Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.datalink.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.defines.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.flow_cl.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.fserver.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.present.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.session.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.user.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p325.test.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p327.upper.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p337.defines2.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p337.fserver.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p337.session.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p337.user.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p342.pftp.ses1.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p343.claim.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p347.pres.sim.h
Examining data/spin-6.5.2+dfsg/Examples/Book_1991/p347.session.prog.h
Examining data/spin-6.5.2+dfsg/Src/dstep.c
Examining data/spin-6.5.2+dfsg/Src/flow.c
Examining data/spin-6.5.2+dfsg/Src/guided.c
Examining data/spin-6.5.2+dfsg/Src/main.c
Examining data/spin-6.5.2+dfsg/Src/mesg.c
Examining data/spin-6.5.2+dfsg/Src/msc_tcl.c
Examining data/spin-6.5.2+dfsg/Src/pangen1.c
Examining data/spin-6.5.2+dfsg/Src/pangen1.h
Examining data/spin-6.5.2+dfsg/Src/pangen2.h
Examining data/spin-6.5.2+dfsg/Src/pangen3.c
Examining data/spin-6.5.2+dfsg/Src/pangen3.h
Examining data/spin-6.5.2+dfsg/Src/pangen4.c
Examining data/spin-6.5.2+dfsg/Src/pangen4.h
Examining data/spin-6.5.2+dfsg/Src/pangen5.c
Examining data/spin-6.5.2+dfsg/Src/pangen5.h
Examining data/spin-6.5.2+dfsg/Src/pangen6.c
Examining data/spin-6.5.2+dfsg/Src/pangen7.c
Examining data/spin-6.5.2+dfsg/Src/reprosrc.c
Examining data/spin-6.5.2+dfsg/Src/run.c
Examining data/spin-6.5.2+dfsg/Src/sched.c
Examining data/spin-6.5.2+dfsg/Src/spin.h
Examining data/spin-6.5.2+dfsg/Src/spinlex.c
Examining data/spin-6.5.2+dfsg/Src/structs.c
Examining data/spin-6.5.2+dfsg/Src/sym.c
Examining data/spin-6.5.2+dfsg/Src/tl.h
Examining data/spin-6.5.2+dfsg/Src/tl_buchi.c
Examining data/spin-6.5.2+dfsg/Src/tl_cache.c
Examining data/spin-6.5.2+dfsg/Src/tl_lex.c
Examining data/spin-6.5.2+dfsg/Src/tl_main.c
Examining data/spin-6.5.2+dfsg/Src/tl_mem.c
Examining data/spin-6.5.2+dfsg/Src/tl_parse.c
Examining data/spin-6.5.2+dfsg/Src/tl_rewrt.c
Examining data/spin-6.5.2+dfsg/Src/tl_trans.c
Examining data/spin-6.5.2+dfsg/Src/vars.c
Examining data/spin-6.5.2+dfsg/Src/version.h
Examining data/spin-6.5.2+dfsg/Src/pangen2.c
Examining data/spin-6.5.2+dfsg/Src/pangen6.h
Examining data/spin-6.5.2+dfsg/Src/pangen7.h
FINAL RESULTS:
data/spin-6.5.2+dfsg/Src/flow.c:868:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s);
data/spin-6.5.2+dfsg/Src/flow.c:890:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s);
data/spin-6.5.2+dfsg/Src/flow.c:998:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_nm, "_f0r_t3mp%s", CurScope); /* make sure it's unique */
data/spin-6.5.2+dfsg/Src/guided.c:150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(snap, (const char *) *trailfilename);
data/spin-6.5.2+dfsg/Src/guided.c:156:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s%d.trail", oFname->name, ntrail);
data/spin-6.5.2+dfsg/Src/guided.c:158:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s.trail", oFname->name);
data/spin-6.5.2+dfsg/Src/guided.c:167:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s%d.trail",
data/spin-6.5.2+dfsg/Src/guided.c:170:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s.trail",
data/spin-6.5.2+dfsg/Src/main.c:259:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(s);
data/spin-6.5.2+dfsg/Src/main.c:301:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-k%s ", *trailfilename);
data/spin-6.5.2+dfsg/Src/main.c:307:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(pan_runtime, PreArg[i]);
data/spin-6.5.2+dfsg/Src/main.c:314:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(&pan_runtime[strlen(pan_runtime)], "\"-P%s\" ", PreProc);
data/spin-6.5.2+dfsg/Src/main.c:339:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "spin -t %s %s", pan_runtime, Fname->name);
data/spin-6.5.2+dfsg/Src/main.c:360:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s", P_X, pan_runtime);
data/spin-6.5.2+dfsg/Src/main.c:453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s %s %s %s",
