Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/scscp-imcce-1.0.3+ds/examples/decodeclient.c Examining data/scscp-imcce-1.0.3+ds/examples/decodeserver.c Examining data/scscp-imcce-1.0.3+ds/examples/decodeserverxx.cpp Examining data/scscp-imcce-1.0.3+ds/examples/execclient.c Examining data/scscp-imcce-1.0.3+ds/examples/remoteclient.c Examining data/scscp-imcce-1.0.3+ds/examples/simplestclient.c Examining data/scscp-imcce-1.0.3+ds/examples/simplestclientstreamfmtxx.cpp Examining data/scscp-imcce-1.0.3+ds/examples/simplestclientstreamunfxx.cpp Examining data/scscp-imcce-1.0.3+ds/examples/simplestclientxx.cpp Examining data/scscp-imcce-1.0.3+ds/src/scscp.h Examining data/scscp-imcce-1.0.3+ds/src/scscpbinary.c Examining data/scscp-imcce-1.0.3+ds/src/scscpbinary.h Examining data/scscp-imcce-1.0.3+ds/src/scscpcallid.c Examining data/scscp-imcce-1.0.3+ds/src/scscpcallid.h Examining data/scscp-imcce-1.0.3+ds/src/scscpdebug.h Examining data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c Examining data/scscp-imcce-1.0.3+ds/src/scscpfileclient.h Examining data/scscp-imcce-1.0.3+ds/src/scscpfileio.c Examining data/scscp-imcce-1.0.3+ds/src/scscpfileio.h Examining data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c Examining data/scscp-imcce-1.0.3+ds/src/scscpfileserver.h Examining data/scscp-imcce-1.0.3+ds/src/scscpinternal.h Examining data/scscp-imcce-1.0.3+ds/src/scscpio.c Examining data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c Examining data/scscp-imcce-1.0.3+ds/src/scscpomdoc.h Examining data/scscp-imcce-1.0.3+ds/src/scscpoptions.c Examining data/scscp-imcce-1.0.3+ds/src/scscpoptions.h Examining data/scscp-imcce-1.0.3+ds/src/scscpprocedurecall.c Examining data/scscp-imcce-1.0.3+ds/src/scscpprocedurecall.h Examining data/scscp-imcce-1.0.3+ds/src/scscpprocedurecompleted.c Examining data/scscp-imcce-1.0.3+ds/src/scscpprocedurecompleted.h Examining data/scscp-imcce-1.0.3+ds/src/scscpprocedureterminated.c Examining data/scscp-imcce-1.0.3+ds/src/scscpprocedureterminated.h Examining data/scscp-imcce-1.0.3+ds/src/scscpremoteobject.c Examining data/scscp-imcce-1.0.3+ds/src/scscpserver.c Examining data/scscp-imcce-1.0.3+ds/src/scscpserver.h Examining data/scscp-imcce-1.0.3+ds/src/scscpstatus.c Examining data/scscp-imcce-1.0.3+ds/src/scscptags.h Examining data/scscp-imcce-1.0.3+ds/src/scscputil.c Examining data/scscp-imcce-1.0.3+ds/src/scscputil.h Examining data/scscp-imcce-1.0.3+ds/src/scscpversion.c Examining data/scscp-imcce-1.0.3+ds/src/scscpxmlnode.c Examining data/scscp-imcce-1.0.3+ds/src/scscpxmlparser.c Examining data/scscp-imcce-1.0.3+ds/src/scscpxmlparser.h Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpclientxx.cpp Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpcomputationxx.cpp Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpexception.cpp Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpserverxx.cpp Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpstream.cpp Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpstream.h Examining data/scscp-imcce-1.0.3+ds/srcxx/scscpxx.h Examining data/scscp-imcce-1.0.3+ds/tests/cmncalloption.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpcheckversion.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpclientsendinfo.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpcofailed1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpcompleted1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpcompleted2.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpgetversion.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpinterrupt.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpinvalidcmd.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpmconnect.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpnegotiationfailed1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpnsomi.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomf.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomfbin.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomibin.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomrbin.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomstrbin.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomv.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpomvbin.c Examining data/scscp-imcce-1.0.3+ds/tests/scscprawstring.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpremote1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpremote2.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpreturnoptions.c Examining data/scscp-imcce-1.0.3+ds/tests/scscprofailed1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpscconnect.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpscconnectfailed1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpscconnectfailed2.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpscinitfailed1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpsendgetallowheads.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpsendserveroption.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpserversendinfo.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.h Examining data/scscp-imcce-1.0.3+ds/tests/scscpssinit.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpssinitfailed1.c Examining data/scscp-imcce-1.0.3+ds/tests/scscpterminated.c Examining data/scscp-imcce-1.0.3+ds/tests/scscptversion.c Examining data/scscp-imcce-1.0.3+ds/testsxx/cmncalloptionxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpclientsendinfoxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpcompleted1xx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpcompleted2xx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpinterruptxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomfbinxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomfxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomibinxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomrbinxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomstrbinxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomvbinxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpomvxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpreturnoptionsxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpscconnectfailed1xx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpscconnectfailed2xx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpscconnectxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpsendgetallowheadsxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpsendserveroptionxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpserversendinfoxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommon.h Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpssinitxx.cpp