data/sane-backends-1.0.31/frontend/scanimage.c:959:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (all_options + option_count, basic_options, sizeof (basic_options));
data/sane-backends-1.0.31/frontend/scanimage.c:1114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) valuep)[opt->size - 1] = 0;
data/sane-backends-1.0.31/frontend/scanimage.c:1571:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pngbuf + pngrow, buffer + i, parm.bytes_per_line - pngrow);
data/sane-backends-1.0.31/frontend/scanimage.c:1598:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pngbuf + pngrow, buffer + i, left);
data/sane-backends-1.0.31/frontend/scanimage.c:1610:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jpegbuf + jpegrow, buffer + i, parm.bytes_per_line - jpegrow);
data/sane-backends-1.0.31/frontend/scanimage.c:1627:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jpegbuf + jpegrow, buffer + i, left);
data/sane-backends-1.0.31/frontend/scanimage.c:2016:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[2];
data/sane-backends-1.0.31/frontend/scanimage.c:2077:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_size = 1024 * atoi(optarg);
data/sane-backends-1.0.31/frontend/scanimage.c:2097:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
batch_increment = atoi (optarg);
data/sane-backends-1.0.31/frontend/scanimage.c:2100:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
batch_start_at = atoi (optarg);
data/sane-backends-1.0.31/frontend/scanimage.c:2106:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
batch_count = atoi (optarg);
data/sane-backends-1.0.31/frontend/scanimage.c:2609:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(output_file, "w");
data/sane-backends-1.0.31/frontend/scanimage.c:2640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/sane-backends-1.0.31/frontend/scanimage.c:2641:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_path[PATH_MAX];
data/sane-backends-1.0.31/frontend/scanimage.c:2646:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (part_path, ".part");
data/sane-backends-1.0.31/frontend/scanimage.c:2698:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (ofp = fopen (part_path, "w")))
data/sane-backends-1.0.31/frontend/sicc.c:32:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, "r");
data/sane-backends-1.0.31/frontend/test.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/sane-backends-1.0.31/frontend/test.c:172:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envbuf[1024];
data/sane-backends-1.0.31/frontend/tstbackend.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1000];
data/sane-backends-1.0.31/frontend/tstbackend.c:1055:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[100];
data/sane-backends-1.0.31/frontend/tstbackend.c:1070:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "FALSE");
data/sane-backends-1.0.31/frontend/tstbackend.c:1072:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "TRUE");
data/sane-backends-1.0.31/frontend/tstbackend.c:1077:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", *(SANE_Word*) optval);
data/sane-backends-1.0.31/frontend/tstbackend.c:1083:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", i);
data/sane-backends-1.0.31/frontend/tstbackend.c:1096:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "backend default");
data/sane-backends-1.0.31/frontend/tstbackend.c:1103:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "backend default");
data/sane-backends-1.0.31/frontend/tstbackend.c:1112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[150];
data/sane-backends-1.0.31/frontend/tstbackend.c:1717:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbose_level = atoi(optarg);
data/sane-backends-1.0.31/frontend/tstbackend.c:1725:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_level = atoi(optarg);
data/sane-backends-1.0.31/frontend/tstbackend.c:1737:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
recursion_level = atoi(optarg);
data/sane-backends-1.0.31/frontend/tstbackend.c:1741:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time = atoi(optarg);
data/sane-backends-1.0.31/include/md5.h:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128] ALIGN;
data/sane-backends-1.0.31/include/sane/sanei_backend.h:122:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern SANE_Status ENTRY(open) (SANE_String_Const, SANE_Handle *);
data/sane-backends-1.0.31/include/sane/sanei_backend.h:146:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define sane_open(a,b) ENTRY(open) (a,b)
data/sane-backends-1.0.31/include/sane/sanei_jinclude.h:62:32: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size) bcopy((const void *)(src), (void *)(dest), (size_t)(size))
data/sane-backends-1.0.31/include/sane/sanei_jinclude.h:68:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size) memcpy((void *)(dest), (const void *)(src), (size_t)(size))
data/sane-backends-1.0.31/japi/Sane.c:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512]; /* Hope this is big enough. */
data/sane-backends-1.0.31/lib/alloca.c:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char align[ALIGN_SIZE]; /* To force sizeof(header). */
data/sane-backends-1.0.31/lib/inet_pton.c:30:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, &in.s_addr, sizeof (in.s_addr));
data/sane-backends-1.0.31/lib/inet_pton.c:46:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, &in, sizeof (in));
data/sane-backends-1.0.31/lib/md5.c:34:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/sane-backends-1.0.31/lib/md5.c:34:27: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/sane-backends-1.0.31/lib/md5.c:66:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
data/sane-backends-1.0.31/lib/md5.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctx->buffer[bytes], fillbuf, pad);
data/sane-backends-1.0.31/lib/md5.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BLOCKSIZE + 72];
data/sane-backends-1.0.31/lib/md5.c:233:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctx->buffer[left_over], buffer, add);
data/sane-backends-1.0.31/lib/md5.c:242:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
data/sane-backends-1.0.31/lib/md5.c:264:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
data/sane-backends-1.0.31/lib/md5.c:282:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctx->buffer[left_over], buffer, len);
data/sane-backends-1.0.31/lib/md5.c:288:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctx->buffer, &ctx->buffer[64], left_over);
data/sane-backends-1.0.31/lib/snprintf.c:766:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char b[2];
data/sane-backends-1.0.31/lib/snprintf.c:776:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char shortbuffer[32];
data/sane-backends-1.0.31/lib/snprintf.c:851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[sizeof( union value) * 8 + 16];
data/sane-backends-1.0.31/lib/snprintf.c:918:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char qconvert[sizeof(quad_t)];
data/sane-backends-1.0.31/lib/snprintf.c:920:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[2*sizeof(quad_t)+1];
data/sane-backends-1.0.31/lib/snprintf.c:982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[sizeof( union value) * 8 + 512];
data/sane-backends-1.0.31/lib/snprintf.c:983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatstr[128];
data/sane-backends-1.0.31/lib/snprintf.c:997:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( formatstr+strlen(formatstr), "%d", len ); /* 3 */
data/sane-backends-1.0.31/lib/snprintf.c:1000:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( formatstr+strlen(formatstr), ".%d", precision ); /* 3 */
data/sane-backends-1.0.31/lib/snprintf.c:1003:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( formatstr+strlen(formatstr), "%c", fmt );
data/sane-backends-1.0.31/lib/snprintf.c:1064:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (buffer, "errno=%d", err);
data/sane-backends-1.0.31/lib/snprintf.c:1075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/sane-backends-1.0.31/lib/strdup.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (clone, s, size);
data/sane-backends-1.0.31/lib/vsyslog.c:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sane-backends-1.0.31/sanei/os2_srb.h:101:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res_1E_29[12]; /* 1E..29 */
data/sane-backends-1.0.31/sanei/os2_srb.h:102:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res_2A_3F[22]; /* 2A..3F */
data/sane-backends-1.0.31/sanei/os2_srb.h:103:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cdb_st[64]; /* 40..7F CDB+status */
data/sane-backends-1.0.31/sanei/os2_srb.h:104:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res_80_BF[64]; /* 80..BF */
data/sane-backends-1.0.31/sanei/os2_srb.h:123:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unique[16]; /* 08..17 */
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:332:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sense_cdb, scanner_sense_cdb, sense_cdb_size);
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:337:146: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG(2, "Sense information: Error code=%02x, ASC=%02x, ASCQ=%02x\n", ((u_char *)DomainFdInfo[com->fd].DomainSensePtr)[0], ((char *)DomainFdInfo[com->fd].DomainSensePtr)[0xc], ((char *)DomainFdInfo[com->fd].DomainSensePtr)[0xd]);
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:337:199: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG(2, "Sense information: Error code=%02x, ASC=%02x, ASCQ=%02x\n", ((u_char *)DomainFdInfo[com->fd].DomainSensePtr)[0], ((char *)DomainFdInfo[com->fd].DomainSensePtr)[0xc], ((char *)DomainFdInfo[com->fd].DomainSensePtr)[0xd]);
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:344:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((((char *)DomainFdInfo[com->fd].DomainSensePtr)[0] == 0xf0) && (((char *)DomainFdInfo[com->fd].DomainSensePtr)[2] & 0x20) && (com->cdb.g0.cmd == 0x28))
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:344:92: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((((char *)DomainFdInfo[com->fd].DomainSensePtr)[0] == 0xf0) && (((char *)DomainFdInfo[com->fd].DomainSensePtr)[2] & 0x20) && (com->cdb.g0.cmd == 0x28))
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:348:90: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG(2, "Shortening destination length by %x bytes\n", *(int *)(((char *)DomainFdInfo[com->fd].DomainSensePtr)+3));
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:349:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
com->dst_size -= *(int *)(((char *)DomainFdInfo[com->fd].DomainSensePtr)+3);
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:384:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG(3, "%02X%c", ((unsigned char *)DomainFdInfo[com->fd].DomainSCSIPtr)[return_count], (return_count % 16) == 15 ? '\n' : ' ');
data/sane-backends-1.0.31/sanei/sanei_ab306.c:312:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
port[i].port_fd = open (PORT_DEV, O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_ab306.c:374:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_io_fd = open ("/dev/io", O_RDONLY);
data/sane-backends-1.0.31/sanei/sanei_access.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_buf[PID_BUFSIZE];
data/sane-backends-1.0.31/sanei/sanei_access.c:100:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( fn, O_RDONLY );
data/sane-backends-1.0.31/sanei/sanei_access.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/sane-backends-1.0.31/sanei/sanei_access.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_buf[PID_BUFSIZE];
data/sane-backends-1.0.31/sanei/sanei_access.c:180:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( fn, O_CREAT | O_EXCL | O_WRONLY, 0644 );
data/sane-backends-1.0.31/sanei/sanei_access.c:207:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pid_buf, "% 11i sane\n", getpid());
data/sane-backends-1.0.31/sanei/sanei_access.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/sane-backends-1.0.31/sanei/sanei_auth.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/sane-backends-1.0.31/sanei/sanei_auth.c:89:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dev_urandom = fopen ("/dev/urandom", "r")) == NULL)
data/sane-backends-1.0.31/sanei/sanei_auth.c:124:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5digest[16];
data/sane-backends-1.0.31/sanei/sanei_auth.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[512];
data/sane-backends-1.0.31/sanei/sanei_auth.c:134:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmpstr, "$MD5$%02x%02x%02x%02x%02x%02x%02x%02x"
data/sane-backends-1.0.31/sanei/sanei_auth.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd_filename[256];
data/sane-backends-1.0.31/sanei/sanei_auth.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], *linep;
data/sane-backends-1.0.31/sanei/sanei_auth.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5resource[256];
data/sane-backends-1.0.31/sanei/sanei_auth.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[SANE_MAX_USERNAME_LEN];
data/sane-backends-1.0.31/sanei/sanei_auth.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[SANE_MAX_PASSWORD_LEN];
data/sane-backends-1.0.31/sanei/sanei_auth.c:230:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (md5resource, "%.128s$MD5$%x%lx%08lx",
data/sane-backends-1.0.31/sanei/sanei_codec_ascii.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/sane-backends-1.0.31/sanei/sanei_codec_ascii.c:305:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (w->buffer.curr, buf + i + 1, sizeof (buf) - i - 1);
data/sane-backends-1.0.31/sanei/sanei_config.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[PATH_MAX];
data/sane-backends-1.0.31/sanei/sanei_config.c:101:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result,"/SANE");
data/sane-backends-1.0.31/sanei/sanei_config.c:114:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (mem, dir_list, len);
data/sane-backends-1.0.31/sanei/sanei_config.c:115:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) mem + len, DEFAULT_DIRS, sizeof (DEFAULT_DIRS));
data/sane-backends-1.0.31/sanei/sanei_config.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *next, *dir, result[PATH_MAX];
data/sane-backends-1.0.31/sanei/sanei_config.c:152:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (result, "r");
data/sane-backends-1.0.31/sanei/sanei_config.c:416:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (config->values[i], value, size);
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, buf[256] = "SANE_DEBUG_";
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:107:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*var = atoi (val);
data/sane-backends-1.0.31/sanei/sanei_jpeg.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, dest->iobuffer, dest->buffer_width);
data/sane-backends-1.0.31/sanei/sanei_jpeg.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, dest->iobuffer, dest->buffer_width);
data/sane-backends-1.0.31/sanei/sanei_jpeg.c:154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, dest->iobuffer, dest->buffer_width);
data/sane-backends-1.0.31/sanei/sanei_jpeg.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data, dest->iobuffer, dest->buffer_width);
data/sane-backends-1.0.31/sanei/sanei_lm983x.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( command_buffer + _CMD_BYTE_CNT, buffer + bytes, max_len );
data/sane-backends-1.0.31/sanei/sanei_magic.c:485:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, buffer + i*bwidth + left, bytes);
data/sane-backends-1.0.31/sanei/sanei_magic.c:486:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + pos, line, bytes);
data/sane-backends-1.0.31/sanei/sanei_magic.c:704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,outbuf,bwidth*height);
data/sane-backends-1.0.31/sanei/sanei_magic.c:1246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,outbuf,obwidth*oheight);
data/sane-backends-1.0.31/sanei/sanei_pa4s2.c:200:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[6];
data/sane-backends-1.0.31/sanei/sanei_pa4s2.c:958:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
devices[n] = (char *)port[n].name;
data/sane-backends-1.0.31/sanei/sanei_pio.c:551:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=open("/dev/parallel/parallel1",O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_pp.c:161:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[6];
data/sane-backends-1.0.31/sanei/sanei_pp.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ct[1024];
data/sane-backends-1.0.31/sanei/sanei_pp.c:320:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ct, "SPP " );
data/sane-backends-1.0.31/sanei/sanei_pp.c:325:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ct, "PS/2 " );
data/sane-backends-1.0.31/sanei/sanei_pp.c:330:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ct, "EPP " );
data/sane-backends-1.0.31/sanei/sanei_pp.c:335:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ct, "EPPSWE " );
data/sane-backends-1.0.31/sanei/sanei_pp.c:340:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ct, "ECP " );
data/sane-backends-1.0.31/sanei/sanei_pp.c:345:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ct, "ECPRLE " );
data/sane-backends-1.0.31/sanei/sanei_scsi.c:261:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastrcmd[16]; /* hold command block of last read command */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:522:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpAspi[MAXPATHLEN]; /* scsi chain scan */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:617:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (tmpAspi, "asXXXXXX");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:618:3: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp (tmpAspi);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:620:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp = fopen (tmpAspi, "w");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:649:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:650:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[17];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:651:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[5];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:701:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
len = ((char *) aspi_buf)[4]; /* additional length */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cc, *cc1, buf[32];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:816:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (file, O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:842:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/proc/sys/kernel/sg-big-buff", O_RDONLY);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:846:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sanei_scsi_max_request_size = atoi (buf);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:968:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cam_fd = open ("/dev/cam", O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1223:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_hca_name[20];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1281:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (dev, O_RDWR | O_EXCL
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&com->cdb, cmd, com->cdb_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1723:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fd_info[fd].pdata, buf_ptr, com->buf_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1799:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf_ptr, fd_info[fd].pdata, com->dst_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&req->sgdata.cdb.data, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&req->sgdata.cdb.data[cmd_size], src, src_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2171:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&req->sgdata.sg3.data[MAX_CDB], src, src_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (req->sgdata.sg3.data, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2362:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (req->dst, req->sgdata.cdb.data, nread);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2550:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_fd = open (name, O_RDWR | O_NONBLOCK);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2656:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_fd = open (name, O_RDWR | O_NONBLOCK);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[32], model[32], type[32], revision[32];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2721:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], dev_name[128], *c1, *c2, ctmp;
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2800:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proc_fp = fopen (PROCFILE, "r");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2946:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2947:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[128];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2954:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vmt[3][33]; /* vendor, model, type */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2956:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vmtfiles[3] = { "vendor", "model", "type" };
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3074:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hdr.cmd, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ccb->csio.cdb_io.cdb_bytes, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[16];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3450:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open (XPT_DEVICE, O_RDWR)) == -1)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3474:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (pattern->periph_name, "pass");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3555:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (hdr.cdb, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&hdr.sr_cdb, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3733:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ccb.cam_cdb_io.cam_cdb_bytes[0], cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3807:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sc->cdb, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3854:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sense[32]; /* for call of sens req */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3855:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[16]; /* global for right alignment */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (SCS_AD (scs), cmd, SCS_SZ);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3883:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (SCM_AD (scm), cmd, SCM_SZ);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3890:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (SCV_AD (scv), cmd, SCV_SZ);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3943:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (lastrcmd, sb_ptr->SCB.sc_cmdpt,
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4095:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[32], model[32], type[32], revision[32];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4097:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], dev_name[128];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4179:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proc_fp = fopen (tmpAspi, "r");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (aspi_buf, src, PSRBlock->u.cmd.data_len);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (PSRBlock->u.cmd.cdb_st, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4357:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) dst, aspi_buf, *dst_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4429:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmdbuf, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4448:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmdbuf, (u_char *) cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (databuf, (u_char *) src, src_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4475:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, databuf, scsi_req.ds_datasent);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[128]; /* SCSI device name */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4508:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[9], /* Vendor name */
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4553:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dev_name, "/dev/scsi/sc%dd%dl%d", bus, id, lun);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4633:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sense_buf[32];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensebf[CCS_SENSE_LEN];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4805:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&scmd.cdb.g0_cdb.cmd, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbf[128];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4839:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (errbf + strlen (errbf), "%x,", scmd.u_sense.cmd_sense[i]);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbf[128];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4960:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (errbf + strlen (errbf), "%x,", *(sp + i));