data/spin-6.5.2+dfsg/Src/main.c:597:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(precmd, PreProc);
data/spin-6.5.2+dfsg/Src/main.c:600:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(precmd, PreArg[i]);
data/spin-6.5.2+dfsg/Src/main.c:606:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s \"%s\" > \"%s\"", precmd, a, b);
data/spin-6.5.2+dfsg/Src/main.c:776:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s", pan_comptime, s);
data/spin-6.5.2+dfsg/Src/main.c:863:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %s", pan_runtime, s);
data/spin-6.5.2+dfsg/Src/main.c:897:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PreProc, CPP);
data/spin-6.5.2+dfsg/Src/main.c:937:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PreProc, (const char *) &argv[1][2]);
data/spin-6.5.2+dfsg/Src/main.c:1080:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out2, "%s.nvr", argv[1]);
data/spin-6.5.2+dfsg/Src/main.c:1115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(cmd, "_%s", argv[1]);
data/spin-6.5.2+dfsg/Src/main.c:1117:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(cmd, argv[1]);
data/spin-6.5.2+dfsg/Src/main.c:1221:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(add_ltl[4], fm);
data/spin-6.5.2+dfsg/Src/main.c:1238:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s1, s2); /* avoids a gcc warning */
data/spin-6.5.2+dfsg/Src/main.c:1241:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s1, s2);
data/spin-6.5.2+dfsg/Src/main.c:1243:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s1);
data/spin-6.5.2+dfsg/Src/main.c:1315:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
for (a = sp->access; a; a = a->lnk)
data/spin-6.5.2+dfsg/Src/main.c:1327:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
a->lnk = sp->access;
data/spin-6.5.2+dfsg/Src/mesg.c:265:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "type-clash in %s, (%s<-> %s)", s, tag1, tag2);
data/spin-6.5.2+dfsg/Src/mesg.c:513:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, n->sym->name);
data/spin-6.5.2+dfsg/Src/mesg.c:515:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, lookup(n->sym->name)->name);
data/spin-6.5.2+dfsg/Src/mesg.c:528:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, lbuf);
data/spin-6.5.2+dfsg/Src/mesg.c:533:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, lbuf);
data/spin-6.5.2+dfsg/Src/mesg.c:544:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, (strncmp(tr, "Sen", 3))?"?":"!");
data/spin-6.5.2+dfsg/Src/mesg.c:633:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(s, tr);
data/spin-6.5.2+dfsg/Src/mesg.c:685:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lbuf, "%s", n->lft->sym->name);
data/spin-6.5.2+dfsg/Src/mesg.c:686:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, lbuf);
data/spin-6.5.2+dfsg/Src/mesg.c:690:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GBuf, lbuf);
data/spin-6.5.2+dfsg/Src/mesg.c:698:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, GBuf, (char *) 0); /* prevent compiler warning */
data/spin-6.5.2+dfsg/Src/mesg.c:836:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->str, s);
data/spin-6.5.2+dfsg/Src/mesg.c:884:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(mn, t->sym->name);
data/spin-6.5.2+dfsg/Src/mesg.c:885:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mx, t->sym->name);
data/spin-6.5.2+dfsg/Src/mesg.c:889:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sv, mn); /* save */
data/spin-6.5.2+dfsg/Src/mesg.c:895:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mn, sv); /* restore */
data/spin-6.5.2+dfsg/Src/mesg.c:904:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mx, tmp);
data/spin-6.5.2+dfsg/Src/msc_tcl.c:178:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(I[a], s);
data/spin-6.5.2+dfsg/Src/msc_tcl.c:287:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "wish -f %s.tcl &", oFname?oFname->name:"msc");
data/spin-6.5.2+dfsg/Src/msc_tcl.c:290:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
exit (system(cmd));
data/spin-6.5.2+dfsg/Src/msc_tcl.c:297:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s.tcl", oFname?oFname->name:"msc");
data/spin-6.5.2+dfsg/Src/msc_tcl.c:303:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s%d.trail", oFname?oFname->name:"msc", ntrail);
data/spin-6.5.2+dfsg/Src/msc_tcl.c:305:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snap, "%s.trail", oFname?oFname->name:"msc");
data/spin-6.5.2+dfsg/Src/msc_tcl.c:342:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, s);