Examining data/scscp-imcce-1.0.3+ds/testsxx/scscpterminatedxx.cpp FINAL RESULTS: data/scscp-imcce-1.0.3+ds/src/scscpdebug.h:68:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SCSCP_debugprint printf data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:979:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, xmlChar2char(strxml)); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:463:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) attr->name, name); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:815:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retbuffer, node->m_content); retbuffer+=strlen(node->m_content); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:823:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retbuffer, name); retbuffer+=strlen(name); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:839:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retbuffer, name); retbuffer+=strlen(name); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:958:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. int n=sprintf(buffer,"%s=\"%s\"", attr->name, attr->m_value); data/scscp-imcce-1.0.3+ds/src/scscpstatus.c:141:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(status->m_fullformattedmessage,format, cdname, symbolname, msg); data/scscp-imcce-1.0.3+ds/src/scscputil.c:150:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dst) strcpy(dst, src); data/scscp-imcce-1.0.3+ds/src/scscputil.c:159:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *string, size_t n, const char *format, ...) data/scscp-imcce-1.0.3+ds/src/scscputil.c:164:8: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. res = vsprintf(string, format, args); data/scscp-imcce-1.0.3+ds/src/scscputil.h:98:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf SCSCP_snprintf data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:144:11: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl("scscpservertest", "scscpservertest", bufanswer, sfd, NULL)==-1) data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:144:11: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl("scscpservertest", "scscpservertest", bufanswer, sfd, NULL)==-1) data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:180:11: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. res = CreateProcess(NULL, data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:180:11: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. res = CreateProcess(NULL, data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:181:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. res = CreateProcess(NULL, data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:181:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. res = CreateProcess(NULL, data/scscp-imcce-1.0.3+ds/examples/decodeclient.c:147:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/examples/execclient.c:100:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/examples/remoteclient.c:85:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/examples/simplestclient.c:79:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/examples/simplestclientstreamfmtxx.cpp:80:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/examples/simplestclientstreamunfxx.cpp:142:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/examples/simplestclientxx.cpp:79:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(argv[2]); data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:237:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c,buffloc, n); data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:486:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[3]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:487:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * attrname[3]={"cd","name","id" }; /* attribute name */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:513:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[2]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:514:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * attrname[2]={"name","id" }; /* attribute name */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:541:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[2]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:542:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * attrname[2]={"href","id" }; /* attribute name */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:568:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[2]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:569:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * attrname[2]={"hex","id" }; /* attribute name */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:570:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char valuedbl[8]; data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:571:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char valuestrdbl[17]; data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:572:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char hexArray[16] = { '0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F' }; data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:613:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[2]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:642:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[1]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:645:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c4[4]; data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:646:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *attrname[1]={"id"}; data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:666:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstr[128]; data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:667:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cstr, "%ld", (long)c32); data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:691:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * name[1]; /* address of the value */ data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:698:110: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. node = SCSCP_xmlnode_inittokenattrcontent(doc,owner, token,1,attrname, (char **)(&(name[1])), lenname+1 , (char *)name[0], lenname[0]); data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:718:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c2[2]; data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szport[64]; data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:174:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szport,"%d",port); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:239:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&adresseServeur.sin_addr.s_addr, hp->h_addr, hp->h_length); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[SCSCP_PI_MAXLENBUFFER]; data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:414:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[SCSCP_PI_MAXLENBUFFER]; data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1071:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+copylen, ctx->buffer, res); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1112:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer, buff, retval); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1148:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, ctx->buffer, retval); data/scscp-imcce-1.0.3+ds/src/scscpfileio.c:161:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(io->m_bufferOutput+io->m_bufferOutputValid, buf, len); data/scscp-imcce-1.0.3+ds/src/scscpfileio.h:71:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_bufferOutput[SCSCP_PI_MAXLENBUFFER+1]; data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[CIMLEN]; data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:643:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufferPI[SCSCP_PI_MAXLENBUFFER]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:457:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:458:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"dec=\"%+-.*E\" />",(int)DBL_DIG+1,x); data/scscp-imcce-1.0.3+ds/src/scscpio.c:527:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:528:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"%d",x); data/scscp-imcce-1.0.3+ds/src/scscpio.c:534:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:535:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"%d</OMI>",x); data/scscp-imcce-1.0.3+ds/src/scscpio.c:565:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:566:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"%llu",(unsigned long long)x); data/scscp-imcce-1.0.3+ds/src/scscpio.c:572:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:573:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"<OMI>%llu</OMI>",(unsigned long long)x); data/scscp-imcce-1.0.3+ds/src/scscpio.c:603:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:604:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"%lld",x); data/scscp-imcce-1.0.3+ds/src/scscpio.c:610:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valeur[400]; data/scscp-imcce-1.0.3+ds/src/scscpio.c:611:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(valeur,"%lld</OMI>",x); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:464:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->m_value, value, lenvalue*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:501:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(childtext->m_content, value, lenvalue*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->m_binarycontent, value, lenvalue); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:838:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retbuffer, "</"); retbuffer+=2; data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:844:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retbuffer, "/>"); retbuffer+=2; data/scscp-imcce-1.0.3+ds/src/scscpprocedurecall.c:803:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufferPI[SCSCP_PI_MAXLENBUFFER]; data/scscp-imcce-1.0.3+ds/src/scscputil.c:355:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { long l; char c[sizeof (long)]; } u; data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:216:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:217:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d %d", value, valueref); data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:238:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:239:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%23.16E %23.16E", value, valueref); data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:561:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return runserver(atoi(argv[1]), argc==3?atoi(argv[2]):-1); data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:561:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return runserver(atoi(argv[1]), argc==3?atoi(argv[2]):-1); data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufanswer[10]; data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sfd[10]; data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:127:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufanswer, "%d",typeanswer); data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:143:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sfd, "%d", fd[1]); data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:172:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:174:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cmd,"scscpservertest.exe %d", typeanswer); data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:221:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:222:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d %d", value, valueref); data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:242:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:243:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%23.16E %23.16E", value, valueref); data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:492:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return runserver(atoi(argv[1]), argc==3?atoi(argv[2]):-1); data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:492:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return runserver(atoi(argv[1]), argc==3?atoi(argv[2]):-1); data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufanswer[10]; data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sfd[10]; data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:126:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufanswer, "%d",typeanswer); data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:143:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sfd, "%d", fd[1]); data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:173:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:175:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cmd,"scscpservertest.exe %d", typeanswer); data/scscp-imcce-1.0.3+ds/examples/simplestclientxx.cpp:90:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mytask.send(openmath, ::strlen(openmath), SCSCP_option_return_object); data/scscp-imcce-1.0.3+ds/src/scscpbinary.c:669:112: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). node = SCSCP_xmlnode_inittokenattrcontent(doc, owner, token,1,attrname, (char **)name, lenname ,cstr, (int)strlen(cstr)); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:281:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SCSCP_fileio_write(&client->m_OutStream, msg, strlen(msg)*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:449:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bres = SCSCP_fileio_write(&client->m_OutStream,msg1, strlen(msg1)*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:450:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = SCSCP_fileio_write(&client->m_OutStream,supportedversion, strlen(supportedversion)*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:451:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = SCSCP_fileio_write(&client->m_OutStream,msg2, strlen(msg2)*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1021:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int lensymbol = strlen(symbol); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1196:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int lensymbol = strlen(symbol); data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1241:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(ctx->pmathfind+posbuf,"cancel", strlen("cancel"))==0) data/scscp-imcce-1.0.3+ds/src/scscpfileclient.c:1247:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(ctx->pmathfind+posbuf,"end", strlen("end"))==0) data/scscp-imcce-1.0.3+ds/src/scscpfileio.c:185:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(io->m_fd, buf, len); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:228:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send(socketid, msg, strlen(msg)*sizeof(char), 0); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:305:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bres = (send(socketid, msg1, strlen(msg1)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:306:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, server->m_services.m_servicename, strlen(server->m_services.m_servicename)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:308:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, msg2, strlen(msg2)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:309:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, server->m_services.m_serviceversion, strlen(server->m_services.m_serviceversion)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:311:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, msg3, strlen(msg3)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:312:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, server->m_services.m_serviceid, strlen(server->m_services.m_serviceid)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:314:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, msg4, strlen(msg4)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:317:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bres = (send(socketid, server->m_services.m_allowedversions[j], strlen(server->m_services.m_allowedversions[j])*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:318:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, " ", strlen(" ")*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:321:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, msg5, strlen(msg5)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:348:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bres = (send(socketid, msg1, strlen(msg1)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:349:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, supportedversion, strlen(supportedversion)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:350:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bres) bres = (send(socketid, msg2, strlen(msg2)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpfileserver.c:354:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bres = (send(socketid, msg3, strlen(msg3)*sizeof(char), 0)!=SOCKET_ERROR); data/scscp-imcce-1.0.3+ds/src/scscpio.c:116:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l0=strlen(buffer); data/scscp-imcce-1.0.3+ds/src/scscpio.c:119:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenid=(id==NULL?0:strlen(id)); data/scscp-imcce-1.0.3+ds/src/scscpio.c:165:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32_t l1=(uint32_t)strlen(buffer1); data/scscp-imcce-1.0.3+ds/src/scscpio.c:166:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32_t l2=(uint32_t)strlen(buffer2); data/scscp-imcce-1.0.3+ds/src/scscpio.c:168:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenid=(id==NULL?0:strlen(id)); data/scscp-imcce-1.0.3+ds/src/scscpio.c:224:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenid = strlen(id); data/scscp-imcce-1.0.3+ds/src/scscpio.c:316:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = SCSCP_fileio_write(&(*stream)->m_OutStream, buffer, strlen(buffer)*sizeof(char)); data/scscp-imcce-1.0.3+ds/src/scscpio.c:633:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32_t l0=(uint32_t)strlen(buffer); data/scscp-imcce-1.0.3+ds/src/scscpio.c:1245:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(buffer,PIinfo, strlen(PIinfo))==0) data/scscp-imcce-1.0.3+ds/src/scscpio.c:1250:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(buffer,PIstart, strlen(PIstart))==0) data/scscp-imcce-1.0.3+ds/src/scscpio.c:1255:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(buffer,PIquit, strlen(PIquit))==0) data/scscp-imcce-1.0.3+ds/src/scscpio.c:1261:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(buffer,PIterminate, strlen(PIterminate))==0) data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:456:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attr = SCSCP_omdoc_allocateattr(doc,strlen(name)+1+lenvalue+1); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:815:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(retbuffer, node->m_content); retbuffer+=strlen(node->m_content); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:822:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(retbuffer,"<"); retbuffer++; data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:823:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(retbuffer, name); retbuffer+=strlen(name); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:826:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(retbuffer," "); retbuffer++; data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:832:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(retbuffer, ">"); retbuffer++; data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:839:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(retbuffer, name); retbuffer+=strlen(name); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:840:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(retbuffer, ">"); retbuffer++; data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:865:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(node->m_content); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:872:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1+strlen(name); data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:887:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len+=3+strlen(name); /* "</name>" */ data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:974:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 3+strlen((char*)attr->name)+strlen(attr->m_value); /* "%s=\"%s\"", attr->name, attr->m_value*/ data/scscp-imcce-1.0.3+ds/src/scscpomdoc.c:974:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 3+strlen((char*)attr->name)+strlen(attr->m_value); /* "%s=\"%s\"", attr->name, attr->m_value*/ data/scscp-imcce-1.0.3+ds/src/scscpprocedurecall.c:356:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ncount = strlen(prefix)+100; /* for time, address and counter */ data/scscp-imcce-1.0.3+ds/src/scscpstatus.c:138:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status->m_fullformattedmessage=(char*)SCSCP_malloc((strlen(cdname)+strlen(symbolname)+strlen(msg)+strlen(format)+2)*sizeof(char), SCSCP_STATUS_IGNORE); data/scscp-imcce-1.0.3+ds/src/scscpstatus.c:138:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status->m_fullformattedmessage=(char*)SCSCP_malloc((strlen(cdname)+strlen(symbolname)+strlen(msg)+strlen(format)+2)*sizeof(char), SCSCP_STATUS_IGNORE); data/scscp-imcce-1.0.3+ds/src/scscpstatus.c:138:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status->m_fullformattedmessage=(char*)SCSCP_malloc((strlen(cdname)+strlen(symbolname)+strlen(msg)+strlen(format)+2)*sizeof(char), SCSCP_STATUS_IGNORE); data/scscp-imcce-1.0.3+ds/src/scscpstatus.c:138:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status->m_fullformattedmessage=(char*)SCSCP_malloc((strlen(cdname)+strlen(symbolname)+strlen(msg)+strlen(format)+2)*sizeof(char), SCSCP_STATUS_IGNORE); data/scscp-imcce-1.0.3+ds/src/scscputil.c:149:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst = (char*)SCSCP_malloc(strlen(src)+1, status); data/scscp-imcce-1.0.3+ds/src/scscputil.c:229:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(begin, c,strlen(begin))==0) psubstr = c+strlen(begin); data/scscp-imcce-1.0.3+ds/src/scscputil.c:229:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(begin, c,strlen(begin))==0) psubstr = c+strlen(begin); data/scscp-imcce-1.0.3+ds/src/scscputil.c:236:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strncmp(versionname, psubstr,strlen(versionname))!=0) data/scscp-imcce-1.0.3+ds/src/scscputil.c:294:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lensubstr = strlen(substr); data/scscp-imcce-1.0.3+ds/src/scscpxmlnode.c:499:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(valuestr)==16) data/scscp-imcce-1.0.3+ds/src/scscpxmlnode.c:534:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*value==NULL || strlen(*value)==0) data/scscp-imcce-1.0.3+ds/src/scscpxmlparser.c:103:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (SCSCP_xmlnode_setcontent(doc, owner, (const char*)value,strlen((const char*)value))) node = owner; data/scscp-imcce-1.0.3+ds/src/scscpxmlparser.c:115:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value!=NULL) SCSCP_xmlnode_setcontent(doc, node, (const char*)value,strlen((const char*)value)); data/scscp-imcce-1.0.3+ds/src/scscpxmlparser.c:127:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SCSCP_xmlnode_setattr(doc, node, (const char *)name, (const char *)value, strlen((const char *)value) ); data/scscp-imcce-1.0.3+ds/srcxx/scscpcomputationxx.cpp:444:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenbuffer = ::strlen(openmathbuffer); data/scscp-imcce-1.0.3+ds/srcxx/scscpcomputationxx.cpp:624:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenbuffer = ::strlen(openmathbuffer); data/scscp-imcce-1.0.3+ds/tests/scscpservertest.c:372:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(callid,"libSCSCP",strlen("libSCSCP"))==0) data/scscp-imcce-1.0.3+ds/tests/scscpsscommon.c:158:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = (int)read(fd[0], port,sizeof(*port)); data/scscp-imcce-1.0.3+ds/testsxx/cmncalloptionxx.cpp:108:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpclientsendinfoxx.cpp:113:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpcompleted1xx.cpp:120:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpcompleted2xx.cpp:192:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpinterruptxx.cpp:118:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpreturnoptionsxx.cpp:152:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpserversendinfoxx.cpp:119:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); data/scscp-imcce-1.0.3+ds/testsxx/scscpservertestxx.cpp:372:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(callid,"libSCSCP",strlen("libSCSCP"))==0) data/scscp-imcce-1.0.3+ds/testsxx/scscpsscommonxx.cpp:159:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = (int)read(fd[0], &port,sizeof(port)); data/scscp-imcce-1.0.3+ds/testsxx/scscpterminatedxx.cpp:118:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len=::strlen(cmd); ANALYSIS SUMMARY: Hits = 183 Lines analyzed = 24584 in approximately 0.87 seconds (28178 lines/second) Physical Source Lines of Code (SLOC) = 11772 Hits@level = [0] 219 [1] 80 [2] 85 [3] 4 [4] 14 [5] 0 Hits@level+ = [0+] 402 [1+] 183 [2+] 103 [3+] 18 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 34.1488 [1+] 15.5454 [2+] 8.74958 [3+] 1.52905 [4+] 1.18926 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.