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4983:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rv = (*handler) (fd, (unsigned char *) sp,
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5023:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sense[255];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt.sptd.Cdb, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_hca_name[20];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[20];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5183:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_name, "h%db%dt%dl%d", hca, inquiry->PathId, inquiry->TargetId, inquiry->Lun);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5339:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ioReturnValue = (*scsiDeviceInterface)->open (scsiDeviceInterface);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cdb.cdb, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[16];
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5536:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (devname, "u%dt%dl%d", iounit, scsitarget, scsilun);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5729:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cdb, cmd, cmd_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:6045:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&devname [2 * i + 1], "%02x", p [i]);
data/sane-backends-1.0.31/sanei/sanei_tcp.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&saddr.sin_addr, h->h_addr_list[0], h->h_length);
data/sane-backends-1.0.31/sanei/sanei_udp.c:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&saddr.sin_addr, h->h_addr_list[0], h->h_length);
data/sane-backends-1.0.31/sanei/sanei_usb.c:140:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SANE_Bool open;
data/sane-backends-1.0.31/sanei/sanei_usb.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_str[PRINT_BUFFER_SIZE];
data/sane-backends-1.0.31/sanei/sanei_usb.c:279:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pp, "%03X ", line * NUM_COLUMNS);
data/sane-backends-1.0.31/sanei/sanei_usb.c:284:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pp, "%02X ", buffer[line * NUM_COLUMNS + column]);
data/sane-backends-1.0.31/sanei/sanei_usb.c:286:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pp, " ");
data/sane-backends-1.0.31/sanei/sanei_usb.c:292:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pp, "%c",
data/sane-backends-1.0.31/sanei/sanei_usb.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/sane-backends-1.0.31/sanei/sanei_usb.c:345:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctrl_fd = open (buf, O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_usb.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(devices[pos]), &device, sizeof (device));
data/sane-backends-1.0.31/sanei/sanei_usb.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_size];
data/sane-backends-1.0.31/sanei/sanei_usb.c:878:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_size];
data/sane-backends-1.0.31/sanei/sanei_usb.c:1268:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(devices[device_number]), &device, sizeof(device));
data/sane-backends-1.0.31/sanei/sanei_usb.c:1645:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (devname, O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_usb.c:2420:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (devices[devcount].open)
data/sane-backends-1.0.31/sanei/sanei_usb.c:2821:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
devices[devcount].fd = open (devname, O_RDWR);
data/sane-backends-1.0.31/sanei/sanei_usb.c:2986:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
workaround = atoi(env);
data/sane-backends-1.0.31/sanei/sanei_usb.c:2996:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!devices[dn].open)
data/sane-backends-1.0.31/sanei/sanei_usb.c:3079:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
workaround = atoi(env);
data/sane-backends-1.0.31/sanei/sanei_usb.c:3216:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_size];
data/sane-backends-1.0.31/sanei/sanei_usb.c:3316:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + total_got_size, got_data, got_size);
data/sane-backends-1.0.31/sanei/sanei_usb.c:3860:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_size];
data/sane-backends-1.0.31/sanei/sanei_usb.c:3970:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, tx_data, tx_data_size);
data/sane-backends-1.0.31/sanei/sanei_usb.c:4159:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[buf_size];
data/sane-backends-1.0.31/sanei/sanei_usb.c:4260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*) buffer, tx_data, tx_data_size);
data/sane-backends-1.0.31/testsuite/backend/genesys/session_config_test.cpp:320:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(path);
data/sane-backends-1.0.31/testsuite/backend/genesys/session_config_test.cpp:332:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.open(path);
data/sane-backends-1.0.31/testsuite/backend/genesys/tests_image_pipeline.cpp:384:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(in_data_8bit.data(), in_data.data(), in_data_8bit.size());
data/sane-backends-1.0.31/testsuite/backend/genesys/tests_image_pipeline.cpp:399:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(out_data.data(), out_data_8bit.data(), out_data_8bit.size());
data/sane-backends-1.0.31/testsuite/sanei/test_wire.c:173:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
w.io.fd = open (outfile, flags, 0666);
data/sane-backends-1.0.31/tools/check-usb-chip.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req[64];
data/sane-backends-1.0.31/tools/check-usb-chip.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req[64];
data/sane-backends-1.0.31/tools/check-usb-chip.c:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req[64];
data/sane-backends-1.0.31/tools/check-usb-chip.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req[2];
data/sane-backends-1.0.31/tools/check-usb-chip.c:721:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req[8];
data/sane-backends-1.0.31/tools/check-usb-chip.c:849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req[8];
data/sane-backends-1.0.31/tools/check-usb-chip.c:850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inquiry[0x60];
data/sane-backends-1.0.31/tools/check-usb-chip.c:1009:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/tools/check-usb-chip.c:1028:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/tools/check-usb-chip.c:2436:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[4];
data/sane-backends-1.0.31/tools/check-usb-chip.c:2437:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[10];
data/sane-backends-1.0.31/tools/check-usb-chip.c:2583:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[4];
data/sane-backends-1.0.31/tools/check-usb-chip.c:2584:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[243];
data/sane-backends-1.0.31/tools/check-usb-chip.c:2736:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/sane-backends-1.0.31/tools/check-usb-chip.c:2956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2];
data/sane-backends-1.0.31/tools/check-usb-chip.c:3470:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2];
data/sane-backends-1.0.31/tools/check-usb-chip.c:3644:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[64];
data/sane-backends-1.0.31/tools/check-usb-chip.c:3747:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char req[64];
data/sane-backends-1.0.31/tools/check-usb-chip.c:4071:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/tools/check-usb-chip.c:4094:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/sane-backends-1.0.31/tools/gamma4scanimage.c:55:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shadow = atoi(argv[2]);
data/sane-backends-1.0.31/tools/gamma4scanimage.c:60:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
highlight = atoi(argv[3]);
data/sane-backends-1.0.31/tools/gamma4scanimage.c:65:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxin = atoi(argv[4]);
data/sane-backends-1.0.31/tools/gamma4scanimage.c:70:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxout = atoi(argv[5]);
data/sane-backends-1.0.31/tools/mustek600iin-off.c:137:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (NULL != (fp = fopen (MUSTEK_CONF, "r")))
data/sane-backends-1.0.31/tools/mustek600iin-off.c:139:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/sane-backends-1.0.31/tools/mustek600iin-off.c:174:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((pfd = open (PORT_DEV, O_RDWR, 0666)) >= 0)
data/sane-backends-1.0.31/tools/sane-desc.c:465:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi (optarg);
data/sane-backends-1.0.31/tools/sane-desc.c:501:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num1 = atoi (num_string1);
data/sane-backends-1.0.31/tools/sane-desc.c:502:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num2 = atoi (num_string2);
data/sane-backends-1.0.31/tools/sane-desc.c:794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[PATH_MAX];
data/sane-backends-1.0.31/tools/sane-desc.c:844:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (file_name, "r");
data/sane-backends-1.0.31/tools/sane-desc.c:2040:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
aux = strcat (aux, "<");
data/sane-backends-1.0.31/tools/sane-desc.c:2043:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
aux = strcat (aux, ">");
data/sane-backends-1.0.31/tools/sane-desc.c:2046:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
aux = strcat (aux, "'");
data/sane-backends-1.0.31/tools/sane-desc.c:2049:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
aux = strcat (aux, "&");
data/sane-backends-1.0.31/tools/sane-find-scanner.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], driver[256] = "";
data/sane-backends-1.0.31/tools/sane-find-scanner.c:139:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ("/proc/devices", "r");
data/sane-backends-1.0.31/tools/sane-find-scanner.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc_buf[17];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:182:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %2.2x", *buf);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:186:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
asc_ptr += sprintf (asc_ptr, "%c", *buf);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:196:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " ");
data/sane-backends-1.0.31/tools/sane-find-scanner.c:213:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf (ptr, " %3.3d:", i);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:249:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vendor[9];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:250:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char product[17];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:251:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char version[5];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:310:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[16384];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buffer, short_buffer[2];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:765:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffer, short_buffer[2];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1136:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_name[PATH_MAX];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_hca_name[20];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1231:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[20];
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1232:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_name, "h%db%dt%dl%d", hca, inquiry->PathId, inquiry->TargetId, inquiry->Lun);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line [PATH_MAX], *token;
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1413:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
parsefile = fopen (filename, "r");
data/sane-backends-1.0.31/tools/umax_pp.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgstr[80];
data/sane-backends-1.0.31/tools/umax_pp.c:131:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:144:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:157:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:171:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:184:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trace = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:213:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dpi = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:313:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lamp = atoi (argv[i + 1]);
data/sane-backends-1.0.31/tools/umax_pp.c:333:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (dbgstr, "SANE_DEBUG_UMAX_PP_LOW=%d", trace);
data/sane-backends-1.0.31/backend/abaton.c:228:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/abaton.c:628:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/abaton.c:875:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/abaton.c:1281:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t read[10];
data/sane-backends-1.0.31/backend/abaton.c:1310:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset (read, 0, sizeof (read));
data/sane-backends-1.0.31/backend/abaton.c:1310:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset (read, 0, sizeof (read));
data/sane-backends-1.0.31/backend/abaton.c:1311:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[0] = READ_10;
data/sane-backends-1.0.31/backend/abaton.c:1364:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_scsi_cmd (s->fd, read, sizeof (read),
data/sane-backends-1.0.31/backend/abaton.c:1364:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_scsi_cmd (s->fd, read, sizeof (read),
data/sane-backends-1.0.31/backend/agfafocus.c:109:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/agfafocus.c:219:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/agfafocus.c:353:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (left * 5000);
data/sane-backends-1.0.31/backend/agfafocus.c:1304:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/agfafocus.c:2029:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->pipe, buf, max_len);
data/sane-backends-1.0.31/backend/apple.c:319:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/apple.c:627:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/apple.c:1891:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/apple.c:2439:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t read[10];
data/sane-backends-1.0.31/backend/apple.c:2478:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset (read, 0, sizeof (read));
data/sane-backends-1.0.31/backend/apple.c:2478:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset (read, 0, sizeof (read));
data/sane-backends-1.0.31/backend/apple.c:2479:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[0] = APPLE_SCSI_READ_SCANNED_DATA;
data/sane-backends-1.0.31/backend/apple.c:2551:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_scsi_cmd (s->fd, read, sizeof (read),
data/sane-backends-1.0.31/backend/apple.c:2551:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_scsi_cmd (s->fd, read, sizeof (read),
data/sane-backends-1.0.31/backend/artec.c:299:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (str) == 0))
data/sane-backends-1.0.31/backend/artec.c:312:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp_str, str, 1023);
data/sane-backends-1.0.31/backend/artec.c:377:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/artec.c:1108:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( prt_buf, "\n" );
data/sane-backends-1.0.31/backend/artec.c:1122:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( prt_buf, "\n" );
data/sane-backends-1.0.31/backend/artec.c:1207:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( prt_buf, "\n" );
data/sane-backends-1.0.31/backend/artec.c:1223:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( prt_buf, "\n" );
data/sane-backends-1.0.31/backend/artec.c:1803:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (info, (const char *) &cap_buf[0], 8);
data/sane-backends-1.0.31/backend/artec.c:1806:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (info, (const char *) &cap_buf[8], 16);
data/sane-backends-1.0.31/backend/artec.c:1809:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (info, (const char *) &cap_buf[24], 4);
data/sane-backends-1.0.31/backend/artec.c:1924:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( prt_buf, "\n" );
data/sane-backends-1.0.31/backend/artec.c:2035:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result + 8, temp_result, 8);
data/sane-backends-1.0.31/backend/artec.c:2047:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result + 16, temp_result, 16);
data/sane-backends-1.0.31/backend/artec.c:2056:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp_result, result + 8, 8);
data/sane-backends-1.0.31/backend/artec.c:2059:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (temp_result, result + 16, 16);
data/sane-backends-1.0.31/backend/artec.c:2114:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (product_revision, str + 12, 4);
data/sane-backends-1.0.31/backend/artec.c:2119:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (product_revision, str + 8, 4);
data/sane-backends-1.0.31/backend/artec.c:2124:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (product_revision, result + 32, 4);
data/sane-backends-1.0.31/backend/artec.c:2592:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (artec_vendor, "");
data/sane-backends-1.0.31/backend/artec.c:2593:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (artec_model, "");
data/sane-backends-1.0.31/backend/artec.c:2617:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (cp);
data/sane-backends-1.0.31/backend/artec.c:2650:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (artec_vendor, "");
data/sane-backends-1.0.31/backend/artec.c:2651:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (artec_model, "");
data/sane-backends-1.0.31/backend/artec.c:3505:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (50000); /* sleep for .05 second */
data/sane-backends-1.0.31/backend/artec.c:3540:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (50000); /* sleep for .05 second */
data/sane-backends-1.0.31/backend/artec_eplus48u.c:502:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:870:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char *) &src[strlen ("option")];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:970:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char *) &src[strlen ("device")];
data/sane-backends-1.0.31/backend/artec_eplus48u.c:2320:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (*reader->read) (reader, buffer_pointers_return);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:2502:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:2723:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3589:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (getenv ("HOME")) < (PATH_MAX - 1))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3594:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) < (PATH_MAX - 1 - strlen ("/.artec_eplus48u/")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3594:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) < (PATH_MAX - 1 - strlen ("/.artec_eplus48u/")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3601:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_black")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3601:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_black")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3623:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_white")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3623:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_white")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3643:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uoffset")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3643:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uoffset")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3665:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uexposure")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3665:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uexposure")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3707:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (getenv ("HOME")) < (PATH_MAX - 1))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3712:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) < (PATH_MAX - 1 - strlen ("/.artec_eplus48u/")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3712:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (path) < (PATH_MAX - 1 - strlen ("/.artec_eplus48u/")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3719:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_black")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3719:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_black")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3746:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_white")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3746:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48ushading_white")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3768:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uoffset")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3768:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uoffset")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3792:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uexposure")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:3792:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (filename) < (PATH_MAX - 1 - strlen ("artec48uexposure")))
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4325:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->pipe, data, max_length);
data/sane-backends-1.0.31/backend/artec_eplus48u.c:4480:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/sane-backends-1.0.31/backend/artec_eplus48u.h:262:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SANE_Status (*read) (Artec48U_Line_Reader * reader,
data/sane-backends-1.0.31/backend/as6e.c:148:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (s->as6e_params.ctlinpipe, &written, sizeof (written));
data/sane-backends-1.0.31/backend/as6e.c:208:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ctlbytes = read (s->as6e_params.ctlinpipe, &written, sizeof (written));
data/sane-backends-1.0.31/backend/as6e.c:214:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (s->as6e_params.ctlinpipe, &written, sizeof (written));
data/sane-backends-1.0.31/backend/as6e.c:234:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (s->as6e_params.datapipe, linebuffer + linebufcounter,
data/sane-backends-1.0.31/backend/as6e.c:588:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (ctlinpipe[READPIPE], &as6e_status, sizeof (as6e_status));
data/sane-backends-1.0.31/backend/as6e.c:642:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/as6e.c:694:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/avision.c:1687:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/avision.c:8523:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s->duplex_offtmp_fname, "/tmp/avision-offtmp-XXXXXX", PATH_MAX);
data/sane-backends-1.0.31/backend/avision.c:8539:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s->duplex_rear_fname, "/tmp/avision-rear-XXXXXX", PATH_MAX);
data/sane-backends-1.0.31/backend/avision.c:9209:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->read_fds, buf, max_len);
data/sane-backends-1.0.31/backend/bh.c:94:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/bh.c:1389:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > sizeof(buf) - 1)
data/sane-backends-1.0.31/backend/bh.c:1508:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > sizeof(buf) - 1)
data/sane-backends-1.0.31/backend/bh.c:1538:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section += strlen(section) + 1;
data/sane-backends-1.0.31/backend/bh.c:1539:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (section > buf + strlen(val)) break;
data/sane-backends-1.0.31/backend/bh.c:1864:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s->barfname, "/tmp/bhXXXXXX", sizeof(s->barfname));
data/sane-backends-1.0.31/backend/bh.c:2003:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(print_sense + strlen(print_sense), "%02x ", result[i]);