data/spin-6.5.2+dfsg/Src/pangen1.c:462:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(foo, "%s label inside d_step",
data/spin-6.5.2+dfsg/Src/pangen1.c:467:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(foo, "%s label inside atomic",
data/spin-6.5.2+dfsg/Src/pangen1.c:491:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(fd, c[j], i, i, i, i, i, i);
data/spin-6.5.2+dfsg/Src/pangen1.c:598:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s:", pre, s);
data/spin-6.5.2+dfsg/Src/pangen1.c:691:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s.", pref, sp->name);
data/spin-6.5.2+dfsg/Src/pangen1.c:1347:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(fd, c[j], i, p, i);
data/spin-6.5.2+dfsg/Src/pangen2.c:1666:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ns->name, "%s%d", s->name, modifier);
data/spin-6.5.2+dfsg/Src/pangen2.c:2364:45: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cat0(x) putstmnt(fd,now->lft,m); fprintf(fd, x); \
data/spin-6.5.2+dfsg/Src/pangen2.c:2367:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cat2(x,y) fprintf(fd,x); putstmnt(fd,y,m)
data/spin-6.5.2+dfsg/Src/pangen2.c:2368:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cat3(x,y,z) fprintf(fd,x); putstmnt(fd,y,m); fprintf(fd,z)
data/spin-6.5.2+dfsg/Src/pangen2.c:2368:54: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cat3(x,y,z) fprintf(fd,x); putstmnt(fd,y,m); fprintf(fd,z)
data/spin-6.5.2+dfsg/Src/pangen2.c:2369:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cat30(x,y,z) fprintf(fd,x,0); putstmnt(fd,y,m); fprintf(fd,z)
data/spin-6.5.2+dfsg/Src/pangen2.c:2369:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cat30(x,y,z) fprintf(fd,x,0); putstmnt(fd,y,m); fprintf(fd,z)
data/spin-6.5.2+dfsg/Src/pangen2.c:2860:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
{ fprintf(fd, tempbuf, (char *) 0);
data/spin-6.5.2+dfsg/Src/pangen2.c:3273:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, pre, 0);
data/spin-6.5.2+dfsg/Src/pangen2.c:3370:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, suff, 0);
data/spin-6.5.2+dfsg/Src/pangen3.c:259:44: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Cat0(x) comwork(fd,now->lft,m); fprintf(fd, x); \
data/spin-6.5.2+dfsg/Src/pangen3.c:262:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Cat2(x,y) fprintf(fd,x); comwork(fd,y,m)
data/spin-6.5.2+dfsg/Src/pangen3.c:263:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Cat3(x,y,z) fprintf(fd,x); comwork(fd,y,m); fprintf(fd,z)
data/spin-6.5.2+dfsg/Src/pangen3.c:263:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Cat3(x,y,z) fprintf(fd,x); comwork(fd,y,m); fprintf(fd,z)
data/spin-6.5.2+dfsg/Src/pangen7.c:150:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pre, (char *) 0);
data/spin-6.5.2+dfsg/Src/pangen7.c:152:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(post, (char *) 0);
data/spin-6.5.2+dfsg/Src/pangen7.c:405:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, p->n->name);
data/spin-6.5.2+dfsg/Src/reprosrc.c:223:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case NAME: sprintf(mtxt, "%s", yylval->sym->name); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:276:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case STRING: sprintf(mtxt, "%s", yylval->sym->name); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:284:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(b, mtxt);
data/spin-6.5.2+dfsg/Src/reprosrc.c:343:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, yylval->sym->name);
data/spin-6.5.2+dfsg/Src/run.c:535:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'e': strcpy(tBuf, GBuf); /* event name */
data/spin-6.5.2+dfsg/Src/run.c:540:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lbuf, GBuf);
data/spin-6.5.2+dfsg/Src/run.c:541:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GBuf, tBuf);
data/spin-6.5.2+dfsg/Src/run.c:553:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
append: strcat(GBuf, lbuf);
data/spin-6.5.2+dfsg/Src/sched.c:196:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(GBuf, "%d:%s",
data/spin-6.5.2+dfsg/Src/sched.c:301:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GBuf, "%d:%s", 0, p->n->name);
data/spin-6.5.2+dfsg/Src/sched.c:305:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(GBuf, "%d:%s", r->pid+1, r->n->name);
data/spin-6.5.2+dfsg/Src/sched.c:870:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)t->bscp, (const char *)s->bscp);