data/sane-backends-1.0.31/backend/bh.c:3173:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/bh.c:3213:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (devnam, lp, sizeof(devnam));
data/sane-backends-1.0.31/backend/canon-sane.c:72:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/canon-sane.c:2043:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readres = read (s->tmpfile, &(firstimage[pos]), nremain);
data/sane-backends-1.0.31/backend/canon.c:217:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/canon.c:828:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (str, (char *) (ibuf + 16), 16);
data/sane-backends-1.0.31/backend/canon630u-common.c:366:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/canon630u-common.c:771:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (600000);
data/sane-backends-1.0.31/backend/canon630u-common.c:930:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200000);
data/sane-backends-1.0.31/backend/canon630u-common.c:1111:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldmask = umask (0);
data/sane-backends-1.0.31/backend/canon630u-common.c:1114:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (oldmask);
data/sane-backends-1.0.31/backend/canon630u.c:753:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/backend/canon_dr-cmd.h:129:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_vendor(in, buf) strncpy(buf, (char *)in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/canon_dr-cmd.h:130:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_product(in, buf) strncpy(buf, (char *)in + 0x10, 0x010)
data/sane-backends-1.0.31/backend/canon_dr-cmd.h:131:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_version(in, buf) strncpy(buf, (char *)in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/canon_dr.c:677:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_vendor_name, lp, 8);
data/sane-backends-1.0.31/backend/canon_dr.c:689:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_model_name, lp, 16);
data/sane-backends-1.0.31/backend/canon_dr.c:701:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(global_version_name, lp, 4);
data/sane-backends-1.0.31/backend/canon_dr.c:853:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strlen(global_vendor_name)
data/sane-backends-1.0.31/backend/canon_dr.c:854:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strlen(global_model_name)
data/sane-backends-1.0.31/backend/canon_dr.c:855:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strlen(global_version_name)
data/sane-backends-1.0.31/backend/canon_dr.c:867:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(global_vendor_name))
data/sane-backends-1.0.31/backend/canon_dr.c:869:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(global_model_name))
data/sane-backends-1.0.31/backend/canon_dr.c:871:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(global_version_name))
data/sane-backends-1.0.31/backend/canon_dr.c:3996:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/sane-backends-1.0.31/backend/canon_dr.c:7517:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/sane-backends-1.0.31/backend/canon_dr.c:7727:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/canon_lide70-common.c:176:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1 * MSEC);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:233:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1 * MSEC);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2352:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1 * MSEC);
data/sane-backends-1.0.31/backend/canon_lide70-common.c:2396:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200 * MSEC);
data/sane-backends-1.0.31/backend/canon_lide70.c:75:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/canon_lide70.c:255:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:259:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
diff = read(fd, p+total, len-total);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:410:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(sp->id_string+8, cur_id->id, strlen(cur_id->id)))
data/sane-backends-1.0.31/backend/canon_pp-dev.c:492:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = safe_read(fd, buffer, strlen(header) + 1);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:1058:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(15000000);
data/sane-backends-1.0.31/backend/canon_pp-dev.c:1151:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (safe_write(outfile, header, strlen(header) + 1) < 0)
data/sane-backends-1.0.31/backend/canon_pp-dev.c:1361:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay);
data/sane-backends-1.0.31/backend/canon_pp-io.c:185:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/sane-backends-1.0.31/backend/canon_pp-io.c:187:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/sane-backends-1.0.31/backend/canon_pp-io.c:211:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000000);
data/sane-backends-1.0.31/backend/canon_pp-io.c:469:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:471:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:473:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:475:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:494:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:496:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:498:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:505:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:507:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:509:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/canon_pp-io.c:544:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5);
data/sane-backends-1.0.31/backend/canon_pp-io.c:553:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000); /* a short pause */
data/sane-backends-1.0.31/backend/canon_pp-io.c:608:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/sane-backends-1.0.31/backend/canon_pp.c:211:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(line))
data/sane-backends-1.0.31/backend/canon_pp.c:535:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(name))
data/sane-backends-1.0.31/backend/canon_pp.c:1839:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, myhome, PATH_MAX);
data/sane-backends-1.0.31/backend/canon_pp.c:1840:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp+strlen(tmp), (cs->weights_file)+1,
data/sane-backends-1.0.31/backend/canon_pp.c:1840:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp+strlen(tmp), (cs->weights_file)+1,
data/sane-backends-1.0.31/backend/canon_pp.c:1841:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PATH_MAX-strlen(tmp));
data/sane-backends-1.0.31/backend/cardscan.c:1631:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/coolscan-scsidef.h:174:49: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_vendor(in, buf) strncpy(buf, in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/coolscan-scsidef.h:175:49: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_product(in, buf) strncpy(buf, in + 0x10, 0x010)
data/sane-backends-1.0.31/backend/coolscan-scsidef.h:176:49: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_version(in, buf) strncpy(buf, in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/coolscan.c:289:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000); /* wait 0.5 seconds */
data/sane-backends-1.0.31/backend/coolscan.c:1335:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp ((char *)product, scanner_str[i], strlen (scanner_str[i])))
data/sane-backends-1.0.31/backend/coolscan.c:2001:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/coolscan.c:3262:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/coolscan.c:4120:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (scanner->pipe, buf, max_len);
data/sane-backends-1.0.31/backend/coolscan2.c:407:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (p) && (p[0] != '\n') && (p[0] != '#'))
data/sane-backends-1.0.31/backend/coolscan2.c:1800:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (device, prefix, strlen (prefix)))
data/sane-backends-1.0.31/backend/coolscan2.c:1802:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
device2 = device + strlen (prefix);
data/sane-backends-1.0.31/backend/coolscan2.c:1850:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->vendor_string, (char *)s->recv_buf + 8, 8);
data/sane-backends-1.0.31/backend/coolscan2.c:1852:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->product_string, (char *)s->recv_buf + 16, 16);
data/sane-backends-1.0.31/backend/coolscan2.c:1854:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->revision_string, (char *)s->recv_buf + 32, 4);
data/sane-backends-1.0.31/backend/coolscan2.c:1916:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs2_xmalloc (strlen (device) + strlen (prefix) + 1);
data/sane-backends-1.0.31/backend/coolscan2.c:1916:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs2_xmalloc (strlen (device) + strlen (prefix) + 1);
data/sane-backends-1.0.31/backend/coolscan2.c:1926:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs2_xmalloc (strlen (s->vendor_string) + 1);
data/sane-backends-1.0.31/backend/coolscan2.c:1935:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs2_xmalloc (strlen (s->product_string) + 1);
data/sane-backends-1.0.31/backend/coolscan2.c:2097:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (text); i += 2)
data/sane-backends-1.0.31/backend/coolscan2.c:2309:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/coolscan3.c:369:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) && (p[0] != '\n')
data/sane-backends-1.0.31/backend/coolscan3.c:1762:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, l = strlen(s);
data/sane-backends-1.0.31/backend/coolscan3.c:1828:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(device, prefix, strlen(prefix))) {
data/sane-backends-1.0.31/backend/coolscan3.c:1829:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const void *p = device + strlen(prefix);
data/sane-backends-1.0.31/backend/coolscan3.c:1873:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s->vendor_string, (char *) s->recv_buf + 8, 8);
data/sane-backends-1.0.31/backend/coolscan3.c:1875:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s->product_string, (char *) s->recv_buf + 16, 16);
data/sane-backends-1.0.31/backend/coolscan3.c:1877:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s->revision_string, (char *) s->recv_buf + 32, 4);
data/sane-backends-1.0.31/backend/coolscan3.c:1943:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs3_xmalloc(strlen(device) + strlen(prefix) +
data/sane-backends-1.0.31/backend/coolscan3.c:1943:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs3_xmalloc(strlen(device) + strlen(prefix) +
data/sane-backends-1.0.31/backend/coolscan3.c:1953:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs3_xmalloc(strlen(s->vendor_string) + 1);
data/sane-backends-1.0.31/backend/coolscan3.c:1961:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line = (char *) cs3_xmalloc(strlen(s->product_string) + 1);
data/sane-backends-1.0.31/backend/coolscan3.c:2140:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(text); i += 2)
data/sane-backends-1.0.31/backend/coolscan3.c:2355:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/sane-backends-1.0.31/backend/dc210.c:303:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (cmdrespause);
data/sane-backends-1.0.31/backend/dc210.c:305:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (fd, (char *) &r, 1)) != 1)
data/sane-backends-1.0.31/backend/dc210.c:418:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (breakpause);
data/sane-backends-1.0.31/backend/dc210.c:534:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &c, 1) != 1)
data/sane-backends-1.0.31/backend/dc210.c:545:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; n < sz && (r = read (fd, (char *) &buf[n], sz - n)) > 0; n += r)
data/sane-backends-1.0.31/backend/dc210.c:554:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (n < sz || read (fd, &rcsum, 1) != 1)
data/sane-backends-1.0.31/backend/dc210.c:587:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &c, 1) != 1)
data/sane-backends-1.0.31/backend/dc210.c:690:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/dc240.c:344:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (cmdrespause);
data/sane-backends-1.0.31/backend/dc240.c:346:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (fd, (char *) &r, 1)) != 1)
data/sane-backends-1.0.31/backend/dc240.c:463:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (breakpause);
data/sane-backends-1.0.31/backend/dc240.c:471:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (camera->fd, buf, 5);
data/sane-backends-1.0.31/backend/dc240.c:489:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (camera->fd, buf, 5);
data/sane-backends-1.0.31/backend/dc240.c:663:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &c, 1) != 1)
data/sane-backends-1.0.31/backend/dc240.c:677:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; n < sz && (r = read (fd, (char *) &buf[n], sz - n)) > 0;
data/sane-backends-1.0.31/backend/dc240.c:686:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (n < sz || read (fd, &rcsum, 1) != 1)
data/sane-backends-1.0.31/backend/dc240.c:728:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (fd, &c, 1)) == -1)
data/sane-backends-1.0.31/backend/dc240.c:847:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/dc240.c:1434:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (path, "\\");
data/sane-backends-1.0.31/backend/dc240.c:1436:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen (path) - 3] = '\0';
data/sane-backends-1.0.31/backend/dc240.c:1598:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (Camera.fd, flush, 1024);
data/sane-backends-1.0.31/backend/dc240.c:1777:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (Camera.fd, flush, 10);
data/sane-backends-1.0.31/backend/dc240.c:1950:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (path, "\\");
data/sane-backends-1.0.31/backend/dc240.c:1952:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path[strlen (path) - 3] = '\0';
data/sane-backends-1.0.31/backend/dc240.c:2024:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (cmdrespause);
data/sane-backends-1.0.31/backend/dc240.c:2029:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (Camera.fd, (char *) &r, 1)) != 1)
data/sane-backends-1.0.31/backend/dc25.c:379:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10);
data/sane-backends-1.0.31/backend/dc25.c:389:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read (fd, (char *) &r, 1)) != 1)
data/sane-backends-1.0.31/backend/dc25.c:644:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (n = 0; n < sz && (r = read (fd, (char *) &buf[n], sz - n)) > 0;
data/sane-backends-1.0.31/backend/dc25.c:654:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (n < sz || read (fd, &rcsum, 1) != 1)
data/sane-backends-1.0.31/backend/dc25.c:690:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, &c, 1) != 1)
data/sane-backends-1.0.31/backend/dc25.c:1698:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, (char *) &result, 1) != 1)
data/sane-backends-1.0.31/backend/dc25.c:1861:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/dc25.c:2373:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10);
data/sane-backends-1.0.31/backend/dell1600n_net.c:344:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valLen = strlen( "named_scanner:" );
data/sane-backends-1.0.31/backend/dell1600n_net.c:430:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (sock, sockBuf, sizeof (sockBuf));
data/sane-backends-1.0.31/backend/dell1600n_net.c:730:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (gOpenScanners[iHandle]->m_regName));
data/sane-backends-1.0.31/backend/dell1600n_net.c:769:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (gOpenScanners[iHandle]->m_udpFd, sockBuf, sizeof (sockBuf));
data/sane-backends-1.0.31/backend/dell1600n_net.c:955:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineBufFree = sizeof (lineBuf) - strlen (lineBuf) - 1;
data/sane-backends-1.0.31/backend/dell1600n_net.c:956:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (lineBuf, itemBuf, lineBufFree);
data/sane-backends-1.0.31/backend/dell1600n_net.c:971:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (itemBuf, ".");
data/sane-backends-1.0.31/backend/dell1600n_net.c:973:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineBufFree = sizeof (lineBuf) - strlen (lineBuf) - 1;
data/sane-backends-1.0.31/backend/dell1600n_net.c:974:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (lineBuf, itemBuf, lineBufFree);
data/sane-backends-1.0.31/backend/dell1600n_net.c:988:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineBufFree = sizeof (lineBuf) - strlen (lineBuf) - 1;
data/sane-backends-1.0.31/backend/dell1600n_net.c:989:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat (lineBuf, " ", lineBufFree);
data/sane-backends-1.0.31/backend/dell1600n_net.c:999:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (itemBuf, ".");
data/sane-backends-1.0.31/backend/dell1600n_net.c:1001:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineBufFree = sizeof (lineBuf) - strlen (lineBuf) - 1;
data/sane-backends-1.0.31/backend/dell1600n_net.c:1002:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat (lineBuf, itemBuf, lineBufFree);
data/sane-backends-1.0.31/backend/dell1600n_net.c:1101:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = htons (strlen (messageName));
data/sane-backends-1.0.31/backend/dell1600n_net.c:1105:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AppendToComBuf (pBuf, (void *) messageName, strlen (messageName));
data/sane-backends-1.0.31/backend/dell1600n_net.c:1261:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ! strlen( printerName ) ) return NULL;
data/sane-backends-1.0.31/backend/dell1600n_net.c:1422:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (pState->m_tcpFd, sockBuf, sizeof (sockBuf));
data/sane-backends-1.0.31/backend/dll.c:220:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern SANE_Status BE_ENTRY(name,read) (SANE_Handle, SANE_Byte *, SANE_Int, SANE_Int *); \
data/sane-backends-1.0.31/backend/dll.c:242:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BE_ENTRY(name,read), \
data/sane-backends-1.0.31/backend/dll.c:473:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src_len = strlen (path) + strlen (DIR_SEP) + strlen(DEB_DLL_LIBDIR) + 1;
data/sane-backends-1.0.31/backend/dll.c:473:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src_len = strlen (path) + strlen (DIR_SEP) + strlen(DEB_DLL_LIBDIR) + 1;
data/sane-backends-1.0.31/backend/dll.c:473:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src_len = strlen (path) + strlen (DIR_SEP) + strlen(DEB_DLL_LIBDIR) + 1;
data/sane-backends-1.0.31/backend/dll.c:503:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir, be->name, strlen(be->name)>7 ? (be->name)+strlen(be->name)-5 :
data/sane-backends-1.0.31/backend/dll.c:503:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir, be->name, strlen(be->name)>7 ? (be->name)+strlen(be->name)-5 :
data/sane-backends-1.0.31/backend/dll.c:570:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
funcname = alloca (strlen (be->name) + 64);
data/sane-backends-1.0.31/backend/dll.c:747:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (alias->oldname, oldname, oldlen);
data/sane-backends-1.0.31/backend/dll.c:752:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (alias->newname, newname, newlen);
data/sane-backends-1.0.31/backend/dll.c:821:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char conffile[PATH_MAX + strlen("/") + NAME_MAX];
data/sane-backends-1.0.31/backend/dll.c:845:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen (dir) + 1;
data/sane-backends-1.0.31/backend/dll.c:866:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dllconf->d_name);
data/sane-backends-1.0.31/backend/dll.c:950:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/backend/dll.c:1119:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (be->name);
data/sane-backends-1.0.31/backend/dll.c:1120:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (alias->oldname) <= len)
data/sane-backends-1.0.31/backend/dll.c:1133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (alias->newname);
data/sane-backends-1.0.31/backend/dll.c:1146:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (be->name) + 1 + strlen (be_list[i]->name);
data/sane-backends-1.0.31/backend/dll.c:1146:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (be->name) + 1 + strlen (be_list[i]->name);
data/sane-backends-1.0.31/backend/dll.c:1153:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (full_name, ":");
data/sane-backends-1.0.31/backend/dmc.c:840:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/epjitsu.c:358:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
firmware_len = strlen(lp);
data/sane-backends-1.0.31/backend/epjitsu.c:752:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(file,buf,FIRMWARE_LENGTH);
data/sane-backends-1.0.31/backend/epjitsu.c:3933:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(15000);
data/sane-backends-1.0.31/backend/epjitsu.c:4936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/epson.c:790:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/epson.c:1007:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (hex_str); i < (NUM_OF_HEX_ELEMENTS * 3); i++)
data/sane-backends-1.0.31/backend/epson.c:1022:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (hex_str); i < NUM_OF_HEX_ELEMENTS * 3; i++)
data/sane-backends-1.0.31/backend/epson.c:1095:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (model, "ES-9000H", strlen ("ES-9000H"))
data/sane-backends-1.0.31/backend/epson.c:1096:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| 0 == strncmp (model, "GT-30000", strlen ("GT-30000")))
data/sane-backends-1.0.31/backend/epson.c:2023:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(dev_name, SANE_EPSON_CONFIG_PIO, strlen (SANE_EPSON_CONFIG_PIO)) == 0)
data/sane-backends-1.0.31/backend/epson.c:2026:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dev_name += strlen (SANE_EPSON_CONFIG_PIO);
data/sane-backends-1.0.31/backend/epson.c:2127:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
isLibUSB = (strncmp (dev_name, "libusb:", strlen ("libusb:")) == 0);
data/sane-backends-1.0.31/backend/epson.c:2129:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!isLibUSB) && (strlen (dev_name) == 0))
data/sane-backends-1.0.31/backend/epson.c:2406:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (device_name);
data/sane-backends-1.0.31/backend/epson.c:2543:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (device_name);
data/sane-backends-1.0.31/backend/epson.c:2595:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = malloc (strlen (dev_name) + 1);
data/sane-backends-1.0.31/backend/epson.c:2635:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (devname);
data/sane-backends-1.0.31/backend/epson.c:2684:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/epson2-ops.c:315:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dev->model, model, strlen(model)) == 0)
data/sane-backends-1.0.31/backend/epson2-ops.c:1760:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t buf_len = 0, read;
data/sane-backends-1.0.31/backend/epson2-ops.c:1787:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG(18, "%s: read %lu bytes, status: %d\n", __func__, (unsigned long) read, status);
data/sane-backends-1.0.31/backend/epson2.c:327:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(strings[i]) + 1;
data/sane-backends-1.0.31/backend/epson2.c:463:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/sane-backends-1.0.31/backend/epson2.c:477:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 5) {
data/sane-backends-1.0.31/backend/epson2.c:821:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(line);
data/sane-backends-1.0.31/backend/epson2.c:1468:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(name);
data/sane-backends-1.0.31/backend/epson2_net.c:59:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < wanted) {
data/sane-backends-1.0.31/backend/epson2_net.c:63:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/epson2_net.c:83:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netptr += read;
data/sane-backends-1.0.31/backend/epson2_net.c:84:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netlen -= read;
data/sane-backends-1.0.31/backend/epson2_net.c:93:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/epson2_net.c:116:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 12) {
data/sane-backends-1.0.31/backend/epson2_net.c:154:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netlen = (read > 0 ? read : 0);
data/sane-backends-1.0.31/backend/epson2_net.c:154:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netlen = (read > 0 ? read : 0);
data/sane-backends-1.0.31/backend/epson2_net.c:160:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/epsonds-cmd.c:195:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != more) {
data/sane-backends-1.0.31/backend/epsonds-cmd.c:293:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:748:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return esci2_cmd(s, "PARAx0000000", 12, parameters, strlen(parameters), NULL, ¶_cb);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:754:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return esci2_cmd(s, "MECHx0000000", 12, parameters, strlen(parameters), NULL, ¶_cb);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:847:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/sane-backends-1.0.31/backend/epsonds-cmd.c:898:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != more) {
data/sane-backends-1.0.31/backend/epsonds-cmd.c:907:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG(15, "%s: read %lu bytes, status: %d\n", __func__, (unsigned long) read, status);
data/sane-backends-1.0.31/backend/epsonds-cmd.c:909:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*length = read;
data/sane-backends-1.0.31/backend/epsonds-net.c:59:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < wanted) {
data/sane-backends-1.0.31/backend/epsonds-net.c:63:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/epsonds-net.c:83:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netptr += read;
data/sane-backends-1.0.31/backend/epsonds-net.c:84:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netlen -= read;
data/sane-backends-1.0.31/backend/epsonds-net.c:93:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/epsonds-net.c:116:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 12) {
data/sane-backends-1.0.31/backend/epsonds-net.c:154:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netlen = (read > 0 ? read : 0);
data/sane-backends-1.0.31/backend/epsonds-net.c:154:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->netlen = (read > 0 ? read : 0);
data/sane-backends-1.0.31/backend/epsonds-net.c:160:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/epsonds-ops.c:81:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dev->model, model, strlen(model)) == 0)
data/sane-backends-1.0.31/backend/epsonds.c:123:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(strings[i]) + 1;
data/sane-backends-1.0.31/backend/epsonds.c:236:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/sane-backends-1.0.31/backend/epsonds.c:251:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 5) {
data/sane-backends-1.0.31/backend/epsonds.c:489:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(line);
data/sane-backends-1.0.31/backend/epsonds.c:1384:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eds_jpeg_read(handle, data, max_length, &read);
data/sane-backends-1.0.31/backend/epsonds.c:1386:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
eds_copy_image_from_ring(s, data, max_length, &read);
data/sane-backends-1.0.31/backend/epsonds.c:1393:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*length = read;
data/sane-backends-1.0.31/backend/epsonds.c:1410:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = esci2_img(s, &read);
data/sane-backends-1.0.31/backend/epsonds.c:1412:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG(20, "read: %d, eof: %d, backside: %d, status: %d\n", read, s->eof, s->backside, status);
data/sane-backends-1.0.31/backend/epsonds.c:1449:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/sane-backends-1.0.31/backend/epsonds.c:1452:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, read / (s->params.bytes_per_line + s->dummy),
data/sane-backends-1.0.31/backend/epsonds.c:1452:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, read / (s->params.bytes_per_line + s->dummy),
data/sane-backends-1.0.31/backend/epsonds.c:1456:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = eds_ring_write(s->backside ? &s->back : &s->front, s->buf, read);
data/sane-backends-1.0.31/backend/escl/escl.c:212:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen (strings[i]);
data/sane-backends-1.0.31/backend/escl/escl.c:280:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cdev->unix_socket && strlen(cdev->unix_socket)) {
data/sane-backends-1.0.31/backend/escl/escl.c:301:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lv = strlen(sdev->vendor) + 1;
data/sane-backends-1.0.31/backend/escl/escl.c:523:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t t = strlen (*sources) + 1;
data/sane-backends-1.0.31/backend/escl/escl_newjob.c:199:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upload->size = strlen(cap_data);
data/sane-backends-1.0.31/backend/fujitsu-scsi.h:143:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_vendor(in, buf) strncpy(buf, (char *)in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/fujitsu-scsi.h:144:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_product(in, buf) strncpy(buf, (char *)in + 0x10, 0x010)
data/sane-backends-1.0.31/backend/fujitsu-scsi.h:145:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_version(in, buf) strncpy(buf, (char *)in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/fujitsu.c:5216:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/sane-backends-1.0.31/backend/fujitsu.c:5874:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(
data/sane-backends-1.0.31/backend/fujitsu.c:6094:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strLen = strlen(s->u_endorser_string);
data/sane-backends-1.0.31/backend/fujitsu.c:7405:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/sane-backends-1.0.31/backend/fujitsu.c:7463:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/sane-backends-1.0.31/backend/fujitsu.c:10069:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/genesys/error.cpp:108:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t status_msg_len = std::strlen(status_msg);
data/sane-backends-1.0.31/backend/genesys/error.cpp:116:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t status_msg_len = std::strlen(status_msg);
data/sane-backends-1.0.31/backend/genesys/error.cpp:125:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_.reserve(std::strlen(formatting_error_msg) + 3 + status_msg_len);
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4272:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4286:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = std::max(max_size, std::strlen(s));
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:4535:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(filename);i++)
data/sane-backends-1.0.31/backend/genesys/genesys.cpp:5827:91: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*reinterpret_cast<SANE_Bool*>(val) = s->buttons[genesys_option_to_button(option)].read();
data/sane-backends-1.0.31/backend/genesys/genesys.h:165:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read()
data/sane-backends-1.0.31/backend/genesys/image_pixel.h:96:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(std::begin(data), std::end(data),
data/sane-backends-1.0.31/backend/gphoto2.c:473:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200);
data/sane-backends-1.0.31/backend/gphoto2.c:710:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/gphoto2.c:834:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev_name) > 10)
data/sane-backends-1.0.31/backend/gphoto2.c:1271:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((char *) value, (const char *) folder_list[current_folder],
data/sane-backends-1.0.31/backend/gphoto2.c:1614:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (path, "/");
data/sane-backends-1.0.31/backend/gphoto2.c:1785:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (path, "\\");
data/sane-backends-1.0.31/backend/gt68xx.c:197:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/gt68xx.c:957:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (basename, dev->model->firmware_name, sizeof(basename) - 1);
data/sane-backends-1.0.31/backend/gt68xx.c:964:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (filename, dev->model->firmware_name, sizeof(filename) - 1);
data/sane-backends-1.0.31/backend/gt68xx.c:966:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dirname, dev->model->firmware_name, sizeof(dirname) - 1);
data/sane-backends-1.0.31/backend/gt68xx.c:972:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (basename, pos + 1, sizeof(basename) - 1);
data/sane-backends-1.0.31/backend/gt68xx_high.c:441:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* needed by the BP 2400 CU Plus? */
data/sane-backends-1.0.31/backend/gt68xx_high.c:460:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/gt68xx_high.c:504:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/gt68xx_high.c:827:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/gt68xx_high.c:879:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/gt68xx_high.c:1210:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200000);
data/sane-backends-1.0.31/backend/gt68xx_mid.c:1193:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = (*reader->read) (reader, buffer_pointers_return);
data/sane-backends-1.0.31/backend/gt68xx_mid.h:98:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SANE_Status (*read) (GT68xx_Line_Reader * reader,
data/sane-backends-1.0.31/backend/gt68xx_shm_channel.c:371:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read (shm_channel->reader_put_pipe[0], &buf_index, 1);
data/sane-backends-1.0.31/backend/gt68xx_shm_channel.c:590:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read (shm_channel->writer_put_pipe[0], &buf_index, 1);
data/sane-backends-1.0.31/backend/hp-accessor.c:459:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((SANE_Int)strlen(choice->name) >= size)
data/sane-backends-1.0.31/backend/hp-accessor.c:460:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(choice->name) + 1;
data/sane-backends-1.0.31/backend/hp-handle.c:684:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nread = read(this->pipe_read_fd, buf, *lengthp)) < 0)
data/sane-backends-1.0.31/backend/hp-hpmem.c:107:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sanei_hp_memdup(str, strlen(str) + 1);
data/sane-backends-1.0.31/backend/hp-option.c:2182:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (homedir) + 33;
data/sane-backends-1.0.31/backend/hp-option.c:2183:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( devname ) name_len += strlen (devname);
data/sane-backends-1.0.31/backend/hp-option.c:2191:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cf = calib_filename + strlen (calib_filename);
data/sane-backends-1.0.31/backend/hp-option.c:2222:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = ((c1 = getc (calib_file)) == EOF);
data/sane-backends-1.0.31/backend/hp-option.c:2223:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err |= ((c2 = getc (calib_file)) == EOF);
data/sane-backends-1.0.31/backend/hp-option.c:2224:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err |= ((c3 = getc (calib_file)) == EOF);
data/sane-backends-1.0.31/backend/hp-option.c:2225:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err |= ((c4 = getc (calib_file)) == EOF);
data/sane-backends-1.0.31/backend/hp-scl.c:367:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (this->fd, data, *len);
data/sane-backends-1.0.31/backend/hp-scl.c:389:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100*1000); /* sleep 0.1 seconds */
data/sane-backends-1.0.31/backend/hp-scl.c:530:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->devname = sanei_hp_alloc ( strlen ( devname ) + 1 );
data/sane-backends-1.0.31/backend/hp-scl.c:635:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500*1000); /* Wait 0.5 seconds */
data/sane-backends-1.0.31/backend/hp-scl.c:651:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->devname = sanei_hp_alloc ( strlen ( devname ) + 1 );
data/sane-backends-1.0.31/backend/hp-scl.c:1582:8: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep ((unsigned long)333*1000); /* Wait 1/3 second */
data/sane-backends-1.0.31/backend/hp-scl.c:1767:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000); /* 500 works, too, but not 100 */
data/sane-backends-1.0.31/backend/hp.c:356:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (info->devname, devname, k);
data/sane-backends-1.0.31/backend/hp.c:666:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = strlen (buf);
data/sane-backends-1.0.31/backend/hp3500.c:818:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (source, buf, max_len);
data/sane-backends-1.0.31/backend/hp3500.c:2508:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/hp3500.c:2564:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (buffer + strlen (buffer), "%02x:", i);
data/sane-backends-1.0.31/backend/hp3500.c:2567:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (buffer + strlen (buffer), " %02x", regs[i++]);
data/sane-backends-1.0.31/backend/hp3500.c:2570:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (buffer + strlen (buffer), " -");
data/sane-backends-1.0.31/backend/hp3500.c:2572:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (buffer + strlen (buffer), " %02x", regs[i++]);
data/sane-backends-1.0.31/backend/hp3500.c:2943:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/hp3500.c:3446:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/sane-backends-1.0.31/backend/hp3500.c:3591:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); /* To be sure it has gone off */
data/sane-backends-1.0.31/backend/hp3500.c:3596:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); /* Give the lamp time to settle */
data/sane-backends-1.0.31/backend/hp3500.c:3873:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/hp3900_debug.c:364:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (sline, "\n");
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:1095:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 200);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:4155:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 100);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:4185:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 100);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:4622:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 100);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:6294:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 500);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:6345:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 200);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8021:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 200);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8210:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 200);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8431:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 500);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:8440:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 5000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10180:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100 * 1000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10351:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * ((v14b4 == 0) ? 500 : 300));
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10510:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 3000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10583:8: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 2000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:10794:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 200);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:11181:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * check.interval);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:12082:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, dev->chipset->name, size);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13283:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200 * 1000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:13307:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 1000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14885:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200 * 1000);
data/sane-backends-1.0.31/backend/hp3900_rts8822.c:14897:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000 * 1000);
data/sane-backends-1.0.31/backend/hp3900_sane.c:508:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scanner->aOptions[opt_chipname].size = strlen (data) + 1;
data/sane-backends-1.0.31/backend/hp3900_sane.c:1098:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/hp3900_sane.c:1571:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pDesc->size = strlen(pVal->s) + 1;
data/sane-backends-1.0.31/backend/hp3900_sane.c:1857:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/sane-backends-1.0.31/backend/hp3900_sane.c:1991:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, scanner->aValues[optid].s, scanner->aOptions[optid].size);
data/sane-backends-1.0.31/backend/hp4200.c:420:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:422:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:438:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (HP4200_CHECK_INTERVAL);
data/sane-backends-1.0.31/backend/hp4200.c:1082:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:1402:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:1509:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100);
data/sane-backends-1.0.31/backend/hp4200.c:1542:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:1880:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:2018:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100);
data/sane-backends-1.0.31/backend/hp4200.c:2063:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:2065:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10 * 1000);
data/sane-backends-1.0.31/backend/hp4200.c:2404:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev_name) == 0)
data/sane-backends-1.0.31/backend/hp4200_lm9830.c:214:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100);
data/sane-backends-1.0.31/backend/hp4200_lm9830.c:216:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100);
data/sane-backends-1.0.31/backend/hp5400_internal.c:912:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buffer);
data/sane-backends-1.0.31/backend/hp5400_internal.c:970:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buffer);
data/sane-backends-1.0.31/backend/hp5400_internal.c:1435:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (szVersion + 1, MatchVersions[i] .strVersion, strlen(MatchVersions[i] .strVersion) - 4)) {
data/sane-backends-1.0.31/backend/hp5400_internal.c:1511:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!memcmp (szVersion + 1, MatchVersions[i] .strVersion, strlen (MatchVersions[i] .strVersion) - 4)) {
data/sane-backends-1.0.31/backend/hp5400_sane.c:753:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/sane-backends-1.0.31/backend/hp5590.c:1005:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_MODE_LINEART, strlen (SANE_VALUE_SCAN_MODE_LINEART));
data/sane-backends-1.0.31/backend/hp5590.c:1009:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_MODE_GRAY, strlen (SANE_VALUE_SCAN_MODE_GRAY));
data/sane-backends-1.0.31/backend/hp5590.c:1013:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_MODE_COLOR_24, strlen (SANE_VALUE_SCAN_MODE_COLOR_24));
data/sane-backends-1.0.31/backend/hp5590.c:1017:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_MODE_COLOR_48, strlen (SANE_VALUE_SCAN_MODE_COLOR_48));
data/sane-backends-1.0.31/backend/hp5590.c:1029:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_SOURCE_FLATBED, strlen (SANE_VALUE_SCAN_SOURCE_FLATBED));
data/sane-backends-1.0.31/backend/hp5590.c:1033:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_SOURCE_ADF, strlen (SANE_VALUE_SCAN_SOURCE_ADF));
data/sane-backends-1.0.31/backend/hp5590.c:1037:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_SOURCE_ADF_DUPLEX, strlen (SANE_VALUE_SCAN_SOURCE_ADF_DUPLEX));
data/sane-backends-1.0.31/backend/hp5590.c:1041:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_SOURCE_TMA_SLIDES, strlen (SANE_VALUE_SCAN_SOURCE_TMA_SLIDES));
data/sane-backends-1.0.31/backend/hp5590.c:1045:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, SANE_VALUE_SCAN_SOURCE_TMA_NEGATIVES, strlen (SANE_VALUE_SCAN_SOURCE_TMA_NEGATIVES));
data/sane-backends-1.0.31/backend/hp5590.c:1076:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_POWER_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1079:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_SCAN_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1082:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_COLLECT_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1085:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_FILE_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1088:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_EMAIL_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1091:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_COPY_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1094:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_UP_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1097:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_DOWN_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1100:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_MODE_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1103:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_CANCEL_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1107:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, BUTTON_PRESSED_VALUE_NONE_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1120:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, COLOR_LED_VALUE_BLACKWHITE_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1124:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (value, COLOR_LED_VALUE_COLOR_KEY, scanner->opts[option].size);
data/sane-backends-1.0.31/backend/hp5590.c:1162:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, TRAILING_LINES_MODE_RAW_KEY, strlen (TRAILING_LINES_MODE_RAW_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1166:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, TRAILING_LINES_MODE_LAST_KEY, strlen (TRAILING_LINES_MODE_LAST_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1170:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, TRAILING_LINES_MODE_RASTER_KEY, strlen (TRAILING_LINES_MODE_RASTER_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1174:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, TRAILING_LINES_MODE_BLACK_KEY, strlen (TRAILING_LINES_MODE_BLACK_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1178:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, TRAILING_LINES_MODE_WHITE_KEY, strlen (TRAILING_LINES_MODE_WHITE_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1182:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (value, TRAILING_LINES_MODE_COLOR_KEY, strlen (TRAILING_LINES_MODE_COLOR_KEY));
data/sane-backends-1.0.31/backend/hp5590.c:1553:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100 * 1000);
data/sane-backends-1.0.31/backend/hp5590_cmds.c:1091:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100 * 1000);
data/sane-backends-1.0.31/backend/hpljm1005.c:252:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/hpljm1005.c:509:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name))
data/sane-backends-1.0.31/backend/hpsj5s.c:523:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:708:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:722:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:740:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:749:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:771:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:777:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:978:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10);
data/sane-backends-1.0.31/backend/hpsj5s.c:997:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1011:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (5);
data/sane-backends-1.0.31/backend/hpsj5s.c:1030:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1039:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1152:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1209:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/hpsj5s.c:1219:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1237:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/hpsj5s.c:1256:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/sane-backends-1.0.31/backend/hpsj5s.c:1430:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1432:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1434:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1436:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1448:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1460:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1463:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1465:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1467:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1);