data/spin-6.5.2+dfsg/Src/sched.c:940:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "type-clash in params of %s(..), (%s<-> %s)",
data/spin-6.5.2+dfsg/Src/spin.h:75:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
struct Access *access;/* e.g., senders and receives of chan */
data/spin-6.5.2+dfsg/Src/spinlex.c:95:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pushedback, s);
data/spin-6.5.2+dfsg/Src/spinlex.c:204:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nw, ptr);
data/spin-6.5.2+dfsg/Src/spinlex.c:222:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp->prec, prc);
data/spin-6.5.2+dfsg/Src/spinlex.c:546:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, q);
data/spin-6.5.2+dfsg/Src/spinlex.c:695:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, s);
data/spin-6.5.2+dfsg/Src/spinlex.c:902:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "P%s->", p->n->name);
data/spin-6.5.2+dfsg/Src/spinlex.c:1089:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp->anms[j], IArg_cont[j]);
data/spin-6.5.2+dfsg/Src/spinlex.c:1227:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(Buf1, "\t/* line %d %s */\n\t\t",
data/spin-6.5.2+dfsg/Src/spinlex.c:1233:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(Buf1, "\n#line %d \"%s\"\n{", lineno, Fname->name);
data/spin-6.5.2+dfsg/Src/spinlex.c:1323:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(CurScope, tmpbuf);
data/spin-6.5.2+dfsg/Src/spinlex.c:1620:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s = %d ",
data/spin-6.5.2+dfsg/Src/spinlex.c:1627:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s = %d; do ",
data/spin-6.5.2+dfsg/Src/spinlex.c:1630:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, ":: (%s < %d) -> %s++ ",
data/spin-6.5.2+dfsg/Src/spinlex.c:1819:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(yylval->sym->name, s);
data/spin-6.5.2+dfsg/Src/spinlex.c:1953:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(IArg_cont[IArgno], yytext);
data/spin-6.5.2+dfsg/Src/spinlex.c:1958:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(IArg_cont[IArgno], yytext);
data/spin-6.5.2+dfsg/Src/spinlex.c:1963:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(IArg_cont[IArgno], yytext);
data/spin-6.5.2+dfsg/Src/spinlex.c:1967:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(IArg_cont[IArgno], yytext);
data/spin-6.5.2+dfsg/Src/spinlex.c:1993:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(IArg_cont[IArgno], yytext);
data/spin-6.5.2+dfsg/Src/structs.c:379:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lbuf, "no field '%s' defined in structure '%s'\n",
data/spin-6.5.2+dfsg/Src/structs.c:398:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lbuf, ".%s", tl->name);
data/spin-6.5.2+dfsg/Src/structs.c:399:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, lbuf);
data/spin-6.5.2+dfsg/Src/structs.c:402:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, lbuf);
data/spin-6.5.2+dfsg/Src/structs.c:414:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eprefix, "%s%s.", s, z->name);
data/spin-6.5.2+dfsg/Src/structs.c:417:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eprefix, "%s%s[%d].", s, z->name, ix);
data/spin-6.5.2+dfsg/Src/structs.c:435:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eprefix, "%s%s.", s, z->name);
data/spin-6.5.2+dfsg/Src/structs.c:438:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eprefix, "%s%s[%d].", s, z->name, ix);
data/spin-6.5.2+dfsg/Src/structs.c:459:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(eprefix, ipref);
data/spin-6.5.2+dfsg/Src/structs.c:464:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(eprefix, pref);
data/spin-6.5.2+dfsg/Src/structs.c:467:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(eprefix, tl->sym->name);
data/spin-6.5.2+dfsg/Src/structs.c:485:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eprefix, "%s[%d]", prefix, ix);
data/spin-6.5.2+dfsg/Src/structs.c:487:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(eprefix, prefix);
data/spin-6.5.2+dfsg/Src/structs.c:493:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pref, eprefix);
data/spin-6.5.2+dfsg/Src/structs.c:495:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pref, tl->sym->name);
data/spin-6.5.2+dfsg/Src/sym.c:79:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(n, "%s%s", sp->bscp, sp->name);
data/spin-6.5.2+dfsg/Src/sym.c:125:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sp->name, s);
data/spin-6.5.2+dfsg/Src/sym.c:131:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)sp->bscp, CurScope);