data/sane-backends-1.0.31/backend/hpsj5s.c:1470:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (2);
data/sane-backends-1.0.31/backend/hpsj5s.c:1524:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(scanner_path) == 0)
data/sane-backends-1.0.31/backend/hs2p-scsi.c:472:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (print_sense + strlen (print_sense), "%02x ", sense_buffer[i]);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1250:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/sane-backends-1.0.31/backend/hs2p-scsi.c:1808:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/hs2p.c:142:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/hs2p.c:167:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (device, hw->model, strlen (hw->model)) == 0)
data/sane-backends-1.0.31/backend/hs2p.c:1481:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (s))
data/sane-backends-1.0.31/backend/ibm-scsi.c:388:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/ibm-scsi.c:436:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/ibm.c:96:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/ibm.c:567:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/kodak-cmd.h:136:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_I_vendor(in, buf) strncpy(buf,(char *)in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/kodak-cmd.h:137:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_I_product(in, buf) strncpy(buf,(char *)in + 0x10, 0x10)
data/sane-backends-1.0.31/backend/kodak-cmd.h:138:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_I_version(in, buf) strncpy(buf,(char *)in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/kodak-cmd.h:139:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_I_build(in, buf) strncpy(buf,(char *)in + 0x24, 0x02)
data/sane-backends-1.0.31/backend/kodak.c:2171:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/sane-backends-1.0.31/backend/kodak.c:2853:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/kodakaio.c:657:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(strings[i]) + 1;
data/sane-backends-1.0.31/backend/kodakaio.c:719:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/kodakaio.c:722:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < wanted) {
data/sane-backends-1.0.31/backend/kodakaio.c:723:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG(50, "reading: read %lu, wanted %lu\n",read, wanted);
data/sane-backends-1.0.31/backend/kodakaio.c:724:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = sanei_tcp_read(s->fd, buf + read, wanted - read);
data/sane-backends-1.0.31/backend/kodakaio.c:724:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = sanei_tcp_read(s->fd, buf + read, wanted - read);
data/sane-backends-1.0.31/backend/kodakaio.c:735:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG(32, "net read %lu bytes:%x,%x,%x,%x,%x,%x,%x,%x\n",(unsigned long)read,buf[0],buf[1],buf[2],buf[3],buf[4],buf[5],buf[6],buf[7]);
data/sane-backends-1.0.31/backend/kodakaio.c:737:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/kodakaio.c:741:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/kodakaio.c:810:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (msg, " ");
data/sane-backends-1.0.31/backend/kodakaio.c:1494:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k_set_model (s, dev->cap->model, strlen (dev->cap->model));
data/sane-backends-1.0.31/backend/kodakaio.c:2010:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (IP, device, len);
data/sane-backends-1.0.31/backend/kodakaio.c:2521:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(line);
data/sane-backends-1.0.31/backend/kodakaio.c:2939:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(name);
data/sane-backends-1.0.31/backend/kodakaio.c:3455:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(RawScanPath) > 0 && s->params.lines > 0)
data/sane-backends-1.0.31/backend/kvs1025_opt.c:355:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/kvs20xx.c:397:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read, mx;
data/sane-backends-1.0.31/backend/kvs20xx.c:411:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (mx = s->side_size * 2; !st; mx -= read, side ^= SIDE_BACK)
data/sane-backends-1.0.31/backend/kvs20xx.c:414:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read);
data/sane-backends-1.0.31/backend/kvs20xx.c:418:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read, mx;
data/sane-backends-1.0.31/backend/kvs20xx.c:425:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (mx = s->side_size; !st; mx -= read)
data/sane-backends-1.0.31/backend/kvs20xx.c:427:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&s->data[s->side_size - mx], mx, &read);
data/sane-backends-1.0.31/backend/kvs20xx.c:480:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i = 0, data = s->data + s->read * 2 + a;
data/sane-backends-1.0.31/backend/kvs20xx.c:488:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned head = ls - (s->read % ls);
data/sane-backends-1.0.31/backend/kvs20xx.c:491:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u8 *data = s->data + (s->read / ls) * ls * 2 + i + s->read % ls;
data/sane-backends-1.0.31/backend/kvs20xx.c:491:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u8 *data = s->data + (s->read / ls) * ls * 2 + i + s->read % ls;
data/sane-backends-1.0.31/backend/kvs20xx.c:510:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u8 *data = s->data + s->read;
data/sane-backends-1.0.31/backend/kvs20xx.c:517:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy (buf, s->data + s->read, *len);
data/sane-backends-1.0.31/backend/kvs20xx.h:106:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read;
data/sane-backends-1.0.31/backend/kvs20xx_opt.c:36:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/kvs40xx.c:455:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read, side;
data/sane-backends-1.0.31/backend/kvs40xx.c:483:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read);
data/sane-backends-1.0.31/backend/kvs40xx.c:484:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b->mx -= read;
data/sane-backends-1.0.31/backend/kvs40xx.c:511:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read, mx;
data/sane-backends-1.0.31/backend/kvs40xx.c:515:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(!st || st == INCORRECT_LENGTH); mx -= read) {
data/sane-backends-1.0.31/backend/kvs40xx.c:519:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read);
data/sane-backends-1.0.31/backend/kvs40xx.c:678:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->read) {
data/sane-backends-1.0.31/backend/kvs40xx.c:681:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(SANE_Int) s->read ? max_len : (SANE_Int) s->read;
data/sane-backends-1.0.31/backend/kvs40xx.c:681:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(SANE_Int) s->read ? max_len : (SANE_Int) s->read;
data/sane-backends-1.0.31/backend/kvs40xx.c:682:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy(buf, s->data + BUF_SIZE - s->read, *len);
data/sane-backends-1.0.31/backend/kvs40xx.c:685:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!s->read)
data/sane-backends-1.0.31/backend/kvs40xx.c:700:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!s->read)
data/sane-backends-1.0.31/backend/kvs40xx.h:142:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned read;
data/sane-backends-1.0.31/backend/kvs40xx_opt.c:79:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/leo.c:194:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
asc_ptr += sprintf (asc_ptr, ".");
data/sane-backends-1.0.31/backend/leo.c:211:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/leo.c:1017:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* sleep 1/10th of second */
data/sane-backends-1.0.31/backend/leo.c:1328:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/lexmark.c:492:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/lexmark_low.c:1000:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/lexmark_low.c:1042:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t size, read, needed;
data/sane-backends-1.0.31/backend/lexmark_low.c:1106:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rts88xx_read_data (dev->devnum, needed - read, (*data) + read, &size);
data/sane-backends-1.0.31/backend/lexmark_low.c:1106:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rts88xx_read_data (dev->devnum, needed - read, (*data) + read, &size);
data/sane-backends-1.0.31/backend/lexmark_low.c:1111:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < needed);
data/sane-backends-1.0.31/backend/lexmark_low.c:1124:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/ma1509.c:471:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/magicolor.c:206:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(strings[i]) + 1;
data/sane-backends-1.0.31/backend/magicolor.c:256:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/magicolor.c:259:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < wanted) {
data/sane-backends-1.0.31/backend/magicolor.c:260:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = sanei_tcp_read(s->fd, buf + read, wanted - read);
data/sane-backends-1.0.31/backend/magicolor.c:260:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = sanei_tcp_read(s->fd, buf + read, wanted - read);
data/sane-backends-1.0.31/backend/magicolor.c:268:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < wanted)
data/sane-backends-1.0.31/backend/magicolor.c:271:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/magicolor.c:315:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/sane-backends-1.0.31/backend/magicolor.c:328:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 3)
data/sane-backends-1.0.31/backend/magicolor.c:352:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 3)
data/sane-backends-1.0.31/backend/magicolor.c:424:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (msg, " ");
data/sane-backends-1.0.31/backend/magicolor.c:1104:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mc_set_model (s, dev->cap->model, strlen (dev->cap->model));
data/sane-backends-1.0.31/backend/magicolor.c:1596:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (IP, device, len);
data/sane-backends-1.0.31/backend/magicolor.c:2004:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session.community_len = strlen ((char *)session.community);
data/sane-backends-1.0.31/backend/magicolor.c:2165:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(line);
data/sane-backends-1.0.31/backend/magicolor.c:2522:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(name);
data/sane-backends-1.0.31/backend/matsushita.c:521:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/matsushita.c:1741:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/microtek.c:173:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(_mdebug_string);
data/sane-backends-1.0.31/backend/microtek.c:199:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(strings[i]) + 1;
data/sane-backends-1.0.31/backend/microtek.c:1506:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mi->vendor_id, (char *)&result[8], 8);
data/sane-backends-1.0.31/backend/microtek.c:1507:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mi->model_name, (char *)&result[16], 16);
data/sane-backends-1.0.31/backend/microtek.c:1508:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mi->revision_num, (char *)&result[32], 4);
data/sane-backends-1.0.31/backend/microtek.c:1509:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mi->vendor_string, (char *)&result[36], 20);
data/sane-backends-1.0.31/backend/microtek.c:1951:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vendor_id, (char *)&result[8], 8);
data/sane-backends-1.0.31/backend/microtek.c:1952:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model_name, (char *)&result[16], 16);
data/sane-backends-1.0.31/backend/microtek.c:1953:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(revision_num, (char *)&result[32], 4);
data/sane-backends-1.0.31/backend/microtek.c:3095:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/microtek2.c:625:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(ms->fd[0], (void *) buf, (int) maxlen);
data/sane-backends-1.0.31/backend/microtek2.c:700:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hdev);
data/sane-backends-1.0.31/backend/microtek2.c:740:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(md->name, hdev, PATH_MAX - 1);
data/sane-backends-1.0.31/backend/microtek2.c:1526:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(passwd + strlen(passwd) - 1) = '\0';
data/sane-backends-1.0.31/backend/microtek2.c:1574:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(outbuf, " ");
data/sane-backends-1.0.31/backend/microtek2.c:1590:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(outbuf, " ");
data/sane-backends-1.0.31/backend/microtek2.c:1885:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(strings[i]) + 1; /* +1 because NUL counts as part of string */
data/sane-backends-1.0.31/backend/microtek2.h:135:33: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define INQ_GET_VENDOR(d,s) strncpy(d, &(s)[8], INQ_VENDOR_L); \
data/sane-backends-1.0.31/backend/microtek2.h:138:33: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define INQ_GET_MODEL(d,s) strncpy(d, &(s)[16], INQ_MODEL_L); \
data/sane-backends-1.0.31/backend/microtek2.h:141:33: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define INQ_GET_REV(d,s) strncpy(d, &(s)[32], INQ_REV_L); \
data/sane-backends-1.0.31/backend/mustek.c:314:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/mustek.c:350:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/mustek.c:391:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/mustek.c:431:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000); /* retry after 500ms */
data/sane-backends-1.0.31/backend/mustek.c:463:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/mustek.c:489:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/mustek.c:1003:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((SANE_String) scsi_vendor, (SANE_String) result + 8, 8);
data/sane-backends-1.0.31/backend/mustek.c:1008:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((SANE_String) scsi_product, (SANE_String) result + 16, 16);
data/sane-backends-1.0.31/backend/mustek.c:1013:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ((SANE_String) scsi_revision, (SANE_String) result + 32, 4);
data/sane-backends-1.0.31/backend/mustek.c:1716:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/mustek.c:3270:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/mustek.c:5139:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (200000);
data/sane-backends-1.0.31/backend/mustek.c:6644:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->pipe, buf + *len, max_len - *len);
data/sane-backends-1.0.31/backend/mustek_pp.c:284:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hndl->dev->func->read (hndl, buffer);
data/sane-backends-1.0.31/backend/mustek_pp.c:1774:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(hndl->pipe, buf + *len, max_len - *len);
data/sane-backends-1.0.31/backend/mustek_pp.h:126:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void (*read)(SANE_Handle hndl, SANE_Byte *buffer);
data/sane-backends-1.0.31/backend/mustek_pp_ccd300.c:152:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1); /* could be as well sched_yield */
data/sane-backends-1.0.31/backend/mustek_pp_ccd300.c:1251:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000); /* much nicer load */
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:219:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cis_indent = cis_indent_start + strlen(cis_indent_start);\
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:493:19: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (period) usleep(period);
data/sane-backends-1.0.31/backend/mustek_pp_cis.c:823:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10); /* for a little nicer load */
data/sane-backends-1.0.31/backend/mustek_usb.c:118:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/mustek_usb2.c:185:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/mustek_usb2_asic.c:301:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (20000);
data/sane-backends-1.0.31/backend/mustek_usb2_asic.c:487:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (20000);
data/sane-backends-1.0.31/backend/mustek_usb2_asic.c:3512:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (50000);
data/sane-backends-1.0.31/backend/mustek_usb2_asic.c:3758:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/mustek_usb2_asic.c:4366:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100 * 1000);
data/sane-backends-1.0.31/backend/mustek_usb2_asic.c:4821:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (300000);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:665:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1205:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1477:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1526:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_reflective.c:1533:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:701:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1195:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1360:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1379:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb2_transparent.c:1386:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (lpBuf, sizeof (SANE_Byte), strlen (lpBuf), stream);
data/sane-backends-1.0.31/backend/mustek_usb_high.c:1051:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (18 * 1000);
data/sane-backends-1.0.31/backend/mustek_usb_high.c:2325:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (step_count * 2 * 1000);
data/sane-backends-1.0.31/backend/mustek_usb_high.c:2740:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100 * 1000);
data/sane-backends-1.0.31/backend/nec.c:869:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10); /* could perhaps be longer. make this user configurable?? */
data/sane-backends-1.0.31/backend/nec.c:952:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/nec.c:1367:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (value);
data/sane-backends-1.0.31/backend/nec.c:1374:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& len <= strlen (string_list[i]))
data/sane-backends-1.0.31/backend/nec.c:1377:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen (string_list[i]))
data/sane-backends-1.0.31/backend/nec.c:1804:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/sane-backends-1.0.31/backend/nec.c:2012:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line)-1] == '\n')
data/sane-backends-1.0.31/backend/nec.c:2013:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = 0;
data/sane-backends-1.0.31/backend/nec.c:2039:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line)-1] == '\n')
data/sane-backends-1.0.31/backend/nec.c:2040:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = 0;
data/sane-backends-1.0.31/backend/net.c:483:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dev->wire.io.read = read;
data/sane-backends-1.0.31/backend/net.c:652:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
net_resource = malloc (strlen (resource) + 6 + strlen (dev->name));
data/sane-backends-1.0.31/backend/net.c:652:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
net_resource = malloc (strlen (resource) + 6 + strlen (dev->name));
data/sane-backends-1.0.31/backend/net.c:1016:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (device_name);
data/sane-backends-1.0.31/backend/net.c:1079:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host[strlen (host)] = ':';
data/sane-backends-1.0.31/backend/net.c:1291:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev->name) + 1 + strlen (reply.device_list[i]->name);
data/sane-backends-1.0.31/backend/net.c:1291:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev->name) + 1 + strlen (reply.device_list[i]->name);
data/sane-backends-1.0.31/backend/net.c:1316:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (full_name, "[");
data/sane-backends-1.0.31/backend/net.c:1323:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (full_name, "]");
data/sane-backends-1.0.31/backend/net.c:1326:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (full_name, ":");
data/sane-backends-1.0.31/backend/net.c:1481:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd_name = alloca (strlen (full_name) - 2 + 1);
data/sane-backends-1.0.31/backend/net.c:1487:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (nd_name, full_name + 1, strlen (full_name) - 2);
data/sane-backends-1.0.31/backend/net.c:1488:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd_name[strlen (full_name) - 2] = '\0';
data/sane-backends-1.0.31/backend/net.c:1757:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (((SANE_Int) strlen ((SANE_String) value) + 1)
data/sane-backends-1.0.31/backend/net.c:1759:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_size = strlen ((SANE_String) value) + 1;
data/sane-backends-1.0.31/backend/net.c:2177:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->data, s->reclen_buf + s->reclen_buf_offset,
data/sane-backends-1.0.31/backend/net.c:2220:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (s->data, &ch, sizeof (ch)) != 1)
data/sane-backends-1.0.31/backend/net.c:2235:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->data, data, max_length);
data/sane-backends-1.0.31/backend/niash.c:557:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/niash.c:907:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) == 0)
data/sane-backends-1.0.31/backend/niash.c:1138:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (szTable + strlen(szTable), " %04X", pi[i]);
data/sane-backends-1.0.31/backend/niash.c:1141:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (szTable))
data/sane-backends-1.0.31/backend/p5.c:126:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/p5.c:337:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == 0 || strncmp (name, "p5", strlen ("p5")) == 0)
data/sane-backends-1.0.31/backend/p5.c:1199:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/p5_device.c:89:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, &val, 1);
data/sane-backends-1.0.31/backend/p5_device.c:204:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, data + nb, length - nb);
data/sane-backends-1.0.31/backend/p5_device.c:875:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t counter, read, cnt;
data/sane-backends-1.0.31/backend/p5_device.c:928:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy (data + read * length, inbuffer + 1, length);
data/sane-backends-1.0.31/backend/p5_device.c:936:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor] = inbuffer[i + 1];
data/sane-backends-1.0.31/backend/p5_device.c:937:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor + 1] = inbuffer[i + 2];
data/sane-backends-1.0.31/backend/p5_device.c:938:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor + 2] = inbuffer[i + 3];
data/sane-backends-1.0.31/backend/p5_device.c:939:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor + 3] = inbuffer[i + 1];
data/sane-backends-1.0.31/backend/p5_device.c:940:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor + 4] = inbuffer[i + 2];
data/sane-backends-1.0.31/backend/p5_device.c:941:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor + 5] = inbuffer[i + 3];
data/sane-backends-1.0.31/backend/p5_device.c:948:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor] = inbuffer[i + 1];
data/sane-backends-1.0.31/backend/p5_device.c:949:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data[read * length + i * factor + 1] = inbuffer[i + 1];
data/sane-backends-1.0.31/backend/p5_device.c:961:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read >= ltr)
data/sane-backends-1.0.31/backend/p5_device.c:963:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG (DBG_io, "read_line returning %d lines\n", read);
data/sane-backends-1.0.31/backend/p5_device.c:964:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/p5_device.c:974:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG (DBG_io, "read_line returning %d lines\n", read);
data/sane-backends-1.0.31/backend/p5_device.c:975:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/p5_device.c:1046:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int skip, done, read, count;
data/sane-backends-1.0.31/backend/p5_device.c:1092:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
done += read;
data/sane-backends-1.0.31/backend/p5_device.c:1425:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int i, j, k, dpi, pixels, read, black, white;
data/sane-backends-1.0.31/backend/p5_device.c:1516:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (j = 0; j < pixels * 3 && read > CALIBRATION_SKIP_LINES;
data/sane-backends-1.0.31/backend/pie-scsidef.h:194:40: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_vendor(in, buf) strncpy(buf, in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/pie-scsidef.h:195:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_product(in, buf) strncpy(buf, in + 0x10, 0x010)
data/sane-backends-1.0.31/backend/pie-scsidef.h:196:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_version(in, buf) strncpy(buf, in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/pie.c:901:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp (vendor, scanner_str[2 * i], strlen (scanner_str[2 * i])))
data/sane-backends-1.0.31/backend/pie.c:905:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (scanner_str[2 * i + 1])))
data/sane-backends-1.0.31/backend/pie.c:1245:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/pie.c:2071:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (DOWNLOAD_GAMMA_WAIT_TIME);
data/sane-backends-1.0.31/backend/pie.c:2331:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (SCAN_WARMUP_WAIT_TIME);
data/sane-backends-1.0.31/backend/pie.c:2336:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (SCAN_WAIT_TIME);
data/sane-backends-1.0.31/backend/pie.c:2374:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (TUR_WAIT_TIME);
data/sane-backends-1.0.31/backend/pie.c:2960:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/pie.c:3738:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (scanner->pipe, buf, max_len);
data/sane-backends-1.0.31/backend/pieusb.c:220:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (config_line) == 0) continue;
data/sane-backends-1.0.31/backend/pieusb_specific.c:1186:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/pieusb_usb.c:387:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = desc + strlen(desc);
data/sane-backends-1.0.31/backend/pieusb_usb.c:479:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(3000); /* 3.000 usec -> 3 msec */
data/sane-backends-1.0.31/backend/pint.c:92:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/pint.c:555:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read (s->fd, buf, gobble_up_buf_len) > 0)
data/sane-backends-1.0.31/backend/pint.c:592:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/pint.c:959:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->fd, buf, max_len);
data/sane-backends-1.0.31/backend/pixma/pixma.c:627:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (opt->val.s, str, opt->sod.size - 1);
data/sane-backends-1.0.31/backend/pixma/pixma.c:1309:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read (mgr->s->rpipe, mgr->buffer, 1024);
data/sane-backends-1.0.31/backend/pixma/pixma.c:1569:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read (ss->rpipe, buf, size);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:154:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((match[strlen(cfg->model)] == ' ') ||
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:155:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(match[strlen(cfg->model)] == '\0') ||
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:156:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(match[strlen(cfg->model)] == '-'))
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:345:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s, scanner_id, BJNP_IEEE1284_MAX);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:354:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (tok, "MDL:", strlen("MDL:")) == 0)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:356:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
model_str = tok + strlen("MDL:");
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:357:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (model, model_str, BJNP_MODEL_MAX);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:451:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (copy) >= SERIAL_MAX)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:461:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(copy) >= SERIAL_MAX)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:478:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (copy, devname, 1024);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:548:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(port, "");
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:561:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(start) == 0) || (strlen(start) >= BJNP_PORT_MAX ) )
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:561:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(start) == 0) || (strlen(start) >= BJNP_PORT_MAX ) )
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:576:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(start);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:584:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (args, "");
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:782:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(scanner_id, id->payload.bjnp.id, id_len);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:788:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(scanner_id, id->payload.mfnp.id, id_len);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1716:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(BJNP_TCP_CONNECT_INTERVAL * BJNP_USLEEP_MS);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1762:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (args) > 0)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1766:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(args, "timeout=", strlen("timeout=")) == 0)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1768:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ip_timeout = atoi(args + strlen("timeout="));
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:1786:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(port) == 0)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2073:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(conf_devices[i], "bjnp-timeout=", strlen("bjnp-timeout="))== 0)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2075:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timeout_default = atoi(conf_devices[i] + strlen("bjnp-timeout=") );
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2079:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(conf_devices[i], "auto_detection=no", strlen("auto_detection=no"))== 0)
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2206:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (BJNP_BROADCAST_INTERVAL * BJNP_USLEEP_MS);
data/sane-backends-1.0.31/backend/pixma/pixma_bjnp.c:2247:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bjnp_id, disc_resp-> response.BJNP_id, 4);
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:321:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (usec);
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:814:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->id, pixma_get_device_id (devnr), sizeof (s->id) - 1);
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:1270:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlReadMemory(xml_message, strlen(xml_message), "mem:device-resp.xml", NULL, 0);
data/sane-backends-1.0.31/backend/pixma/pixma_common.c:1325:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((const char*)content) > 0) {
data/sane-backends-1.0.31/backend/pixma/pixma_mp150.c:452:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = pixma_cmd_transaction (s, xml_message, strlen (xml_message),
data/sane-backends-1.0.31/backend/pixma/pixma_mp800.c:284:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = pixma_cmd_transaction (s, xml_message, strlen (xml_message),
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:269:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1;
data/sane-backends-1.0.31/backend/plustek-pp_procfs.c:282:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ent->namelen = strlen(name);
data/sane-backends-1.0.31/backend/plustek-pp_ptdrv.c:276:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read: pt_drv_read,
data/sane-backends-1.0.31/backend/plustek-pp_wrapper.c:358:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read( dev->fd, buf, data_length );
data/sane-backends-1.0.31/backend/plustek-usb.c:137:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( fname ) >= max_len )
data/sane-backends-1.0.31/backend/plustek-usb.c:389:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( tmp, dev->usbId, 13 );
data/sane-backends-1.0.31/backend/plustek-usb.c:482:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(DevList) + strlen(dev_name) + 1;
data/sane-backends-1.0.31/backend/plustek-usb.c:764:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( devStr, dev->usbId, lc );
data/sane-backends-1.0.31/backend/plustek-usb.c:773:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lc = strlen(devStr);
data/sane-backends-1.0.31/backend/plustek-usb.c:1186:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 10 * 1000 );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:122:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( 0 == strncmp( tmp, id, strlen(id))) {
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:124:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = &tmp[strlen(id)];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:129:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res[strlen(res)-1] = '\0';
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:181:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0 != strncmp(tmp, except, strlen(except))) {
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:183:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( tmp ) > 0 ) {
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:185:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(tmp);
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:233:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(0 == strncmp(tmp, which, strlen(which))) {
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:236:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diml = strtol(&tmp[strlen(which)], NULL, 10);
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:237:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strchr( &tmp[strlen(which)], ':' );
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:280:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb = &tmp[strlen(tmp)];
data/sane-backends-1.0.31/backend/plustek-usbcalfile.c:563:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( set_tmp ))
data/sane-backends-1.0.31/backend/plustek-usbhw.c:334:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100* 1000);
data/sane-backends-1.0.31/backend/plustek-usbhw.c:399:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1000 );
data/sane-backends-1.0.31/backend/plustek-usbhw.c:427:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 150 * 1000 );
data/sane-backends-1.0.31/backend/plustek-usbhw.c:709:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200*1000);
data/sane-backends-1.0.31/backend/plustek-usbhw.c:816:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/sane-backends-1.0.31/backend/plustek-usbhw.c:885:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10 * 1000);
data/sane-backends-1.0.31/backend/plustek-usbio.c:198:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buf, " ");
data/sane-backends-1.0.31/backend/plustek-usbio.c:227:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buf, " ");
data/sane-backends-1.0.31/backend/plustek-usbscan.c:1282:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200 * 1000); /* Need to delay at least xxx microseconds */
data/sane-backends-1.0.31/backend/plustek-usbscan.c:1318:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/sane-backends-1.0.31/backend/plustek-usbscan.c:1480:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000*(30 * regs[0x08] * dev->usbDev.Caps.OpticDpi.x / 600));
data/sane-backends-1.0.31/backend/plustek-usbscan.c:1482:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000*(20 * regs[0x08] * dev->usbDev.Caps.OpticDpi.x / 600));
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1667:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500 * 1000); /* Warm up lamp again */
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1939:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(900000);
data/sane-backends-1.0.31/backend/plustek-usbshading.c:1947:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/sane-backends-1.0.31/backend/plustek-usbshading.c:2972:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1500 );
data/sane-backends-1.0.31/backend/plustek.c:378:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/plustek.c:1124:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(_SECTION);
data/sane-backends-1.0.31/backend/plustek.c:1127:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( tmp, &src[len+1], (strlen(src)-(len+1)));
data/sane-backends-1.0.31/backend/plustek.c:1127:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy( tmp, &src[len+1], (strlen(src)-(len+1)));
data/sane-backends-1.0.31/backend/plustek.c:1128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[(strlen(src)-(len+1))] = '\0';
data/sane-backends-1.0.31/backend/plustek.c:1184:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char*)&src[strlen("option")];
data/sane-backends-1.0.31/backend/plustek.c:1253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char*)&src[strlen("device")];
data/sane-backends-1.0.31/backend/plustek.c:1315:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dev->usbId, cnf->usbId, _MAX_ID_LEN );
data/sane-backends-1.0.31/backend/plustek.c:1485:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sane-backends-1.0.31/backend/plustek.c:1552:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if( 0 == strncmp( str, _SECTION, strlen(_SECTION))) {
data/sane-backends-1.0.31/backend/plustek.c:2673:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read( s->r_pipe, buf, sizeof(ipc));
data/sane-backends-1.0.31/backend/plustek.c:2696:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read( s->r_pipe, data, max_length );
data/sane-backends-1.0.31/backend/plustek_pp.c:883:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char*)&src[strlen("option")];
data/sane-backends-1.0.31/backend/plustek_pp.c:952:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char*)&src[strlen("device")];
data/sane-backends-1.0.31/backend/plustek_pp.c:1186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sane-backends-1.0.31/backend/plustek_pp.c:2073:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read( s->r_pipe, data, max_length );
data/sane-backends-1.0.31/backend/pnm.c:706:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (value) + 1) > sizeof (filename))
data/sane-backends-1.0.31/backend/qcam.c:862:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (in_fd, &req, sizeof (req)) != sizeof (req))
data/sane-backends-1.0.31/backend/qcam.c:913:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (3);
data/sane-backends-1.0.31/backend/qcam.c:970:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (3);
data/sane-backends-1.0.31/backend/qcam.c:972:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (3);
data/sane-backends-1.0.31/backend/qcam.c:1207:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/qcam.c:1479:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/qcam.c:1959:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/qcam.c:1976:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/qcam.c:2136:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->read_fd, buf, len);
data/sane-backends-1.0.31/backend/qcam.c:2204:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (s->from_child, buf, 1);
data/sane-backends-1.0.31/backend/qcam.c:2212:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nread = read (s->from_child, buf, sizeof (buf))) > 0);
data/sane-backends-1.0.31/backend/qcam.c:2213:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/qcam.c:2214:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->from_child, buf, sizeof (buf));
data/sane-backends-1.0.31/backend/ricoh-scsi.c:362:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/ricoh-scsi.c:410:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/ricoh.c:93:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/ricoh.c:514:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/rts8891.c:207:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/rts8891.c:1790:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (dev->to_read - dev->read < data_size)
data/sane-backends-1.0.31/backend/rts8891.c:1791:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data_size = dev->to_read - dev->read;
data/sane-backends-1.0.31/backend/rts8891.c:1815:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (dev->to_read - dev->read < data_size)
data/sane-backends-1.0.31/backend/rts8891.c:1816:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data_size = dev->to_read - dev->read;
data/sane-backends-1.0.31/backend/rts8891.c:2119:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (dev->read < dev->to_read)
data/sane-backends-1.0.31/backend/rts8891.c:2122:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/rts8891.c:4144:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (message + strlen (message), "0x%02x ", dev->regs[i]);
data/sane-backends-1.0.31/backend/rts8891.c:4578:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (message + strlen (message), "0x%02x ", dev->regs[i]);
data/sane-backends-1.0.31/backend/rts8891.c:4579:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (message + strlen (message), "\n");
data/sane-backends-1.0.31/backend/rts8891.c:4579:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (message + strlen (message), "\n");
data/sane-backends-1.0.31/backend/rts8891_low.c:210:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SANE_Word count, read, len, dummy;
data/sane-backends-1.0.31/backend/rts8891_low.c:240:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((read < total) && (count != 0 || (control & 0x08) == 0x08))
data/sane-backends-1.0.31/backend/rts8891_low.c:260:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_rts88xx_read_data (devnum, &len, image + read);
data/sane-backends-1.0.31/backend/rts8891_low.c:272:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < total)
data/sane-backends-1.0.31/backend/rts8891_low.c:287:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < total)
data/sane-backends-1.0.31/backend/rts8891_low.c:290:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total - read);
data/sane-backends-1.0.31/backend/rts8891_low.c:629:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SANE_Int count, read, len, dummy;
data/sane-backends-1.0.31/backend/rts8891_low.c:702:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < length && dev->read < dev->to_read
data/sane-backends-1.0.31/backend/rts8891_low.c:702:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < length && dev->read < dev->to_read
data/sane-backends-1.0.31/backend/rts8891_low.c:733:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (len > length - read)
data/sane-backends-1.0.31/backend/rts8891_low.c:735:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = length - read;
data/sane-backends-1.0.31/backend/rts8891_low.c:738:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_rts88xx_read_data (dev->devnum, &len, dest + read);
data/sane-backends-1.0.31/backend/rts8891_low.c:765:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite (dest + read, 1, len, raw);
data/sane-backends-1.0.31/backend/rts8891_low.c:772:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG (DBG_io2, "read_data: %d/%d\n", dev->read, dev->to_read);
data/sane-backends-1.0.31/backend/rts8891_low.c:785:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (count == 0 && dev->read < dev->to_read)
data/sane-backends-1.0.31/backend/rts8891_low.c:798:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (dev->read >= dev->to_read)
data/sane-backends-1.0.31/backend/rts8891_low.h:246:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SANE_Int read;
data/sane-backends-1.0.31/backend/rts88xx_lib.c:531:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t size, read, want;
data/sane-backends-1.0.31/backend/rts88xx_lib.c:557:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_usb_read_bulk (devnum, value + read, &size);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:813:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t size, len, remain, read;
data/sane-backends-1.0.31/backend/rts88xx_lib.c:836:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (len - read > 64)
data/sane-backends-1.0.31/backend/rts88xx_lib.c:838:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = (len - read) & 0xFFC0;
data/sane-backends-1.0.31/backend/rts88xx_lib.c:839:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_usb_read_bulk (devnum, dest + read, &size);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:851:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
remain = len - read;
data/sane-backends-1.0.31/backend/rts88xx_lib.c:854:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = sanei_usb_read_bulk (devnum, dest + read, &remain);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:867:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(u_long) read, *length);
data/sane-backends-1.0.31/backend/rts88xx_lib.c:868:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*length = read;
data/sane-backends-1.0.31/backend/s9036.c:107:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/s9036.c:229:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (left * 5000);
data/sane-backends-1.0.31/backend/s9036.c:851:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/sceptre.c:1345:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/sharp.c:957:15: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/sane-backends-1.0.31/backend/sharp.c:1093:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10); /* could perhaps be longer. make this user configurable?? */
data/sane-backends-1.0.31/backend/sharp.c:1160:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/sane-backends-1.0.31/backend/sharp.c:1187:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/sharp.c:1728:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (value);
data/sane-backends-1.0.31/backend/sharp.c:1735:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& len <= strlen (string_list[i]))
data/sane-backends-1.0.31/backend/sharp.c:1738:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen (string_list[i]))
data/sane-backends-1.0.31/backend/sharp.c:2246:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/sane-backends-1.0.31/backend/sharp.c:2515:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line)-1] == '\n')
data/sane-backends-1.0.31/backend/sharp.c:2516:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = 0;
data/sane-backends-1.0.31/backend/sharp.c:2546:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line)-1] == '\n')
data/sane-backends-1.0.31/backend/sharp.c:2547:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = 0;
data/sane-backends-1.0.31/backend/sm3600-homerun.c:490:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/sane-backends-1.0.31/backend/sm3600-homerun.c:496:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/sane-backends-1.0.31/backend/sm3600-scanmtek.c:196:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50);
data/sane-backends-1.0.31/backend/sm3600-scanmtek.c:222:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50);
data/sane-backends-1.0.31/backend/sm3600-scanutil.c:200:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200);
data/sane-backends-1.0.31/backend/sm3840.c:648:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/snapscan-scsi.c:349:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (position = strlen (s);
data/sane-backends-1.0.31/backend/snapscan-scsi.c:431:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str,"\n");
data/sane-backends-1.0.31/backend/snapscan-sources.c:255:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SANE_Int bytes_read = read (ps->fd, pbuf, remaining);
data/sane-backends-1.0.31/backend/snapscan-usb.c:266:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str,"\n");
data/sane-backends-1.0.31/backend/snapscan.c:283:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/snapscan.c:739:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/snapscan.c:744:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(dev_name, FIRMWARE_KW, strlen(FIRMWARE_KW)) == 0) {
data/sane-backends-1.0.31/backend/snapscan.c:746:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sanei_config_get_string(dev_name + strlen(FIRMWARE_KW), &default_firmware_filename);
data/sane-backends-1.0.31/backend/snapscan.c:752:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncasecmp(dev_name, OPTIONS_KW, strlen(OPTIONS_KW)) == 0)
data/sane-backends-1.0.31/backend/snapscan.c:858:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) == 0) && (first_device != NULL))