data/spin-6.5.2+dfsg/Src/sym.c:209:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, (!(res&4))?"bit":"byte");
data/spin-6.5.2+dfsg/Src/sym.c:401:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lst->nm, s);
data/spin-6.5.2+dfsg/Src/sym.c:613:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
for (a = sp->access; a; a = a->lnk)
data/spin-6.5.2+dfsg/Src/sym.c:624:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
for (a = sp->access; a; a = a->lnk)
data/spin-6.5.2+dfsg/Src/sym.c:633:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
for (a = sp->access; a; a = a->lnk)
data/spin-6.5.2+dfsg/Src/tl.h:129:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Debug(x) { if (tl_verbose) printf(x); }
data/spin-6.5.2+dfsg/Src/tl.h:130:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Debug2(x,y) { if (tl_verbose) printf(x,y); }
data/spin-6.5.2+dfsg/Src/tl_buchi.c:108:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(altnm, "accept%s", &nm[i]);
data/spin-6.5.2+dfsg/Src/tl_buchi.c:481:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "T0%s", &(c->name->name[6]));
data/spin-6.5.2+dfsg/Src/tl_buchi.c:525:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "T0%s", &(a->name->name[6]));
data/spin-6.5.2+dfsg/Src/tl_lex.c:253:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sp->name, s);
data/spin-6.5.2+dfsg/Src/tl_main.c:140:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uform, argv[1]);
data/spin-6.5.2+dfsg/Src/tl_main.c:149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(claim_name, argv[1]);
data/spin-6.5.2+dfsg/Src/tl_main.c:175:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(tl_out, a); \
data/spin-6.5.2+dfsg/Src/tl_main.c:260:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s1, s2); /* prevent a compiler warning */
data/spin-6.5.2+dfsg/Src/tl_main.c:263:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s1, s2);
data/spin-6.5.2+dfsg/Src/tl_main.c:265:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s1);
data/spin-6.5.2+dfsg/Src/tl_trans.c:402:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nwnm, "%s_%s", prefix, s->name);
data/spin-6.5.2+dfsg/Src/tl_trans.c:438:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(curnm, p->name->name);
data/spin-6.5.2+dfsg/Src/vars.c:300:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GBuf, "~G%s = ", sp->name);
data/spin-6.5.2+dfsg/Src/vars.c:302:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GBuf, "%s = ", sp->name);
data/spin-6.5.2+dfsg/Src/vars.c:380:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GBuf, "~G%s(%d):%s = ",
data/spin-6.5.2+dfsg/Src/vars.c:383:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GBuf, "%s(%d):%s = ",
data/spin-6.5.2+dfsg/Src/main.c:552:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
-DP_RAND (random starting point +- -DP_REVERSE)
data/spin-6.5.2+dfsg/Src/main.c:556:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
-DT_RAND (random starting point -- optionally with -T0..1)
data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.defines.h:12:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
create, data, eof, open, reject, sync, transfer,
data/spin-6.5.2+dfsg/Examples/Book_1991/App.F.session.h:56:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ses_to_fsrv[n]!open;
data/spin-6.5.2+dfsg/Examples/Book_1991/p337.defines2.h:11:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
create, data, eof, open, reject, sync, transfer,
data/spin-6.5.2+dfsg/Examples/Book_1991/p337.session.h:56:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ses_to_fsrv[n]!open;
data/spin-6.5.2+dfsg/Examples/Book_1991/p347.session.prog.h:56:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ses_to_fsrv[n]!open;
data/spin-6.5.2+dfsg/Src/dstep.c:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *NextLab[64]; /* must match value in pangen2.c:41 */
data/spin-6.5.2+dfsg/Src/dstep.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[16];
data/spin-6.5.2+dfsg/Src/dstep.c:66:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "S_%.3d_0", Jumpto[i]);
data/spin-6.5.2+dfsg/Src/dstep.c:207:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/spin-6.5.2+dfsg/Src/dstep.c:291:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Uerror(\"block in d_step seq, line %d\")", ln);
data/spin-6.5.2+dfsg/Src/dstep.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char NextOpt[64];
data/spin-6.5.2+dfsg/Src/dstep.c:399:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(NextOpt, "goto S_%.3d_%d",