data/sane-backends-1.0.31/backend/sp15c-scsi.h:215:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_vendor(in, buf) strncpy(buf, in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/sp15c-scsi.h:216:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_product(in, buf) strncpy(buf, in + 0x10, 0x010)
data/sane-backends-1.0.31/backend/sp15c-scsi.h:217:44: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_IN_version(in, buf) strncpy(buf, in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/sp15c.c:303:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/sp15c.c:932:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (scanner->pipe, buf, max_len);
data/sane-backends-1.0.31/backend/sp15c.c:1317:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->vendor, vendor, 9);
data/sane-backends-1.0.31/backend/sp15c.c:1318:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->product, product, 17);
data/sane-backends-1.0.31/backend/sp15c.c:1319:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s->version, version, 5);
data/sane-backends-1.0.31/backend/sp15c.c:1672:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (50000); /* wait 0.05 seconds */
data/sane-backends-1.0.31/backend/sp15c.c:1938:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/sp15c.c:2039:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (50000);
data/sane-backends-1.0.31/backend/st400.c:179:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sane-backends-1.0.31/backend/st400.c:221:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc (strlen (home) + sizeof (basename) + 1);
data/sane-backends-1.0.31/backend/st400.c:288:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(SLEEPTIME); /* retry after 100ms */
data/sane-backends-1.0.31/backend/st400.c:700:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sane-backends-1.0.31/backend/st400.c:1166:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(st400_light_delay * 100000); /* 1/10 seconds */
data/sane-backends-1.0.31/backend/stubs.c:58:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ENTRY(read) (h, buf, maxlen, lenp);
data/sane-backends-1.0.31/backend/stv680.c:198:19: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
asc_ptr += sprintf (asc_ptr, ".");
data/sane-backends-1.0.31/backend/stv680.c:237:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/stv680.c:853:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000); /* delay time needed */
data/sane-backends-1.0.31/backend/stv680.c:1159:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (3000);
data/sane-backends-1.0.31/backend/stv680.c:1215:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (txt) > (MSG_MAXLEN - 23))
data/sane-backends-1.0.31/backend/stv680.c:1216:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (fmttxt, txt, (MSG_MAXLEN - 23));
data/sane-backends-1.0.31/backend/stv680.c:1562:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/backend/tamarack.c:171:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* retry after 100ms */
data/sane-backends-1.0.31/backend/tamarack.c:305:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/tamarack.c:515:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/tamarack.c:933:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/tamarack.c:1417:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (s->pipe, buf, max_len);
data/sane-backends-1.0.31/backend/teco1.c:267:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
asc_ptr += sprintf (asc_ptr, ".");
data/sane-backends-1.0.31/backend/teco1.c:284:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/teco1.c:1312:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* sleep 1/10th of second */
data/sane-backends-1.0.31/backend/teco1.c:1506:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/teco2.c:473:19: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
asc_ptr += sprintf (asc_ptr, ".");
data/sane-backends-1.0.31/backend/teco2.c:513:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/teco2.c:1058:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s2 = read (fd, image_buf, s1);
data/sane-backends-1.0.31/backend/teco2.c:2549:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/teco3.c:207:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
asc_ptr += sprintf (asc_ptr, ".");
data/sane-backends-1.0.31/backend/teco3.c:224:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/teco3.c:1336:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000); /* sleep 1/10th of second */
data/sane-backends-1.0.31/backend/teco3.c:1528:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/test.c:221:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i%16 == 0 && strlen(str) > 0) {
data/sane-backends-1.0.31/backend/test.c:225:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (str + strlen(str), " %04X", tablePtr[i]);
data/sane-backends-1.0.31/backend/test.c:227:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 0) {
data/sane-backends-1.0.31/backend/test.c:306:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/test.c:1128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->size = strlen (init_string) + 1;
data/sane-backends-1.0.31/backend/test.c:1243:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (word) == 0)
data/sane-backends-1.0.31/backend/test.c:1328:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (word) == 0)
data/sane-backends-1.0.31/backend/test.c:1381:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (test_device->val[opt_read_delay_duration].w);
data/sane-backends-1.0.31/backend/test.c:1834:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!devicename || strlen (devicename) == 0)
data/sane-backends-1.0.31/backend/test.c:2800:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read (test_device->pipe, data, read_count);
data/sane-backends-1.0.31/backend/u12-if.c:216:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( USB_devname, dev_name, 1023 );
data/sane-backends-1.0.31/backend/u12.c:667:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(_SECTION);
data/sane-backends-1.0.31/backend/u12.c:670:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( tmp, &src[len+1], (strlen(src)-(len+1)));
data/sane-backends-1.0.31/backend/u12.c:670:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy( tmp, &src[len+1], (strlen(src)-(len+1)));
data/sane-backends-1.0.31/backend/u12.c:671:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[(strlen(src)-(len+1))] = '\0';
data/sane-backends-1.0.31/backend/u12.c:727:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char*)&src[strlen("option")];
data/sane-backends-1.0.31/backend/u12.c:796:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (const char*)&src[strlen("device")];
data/sane-backends-1.0.31/backend/u12.c:857:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dev->usbId, cnf->usbId, _MAX_ID_LEN );
data/sane-backends-1.0.31/backend/u12.c:961:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sane-backends-1.0.31/backend/u12.c:986:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if( 0 == strncmp( str, _SECTION, strlen(_SECTION))) {
data/sane-backends-1.0.31/backend/u12.c:1762:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read( s->r_pipe, data, max_length );
data/sane-backends-1.0.31/backend/umax-scsidef.h:194:40: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_vendor(in, buf) strncpy(buf, in + 0x08, 0x08)
data/sane-backends-1.0.31/backend/umax-scsidef.h:195:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_product(in, buf) strncpy(buf, in + 0x10, 0x010)
data/sane-backends-1.0.31/backend/umax-scsidef.h:196:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_version(in, buf) strncpy(buf, in + 0x20, 0x04)
data/sane-backends-1.0.31/backend/umax.c:1639:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); /* wait 0.5 seconds */
data/sane-backends-1.0.31/backend/umax.c:1698:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(((long) pause) * 1000);
data/sane-backends-1.0.31/backend/umax.c:1739:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200000); /* 200 ms pause to make sure program does not exit before scanner is ready */
data/sane-backends-1.0.31/backend/umax.c:3174:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(vendor, scanner_str[2*i], strlen(scanner_str[2*i])) )
data/sane-backends-1.0.31/backend/umax.c:3176:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(product, scanner_str[2*i+1], strlen(scanner_str[2*i+1])) )
data/sane-backends-1.0.31/backend/umax.c:3213:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(product, inq_data.scanner, strlen(inq_data.scanner)))
data/sane-backends-1.0.31/backend/umax.c:4650:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (strings[i]) + 1;
data/sane-backends-1.0.31/backend/umax.c:5941:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(option_str, test_name, strlen(test_name)) == 0)
data/sane-backends-1.0.31/backend/umax.c:5943:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_str = sanei_config_skip_whitespace(option_str+strlen(test_name));
data/sane-backends-1.0.31/backend/umax.c:6081:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(config_line);
data/sane-backends-1.0.31/backend/umax.c:7965:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(((long) pause) * 1000); /* time in ms */
data/sane-backends-1.0.31/backend/umax.c:7979:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(((long) scanner->device->pause_after_calibration) * 1000); /* time in ms */
data/sane-backends-1.0.31/backend/umax.c:8028:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(scanner->pipe_read_fd, buf, max_len);
data/sane-backends-1.0.31/backend/umax1220u-common.c:788:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/umax1220u-common.c:2170:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/umax1220u-common.c:2204:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/umax1220u.c:622:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/backend/umax_pp.c:208:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!devname || (strlen (devname) < 3))
data/sane-backends-1.0.31/backend/umax_pp.c:313:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(val)==0)
data/sane-backends-1.0.31/backend/umax_pp.c:318:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(val)==0)
data/sane-backends-1.0.31/backend/umax_pp.c:345:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(val)==0)
data/sane-backends-1.0.31/backend/umax_pp.c:2194:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (dev->read >= dev->th * ll)
data/sane-backends-1.0.31/backend/umax_pp.c:2205:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length = ll * dev->th - dev->read;
data/sane-backends-1.0.31/backend/umax_pp.h:157:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
long int read; /* bytes read from previous start scan */
data/sane-backends-1.0.31/backend/umax_pp_low.c:973:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name == NULL) || ((name != NULL) && (strlen (name) < 4)))
data/sane-backends-1.0.31/backend/umax_pp_low.c:994:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > 3)
data/sane-backends-1.0.31/backend/umax_pp_low.c:1173:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (name) > 3)
data/sane-backends-1.0.31/backend/umax_pp_low.c:1471:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, &val, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:1895:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:1980:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500);
data/sane-backends-1.0.31/backend/umax_pp_low.c:2789:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, &bval, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:2898:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, &bval, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:3140:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest + nb, size - 1 - nb);
data/sane-backends-1.0.31/backend/umax_pp_low.c:3167:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest + size - 1, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4111:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest + nb, size - 4 - nb);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4115:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest + size - 4, 3);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4140:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest + size - 1, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4306:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4341:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4362:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest, 4);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4397:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4449:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, dest, 1);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4469:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:4594:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:4646:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4994:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:4996:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5000:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5002:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5004:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5007:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5009:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5013:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5015:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5017:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5020:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5022:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5026:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5028:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5030:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5033:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5035:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5039:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5041:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5043:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5046:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5048:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5052:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5054:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5056:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5061:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5072:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5074:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5078:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5080:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5082:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5098:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5100:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5104:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5106:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5108:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5123:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5125:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5129:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5131:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5133:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5136:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5138:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5142:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5144:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5146:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (delay);
data/sane-backends-1.0.31/backend/umax_pp_low.c:5576:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:5607:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < size)
data/sane-backends-1.0.31/backend/umax_pp_low.c:5611:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size, read, __FILE__, __LINE__);
data/sane-backends-1.0.31/backend/umax_pp_low.c:6047:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (20000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:6228:8: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:6250:8: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:6267:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (500000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7675:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7683:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7690:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7697:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7704:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7711:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7718:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7721:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:7728:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8732:8: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8781:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read (fd, buffer + count, needed);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8830:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:8842:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, needed, max;
data/sane-backends-1.0.31/backend/umax_pp_low.c:8877:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < len)
data/sane-backends-1.0.31/backend/umax_pp_low.c:8879:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (len - read > max)
data/sane-backends-1.0.31/backend/umax_pp_low.c:8882:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
needed = len - read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:8946:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int word[5], read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9000:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < len)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9002:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
needed = len - read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9010:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = ECPbufferRead (needed, buffer + read);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9017:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = pausedBufferRead (needed, buffer + read);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9028:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp, 32768, read, __FILE__, __LINE__);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9032:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, len, tmp, __FILE__, __LINE__);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9033:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < len)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9046:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9085:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int word[5], read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9135:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < len)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9140:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufferRead (tmp, buffer + read);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9163:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = len - read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9164:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufferRead (tmp, buffer + read);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9166:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((read < len))
data/sane-backends-1.0.31/backend/umax_pp_low.c:9231:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int word[5], read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9275:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < len)
data/sane-backends-1.0.31/backend/umax_pp_low.c:9296:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9322:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufferRead (window, buffer + read);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9329:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, len, window, __FILE__, __LINE__);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9355:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9372:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:9703:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:9710:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:10597:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
long int somme, len, read, blocksize;
data/sane-backends-1.0.31/backend/umax_pp_low.c:10734:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < dataoffset)
data/sane-backends-1.0.31/backend/umax_pp_low.c:10739:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = dataoffset - read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:10740:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = sanei_umax_pp_readBlock (len, tw, dpi, 0, buffer + read);
data/sane-backends-1.0.31/backend/umax_pp_low.c:10771:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((read < somme) && (!gCancel))
data/sane-backends-1.0.31/backend/umax_pp_low.c:10774:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (somme - read > blocksize - remain)
data/sane-backends-1.0.31/backend/umax_pp_low.c:10777:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = somme - read;
data/sane-backends-1.0.31/backend/umax_pp_low.c:10790:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DBG (8, "Read %ld bytes out of %ld ...\n", read, somme);
data/sane-backends-1.0.31/backend/umax_pp_low.c:10927:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (1000);
data/sane-backends-1.0.31/backend/umax_pp_low.c:11450:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; (i < max) && ((ptr - line) < strlen (line)); i++)
data/sane-backends-1.0.31/backend/umax_pp_mid.c:391:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < len)
data/sane-backends-1.0.31/backend/umax_pp_mid.c:394:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sanei_umax_pp_readBlock (len - read, window, dpi, last,
data/sane-backends-1.0.31/backend/umax_pp_mid.c:395:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer + read);
data/sane-backends-1.0.31/backend/v4l.c:295:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(mode_list[i]) + 1;
data/sane-backends-1.0.31/backend/v4l.c:317:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s->channel[i]) + 1;
data/sane-backends-1.0.31/backend/v4l.c:462:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev_name);
data/sane-backends-1.0.31/backend/xerox_mfp.c:408:21: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(sleeptime * 1000);
data/sane-backends-1.0.31/backend/xerox_mfp.c:485:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(*s++) + 1;
data/sane-backends-1.0.31/frontend/saned.c:909:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (text_addr, "[error]", 8);
data/sane-backends-1.0.31/frontend/saned.c:963:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/frontend/saned.c:1108:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (text_addr, "[error]", 8);
data/sane-backends-1.0.31/frontend/saned.c:1262:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/frontend/saned.c:1883:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(resource) == 0) {
data/sane-backends-1.0.31/frontend/saned.c:2019:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w->allocated_memory -= (1 + strlen (req.value));
data/sane-backends-1.0.31/frontend/saned.c:2742:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (config_line);
data/sane-backends-1.0.31/frontend/saned.c:3486:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
wire.io.read = read;
data/sane-backends-1.0.31/frontend/saned.c:3504:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(options) > 0)
data/sane-backends-1.0.31/frontend/scanimage.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (getenv ("HOME")) < 500)
data/sane-backends-1.0.31/frontend/scanimage.c:181:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) > 0) && (stat (tmp, &stat_buf) == 0))
data/sane-backends-1.0.31/frontend/scanimage.c:198:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (resource);
data/sane-backends-1.0.31/frontend/scanimage.c:203:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) > 0) && (tmp[strlen (tmp) - 1] == '\n'))
data/sane-backends-1.0.31/frontend/scanimage.c:203:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) > 0) && (tmp[strlen (tmp) - 1] == '\n'))
data/sane-backends-1.0.31/frontend/scanimage.c:204:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp) - 1] = 0;
data/sane-backends-1.0.31/frontend/scanimage.c:205:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) > 0) && (tmp[strlen (tmp) - 1] == '\r'))
data/sane-backends-1.0.31/frontend/scanimage.c:205:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) > 0) && (tmp[strlen (tmp) - 1] == '\r'))
data/sane-backends-1.0.31/frontend/scanimage.c:206:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen (tmp) - 1] = 0;
data/sane-backends-1.0.31/frontend/scanimage.c:221:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& ((int) strlen (colon2 + 1) == len))