data/spin-6.5.2+dfsg/Src/flow.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char CurScope[MAXSCOPESZ];
data/spin-6.5.2+dfsg/Src/flow.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/spin-6.5.2+dfsg/Src/flow.c:818:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, ":b%d", break_id++);
data/spin-6.5.2+dfsg/Src/flow.c:888:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[64];
data/spin-6.5.2+dfsg/Src/flow.c:967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_nm[MAXSCOPESZ+16];
data/spin-6.5.2+dfsg/Src/guided.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snap[512], *q;
data/spin-6.5.2+dfsg/Src/guided.c:161:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(snap, "r")) == NULL)
data/spin-6.5.2+dfsg/Src/guided.c:163:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(snap, "r")) == NULL)
data/spin-6.5.2+dfsg/Src/guided.c:174:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(snap, "r")) != NULL)
data/spin-6.5.2+dfsg/Src/guided.c:178:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(snap, "r")) != NULL)
data/spin-6.5.2+dfsg/Src/guided.c:395:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char t[128];
data/spin-6.5.2+dfsg/Src/guided.c:396:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, "#%d", lastclaim);
data/spin-6.5.2+dfsg/Src/main.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char CurScope[MAXSCOPESZ];
data/spin-6.5.2+dfsg/Src/main.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *PreArg[64];
data/spin-6.5.2+dfsg/Src/main.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out1[64];
data/spin-6.5.2+dfsg/Src/main.c:121:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PreProc[512];
data/spin-6.5.2+dfsg/Src/main.c:175:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
v = atoi(ptr) + 1; /* was: v = (atoi(ptr)+1)%range */
data/spin-6.5.2+dfsg/Src/main.c:227:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ nr = atoi(ptr);
data/spin-6.5.2+dfsg/Src/main.c:296:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pan_runtime, "-n%d ", SeedUsed);
data/spin-6.5.2+dfsg/Src/main.c:298:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-j%d ", jumpsteps);
data/spin-6.5.2+dfsg/Src/main.c:304:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-u%d ", cutoff);
data/spin-6.5.2+dfsg/Src/main.c:311:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-q%d ", j->n);
data/spin-6.5.2+dfsg/Src/main.c:317:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (old_priority_rules) strcat(pan_runtime, "-o6 ");
data/spin-6.5.2+dfsg/Src/main.c:318:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (!implied_semis) strcat(pan_runtime, "-o7 ");
data/spin-6.5.2+dfsg/Src/main.c:319:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (no_print) strcat(pan_runtime, "-b ");
data/spin-6.5.2+dfsg/Src/main.c:320:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (no_wrapup) strcat(pan_runtime, "-B ");
data/spin-6.5.2+dfsg/Src/main.c:321:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (columns == 1) strcat(pan_runtime, "-c ");
data/spin-6.5.2+dfsg/Src/main.c:322:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (columns == 2) strcat(pan_runtime, "-M ");
data/spin-6.5.2+dfsg/Src/main.c:323:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (seedy == 1) strcat(pan_runtime, "-h ");
data/spin-6.5.2+dfsg/Src/main.c:324:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (like_java == 1) strcat(pan_runtime, "-J ");
data/spin-6.5.2+dfsg/Src/main.c:325:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (old_scope_rules) strcat(pan_runtime, "-O ");
data/spin-6.5.2+dfsg/Src/main.c:326:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (notabs) strcat(pan_runtime, "-T ");
data/spin-6.5.2+dfsg/Src/main.c:327:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&1) strcat(pan_runtime, "-g ");
data/spin-6.5.2+dfsg/Src/main.c:328:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&2) strcat(pan_runtime, "-l ");
data/spin-6.5.2+dfsg/Src/main.c:329:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&4) strcat(pan_runtime, "-p ");
data/spin-6.5.2+dfsg/Src/main.c:330:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&8) strcat(pan_runtime, "-r ");
data/spin-6.5.2+dfsg/Src/main.c:331:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&16) strcat(pan_runtime, "-s ");
data/spin-6.5.2+dfsg/Src/main.c:332:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&32) strcat(pan_runtime, "-v ");
data/spin-6.5.2+dfsg/Src/main.c:333:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (verbose&64) strcat(pan_runtime, "-w ");