data/sane-backends-1.0.31/frontend/scanimage.c:223:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp_username) < SANE_MAX_USERNAME_LEN) &&
data/sane-backends-1.0.31/frontend/scanimage.c:224:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (tmp_password) < SANE_MAX_PASSWORD_LEN))
data/sane-backends-1.0.31/frontend/scanimage.c:226:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (username, tmp_username, SANE_MAX_USERNAME_LEN);
data/sane-backends-1.0.31/frontend/scanimage.c:227:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (password, tmp_password, SANE_MAX_PASSWORD_LEN);
data/sane-backends-1.0.31/frontend/scanimage.c:274:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uname != NULL && (strlen (username)) && (username[strlen (username) - 1] == '\n'))
data/sane-backends-1.0.31/frontend/scanimage.c:274:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uname != NULL && (strlen (username)) && (username[strlen (username) - 1] == '\n'))
data/sane-backends-1.0.31/frontend/scanimage.c:275:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
username[strlen (username) - 1] = 0;
data/sane-backends-1.0.31/frontend/scanimage.c:281:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (wipe, 0, strlen (password));
data/sane-backends-1.0.31/frontend/scanimage.c:293:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_buffer (tmp, strlen (tmp), md5digest);
data/sane-backends-1.0.31/frontend/scanimage.c:1075:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp (optarg, "yes", strlen (optarg)) == 0)
data/sane-backends-1.0.31/frontend/scanimage.c:1077:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncasecmp (optarg, "no", strlen (optarg)) == 0)
data/sane-backends-1.0.31/frontend/scanimage.c:1113:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (valuep, optarg, opt->size);
data/sane-backends-1.0.31/frontend/scanimage.c:2425:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_optstring = malloc (strlen (BASE_OPTSTRING)
data/sane-backends-1.0.31/frontend/scanimage.c:2426:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (larg) + strlen (targ)
data/sane-backends-1.0.31/frontend/scanimage.c:2426:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (larg) + strlen (targ)
data/sane-backends-1.0.31/frontend/scanimage.c:2427:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (xarg) + strlen (yarg) + 1);
data/sane-backends-1.0.31/frontend/scanimage.c:2427:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (xarg) + strlen (yarg) + 1);
data/sane-backends-1.0.31/frontend/scanimage.c:2545:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (column + strlen (device_list[i]->name) + 1 >= 80)
data/sane-backends-1.0.31/frontend/scanimage.c:2556:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
column += strlen (device_list[i]->name);
data/sane-backends-1.0.31/frontend/sicc.c:41:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stated_size = 16777216 * fgetc(fd) + 65536 * fgetc(fd) + 256 * fgetc(fd) + fgetc(fd);
data/sane-backends-1.0.31/frontend/sicc.c:41:50: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stated_size = 16777216 * fgetc(fd) + 65536 * fgetc(fd) + 256 * fgetc(fd) + fgetc(fd);
data/sane-backends-1.0.31/frontend/sicc.c:41:68: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stated_size = 16777216 * fgetc(fd) + 65536 * fgetc(fd) + 256 * fgetc(fd) + fgetc(fd);
data/sane-backends-1.0.31/frontend/sicc.c:41:80: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stated_size = 16777216 * fgetc(fd) + 65536 * fgetc(fd) + 256 * fgetc(fd) + fgetc(fd);
data/sane-backends-1.0.31/frontend/test.c:69:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar ();
data/sane-backends-1.0.31/frontend/tstbackend.c:312:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check(WRN, (strlen(val_string) < (size_t)opt->size),
data/sane-backends-1.0.31/frontend/tstbackend.c:630:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(optstr, "-pOiSoN-", opt->size-1);
data/sane-backends-1.0.31/frontend/tstbackend.c:652:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(optstr, "-pOiSoN-", opt->size-1);
data/sane-backends-1.0.31/include/sane/sanei_backend.h:129:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern SANE_Status ENTRY(read) (SANE_Handle, SANE_Byte *, SANE_Int,
data/sane-backends-1.0.31/include/sane/sanei_backend.h:151:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define sane_read(a,b,c,d) ENTRY(read) (a,b,c,d)
data/sane-backends-1.0.31/include/sane/sanei_wire.h:89:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
WireReadFunc read;
data/sane-backends-1.0.31/japi/Sane.c:390:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, valuep, len);
data/sane-backends-1.0.31/lib/getopt.c:245:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# if (!defined __STDC__ || !__STDC__) && !defined strlen
data/sane-backends-1.0.31/lib/getopt.c:248:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (const char *);
data/sane-backends-1.0.31/lib/getopt.c:439:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = nonoption_flags_max_len = strlen (orig_str);
data/sane-backends-1.0.31/lib/getopt.c:667:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== (unsigned int) strlen (p->name))
data/sane-backends-1.0.31/lib/getopt.c:712:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:778:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:812:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:817:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:1004:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/sane-backends-1.0.31/lib/getopt.c:1044:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:1082:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:1114:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/getopt.c:1118:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/sane-backends-1.0.31/lib/inet_ntop.c:30:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dst, text_addr, cnt);
data/sane-backends-1.0.31/lib/sleep.c:23:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (usleep(seconds*1000000))
data/sane-backends-1.0.31/lib/snprintf.c:536:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define safestrlen(s) ((s)?strlen(s):0)
data/sane-backends-1.0.31/lib/snprintf.c:939:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
place = strlen(convert);
data/sane-backends-1.0.31/lib/snprintf.c:993:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( formatstr, "%" ); /* 1 */
data/sane-backends-1.0.31/lib/snprintf.c:997:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( formatstr+strlen(formatstr), "%d", len ); /* 3 */
data/sane-backends-1.0.31/lib/snprintf.c:1000:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( formatstr+strlen(formatstr), ".%d", precision ); /* 3 */
data/sane-backends-1.0.31/lib/snprintf.c:1003:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( formatstr+strlen(formatstr), "%c", fmt );
data/sane-backends-1.0.31/lib/strdup.c:32:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (s) + 1;
data/sane-backends-1.0.31/lib/strndup.c:34:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (clone, s, n);
data/sane-backends-1.0.31/lib/usleep.c:44:1: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (unsigned int useconds)
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:170:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(com->open_path);
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:186:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DataBasePtr = ms_$crmapl(com->open_path, strlen(com->open_path), 0, DomainMaxDataSize + DomainSenseSize, ms_$cowriters, &com->CommandStatus);
data/sane-backends-1.0.31/sanei/sanei_DomainOS.c:451:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
com = ms_$mapl(path, strlen(path), 0, sizeof(struct DomainServerCommon), ms_$cowriters, ms_$wr, true, &length_mapped, &status);
data/sane-backends-1.0.31/sanei/sanei_ab306.c:166:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (p->port_fd, &ch, 1) != 1)
data/sane-backends-1.0.31/sanei/sanei_ab306.c:212:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/sanei/sanei_ab306.c:227:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/sanei/sanei_ab306.c:488:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (p->port_fd, buf, 1) != 1)
data/sane-backends-1.0.31/sanei/sanei_access.c:106:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read( fd, pid_buf, (PID_BUFSIZE-1));
data/sane-backends-1.0.31/sanei/sanei_access.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &fn[strlen(fn)];
data/sane-backends-1.0.31/sanei/sanei_access.c:208:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, pid_buf, strlen(pid_buf));
data/sane-backends-1.0.31/sanei/sanei_auth.c:132:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_buffer (tmpstr, strlen (tmpstr), md5digest);
data/sane-backends-1.0.31/sanei/sanei_auth.c:176:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (resource) > 127)
data/sane-backends-1.0.31/sanei/sanei_auth.c:246:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (line) > 0) && (line[strlen (line) - 1] == '\n'))
data/sane-backends-1.0.31/sanei/sanei_auth.c:246:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (line) > 0) && (line[strlen (line) - 1] == '\n'))
data/sane-backends-1.0.31/sanei/sanei_auth.c:247:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen (line) - 1] = '\n';
data/sane-backends-1.0.31/sanei/sanei_auth.c:249:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (line) > 0) && (line[strlen (line) - 1] == '\r'))
data/sane-backends-1.0.31/sanei/sanei_auth.c:249:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (line) > 0) && (line[strlen (line) - 1] == '\r'))
data/sane-backends-1.0.31/sanei/sanei_auth.c:250:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen (line) - 1] = '\r';
data/sane-backends-1.0.31/sanei/sanei_auth.c:253:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp (line, username, strlen (username)) == 0) &&
data/sane-backends-1.0.31/sanei/sanei_auth.c:254:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(((strchr (line, ':')) - line) == (signed) strlen (username)))
data/sane-backends-1.0.31/sanei/sanei_codec_bin.c:85:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (*s) + 1;
data/sane-backends-1.0.31/sanei/sanei_config.c:109:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dir_list);
data/sane-backends-1.0.31/sanei/sanei_config.c:221:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( str);
data/sane-backends-1.0.31/sanei/sanei_config.c:286:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/sane-backends-1.0.31/sanei/sanei_config.c:396:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size=strlen(string)+1;
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:112:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (value);
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:116:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& len == strlen (string_list[i]))
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:264:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (value);
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:271:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& len <= strlen (string_list[i]))
data/sane-backends-1.0.31/sanei/sanei_constrain_value.c:274:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen (string_list[i]))
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:139:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = (char *)malloc (sizeof(char) * (strlen(be) + strlen(fmt) + 4));
data/sane-backends-1.0.31/sanei/sanei_init_debug.c:139:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = (char *)malloc (sizeof(char) * (strlen(be) + strlen(fmt) + 4));
data/sane-backends-1.0.31/sanei/sanei_lm983x.c:210:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 10000 );
data/sane-backends-1.0.31/sanei/sanei_pio.c:203:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != read (port->fd, val, 1))
data/sane-backends-1.0.31/sanei/sanei_pio.c:240:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/sane-backends-1.0.31/sanei/sanei_pio.c:569:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read(fd,buf,n));
data/sane-backends-1.0.31/sanei/sanei_pv8630.c:217:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:527:38: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_vendor(in, buf) strncpy(buf, in + 0x08, 0x08)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:528:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_product(in, buf) strncpy(buf, in + 0x10, 0x010)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:529:39: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_inquiry_version(in, buf) strncpy(buf, in + 0x20, 0x04)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:790:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (tmpAspi, "");
data/sane-backends-1.0.31/sanei/sanei_scsi.c:843:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fd > 0 && (len = read (fd, buf, sizeof (buf) - 1)) > 0)
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1011:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
com = ms_$crmapl (CommonAreaPath, strlen (CommonAreaPath), 0,
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1100:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdata = ms_$mapl (com->open_path, strlen (com->open_path), 0,
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1188:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1254:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dev);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:1954:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2035:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd, &req->sgdata.cdb,
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2039:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read (fd, &req->sgdata.sg3.hdr, sizeof (Sg_io_hdr));
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2043:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (100000);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2254:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ATOMIC (nread = read (req->fd, &req->sgdata.cdb,
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2811:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findvendor_len = strlen (findvendor);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2813:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findmodel_len = strlen (findmodel);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2815:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findtype_len = strlen (findtype);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2833:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c2 = string + strlen (string);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2856:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (param[i].u.str, string, 32);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2981:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vmt_len[0] = (findvendor) ? strlen(findvendor) : 0;
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2982:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vmt_len[1] = (findmodel) ? strlen(findmodel) : 0;
data/sane-backends-1.0.31/sanei/sanei_scsi.c:2983:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vmt_len[2] = (findtype) ? strlen(findtype) : 0;
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3128:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vmt[2], lnxscsi_device_types[val], sizeof(vmt[2]) - 1);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3947:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*dst_size = read (fd, dst, *dst_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:3958:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*dst_size = read (fd, dst, *dst_size);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4190:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findvendor_len = strlen (findvendor);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4192:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findmodel_len = strlen (findmodel);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4194:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findtype_len = strlen (findtype);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4218:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (param[i].u.str, string, 32);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4517:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findvendor_len = strlen (findvendor);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4519:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findmodel_len = strlen (findmodel);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4591:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (vendor, (char *) inqdata + 8, 8);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4593:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (model, (char *) inqdata + 16, 16);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4839:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (errbf + strlen (errbf), "%x,", scmd.u_sense.cmd_sense[i]);
data/sane-backends-1.0.31/sanei/sanei_scsi.c:4960:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (errbf + strlen (errbf), "%x,", *(sp + i));
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5175:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((findvendor == NULL || strncmp(findvendor, (char *)&inquiry->InquiryData[8], strlen(findvendor)) == 0) &&
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5176:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(findmodel == NULL || strncmp(findmodel, (char *)&inquiry->InquiryData[16], strlen(findmodel)) == 0) &&
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5531:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (findvendor)) == 0) &&
data/sane-backends-1.0.31/sanei/sanei_scsi.c:5534:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (findmodel)) == 0))
data/sane-backends-1.0.31/sanei/sanei_thread.c:440:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( 1 );
data/sane-backends-1.0.31/sanei/sanei_usb.c:297:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (pp, " ");
data/sane-backends-1.0.31/sanei/sanei_usb.c:772:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* ret_data = malloc(strlen((const char*)content) / 2 + 2);
data/sane-backends-1.0.31/sanei/sanei_usb.c:1634:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (base_name, dir_entry->d_name, strlen (base_name)) == 0)
data/sane-backends-1.0.31/sanei/sanei_usb.c:1636:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir_name) + strlen (dir_entry->d_name) + 1 >
data/sane-backends-1.0.31/sanei/sanei_usb.c:1636:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir_name) + strlen (dir_entry->d_name) + 1 >
data/sane-backends-1.0.31/sanei/sanei_usb.c:3361:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_size = read (devices[dn].fd, buffer, *size);
data/sane-backends-1.0.31/sanei/sanei_wire.c:125:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = (*w->io.read) (fd, w->buffer.end,
data/sane-backends-1.0.31/testsuite/backend/genesys/session_config_test.cpp:163:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value.resize(std::strlen(&value.front()));
data/sane-backends-1.0.31/testsuite/sanei/test_wire.c:181:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
w.io.read = read;
data/sane-backends-1.0.31/tools/sane-desc.c:769:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (string) != 6)
data/sane-backends-1.0.31/tools/sane-desc.c:773:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (string); i++)
data/sane-backends-1.0.31/tools/sane-desc.c:778:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 2; i < strlen (string); i++)
data/sane-backends-1.0.31/tools/sane-desc.c:832:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir_entry->d_name) > 5 &&
data/sane-backends-1.0.31/tools/sane-desc.c:833:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp (dir_entry->d_name + strlen (dir_entry->d_name) - 5,
data/sane-backends-1.0.31/tools/sane-desc.c:836:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (search_dir)
data/sane-backends-1.0.31/tools/sane-desc.c:837:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (dir_entry->d_name) + 1 + 1 > PATH_MAX)
data/sane-backends-1.0.31/tools/sane-desc.c:1576:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_dir = (search_dir + strlen (search_dir));
data/sane-backends-1.0.31/tools/sane-desc.c:2024:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aux = malloc (strlen (c) * sizeof (char) * 6);
data/sane-backends-1.0.31/tools/sane-desc.c:2052:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
aux = strncat (aux, c, 1);
data/sane-backends-1.0.31/tools/sane-desc.c:2396:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *name = malloc (strlen (manufacturer_name) + 1 + 2);
data/sane-backends-1.0.31/tools/sane-desc.c:2428:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (name, strlen (manufacturer_name) + 1 + 2, "%c-%s",
data/sane-backends-1.0.31/tools/sane-desc.c:3082:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usbid->name->name = calloc (1, strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3082:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usbid->name->name = calloc (1, strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3101:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scsiid->name->name = calloc (1, strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3101:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scsiid->name->name = calloc (1, strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3131:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
man_mod->next->name = malloc (strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3131:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
man_mod->next->name = malloc (strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3184:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
man_mod->next->name = malloc (strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-desc.c:3184:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
man_mod->next->name = malloc (strlen (manufacturer) + strlen (model) + 3);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:94:42: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_scsi_inquiry_vendor(in, buf) strncpy(buf, in + 0x08, 0x08)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:95:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_scsi_inquiry_product(in, buf) strncpy(buf, in + 0x10, 0x010)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:96:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define get_scsi_inquiry_version(in, buf) strncpy(buf, in + 0x20, 0x04)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:190:19: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
asc_ptr += sprintf (asc_ptr, ".");
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1147:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir_name) + strlen (dir_entry->d_name) + 1 > PATH_MAX)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1147:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dir_name) + strlen (dir_entry->d_name) + 1 > PATH_MAX)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1367:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start_number += strlen (search);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1386:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start_number += strlen (search);
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1881:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev_name) == 0)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1884:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dev_name[strlen (dev_name) - 1] == '/')
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1936:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev_name) == 0)
data/sane-backends-1.0.31/tools/sane-find-scanner.c:1939:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dev_name[strlen (dev_name) - 1] == '/')
data/sane-backends-1.0.31/tools/umax_pp.c:242:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (argv[i]) != 3)
data/sane-backends-1.0.31/tools/umax_pp.c:263:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (argv[i]) != 3)
data/sane-backends-1.0.31/tools/umax_pp.c:295:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (argv[i]) < 3) || (strlen (argv[i]) > 4))
data/sane-backends-1.0.31/tools/umax_pp.c:295:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (argv[i]) < 3) || (strlen (argv[i]) > 4))
ANALYSIS SUMMARY:
Hits = 5187
Lines analyzed = 612853 in approximately 16.01 seconds (38275 lines/second)
Physical Source Lines of Code (SLOC) = 444916
Hits@level = [0] 1809 [1] 1334 [2] 3137 [3] 92 [4] 620 [5] 4
Hits@level+ = [0+] 6996 [1+] 5187 [2+] 3853 [3+] 716 [4+] 624 [5+] 4
Hits/KSLOC@level+ = [0+] 15.7243 [1+] 11.6584 [2+] 8.66006 [3+] 1.60929 [4+] 1.40251 [5+] 0.00899046
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.