data/spin-6.5.2+dfsg/Src/main.c:334:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (m_loss) strcat(pan_runtime, "-m ");
data/spin-6.5.2+dfsg/Src/main.c:388:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nv[32];
data/spin-6.5.2+dfsg/Src/main.c:392:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(nv, "-w%d ", x);
data/spin-6.5.2+dfsg/Src/main.c:399:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nv[32];
data/spin-6.5.2+dfsg/Src/main.c:403:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(nv, "-h%d ", x%500);
data/spin-6.5.2+dfsg/Src/main.c:409:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nv[32];
data/spin-6.5.2+dfsg/Src/main.c:413:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(nv, "-k%d ", x%4);
data/spin-6.5.2+dfsg/Src/main.c:417:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char nv[32];
data/spin-6.5.2+dfsg/Src/main.c:423:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nv, "-p_rotate%d ", x%256);
data/spin-6.5.2+dfsg/Src/main.c:437:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(PreProc, "gcc"); /* need compiler */
data/spin-6.5.2+dfsg/Src/main.c:458:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(tmp, " &"); /* after ./pan */
data/spin-6.5.2+dfsg/Src/main.c:523:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(tmp, " -p_reverse ");
data/spin-6.5.2+dfsg/Src/main.c:528:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(tmp, " -p_normal ");
data/spin-6.5.2+dfsg/Src/main.c:531:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(tmp, " &");
data/spin-6.5.2+dfsg/Src/main.c:580:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char precmd[1024], cmd[2048];
data/spin-6.5.2+dfsg/Src/main.c:590:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(PreProc, "gcc-4 -std=gnu99 -E -x c");
data/spin-6.5.2+dfsg/Src/main.c:592:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(PreProc, "gcc-3 -std=gnu99 -E -x c");
data/spin-6.5.2+dfsg/Src/main.c:812:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ itsr_n = atoi(tmp);
data/spin-6.5.2+dfsg/Src/main.c:827:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ itsr = atoi(&s[9]);
data/spin-6.5.2+dfsg/Src/main.c:839:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ itsr = atoi(&s[6]);
data/spin-6.5.2+dfsg/Src/main.c:874:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buffer[8192];
data/spin-6.5.2+dfsg/Src/main.c:923:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'j': jumpsteps = atoi(&argv[1][2]); break;
data/spin-6.5.2+dfsg/Src/main.c:933:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': T = atoi(&argv[1][2]); tl_terse = 1; break;
data/spin-6.5.2+dfsg/Src/main.c:945:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qhide(atoi(&argv[1][2]));
data/spin-6.5.2+dfsg/Src/main.c:1001:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'S': separate = atoi(&argv[1][2]); /* S1 or S2 */
data/spin-6.5.2+dfsg/Src/main.c:1015:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ ntrail = atoi(&argv[1][2]);
data/spin-6.5.2+dfsg/Src/main.c:1020:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'u': cutoff = atoi(&argv[1][2]); break;
data/spin-6.5.2+dfsg/Src/main.c:1058:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(tl_out = fopen(*ltl_file, "r")))
data/spin-6.5.2+dfsg/Src/main.c:1073:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512], out2[512];
data/spin-6.5.2+dfsg/Src/main.c:1076:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out1, "pan.pre");
data/spin-6.5.2+dfsg/Src/main.c:1081:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(out2, MFLAGS)) == NULL)
data/spin-6.5.2+dfsg/Src/main.c:1106:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(yyin = fopen(out1, "r")))
data/spin-6.5.2+dfsg/Src/main.c:1167:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(yyin = fopen(ltl_claims, "r")))
data/spin-6.5.2+dfsg/Src/main.c:1210:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd_ltl = fopen(ltl_claims, MFLAGS)) == NULL)
data/spin-6.5.2+dfsg/Src/main.c:1220:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(add_ltl[4], "!(");
data/spin-6.5.2+dfsg/Src/mesg.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GBuf[4096];
data/spin-6.5.2+dfsg/Src/mesg.c:262:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256], tag1[64], tag2[64];
data/spin-6.5.2+dfsg/Src/mesg.c:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char lbuf[512];
data/spin-6.5.2+dfsg/Src/mesg.c:521:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(GBuf, "*?*");
data/spin-6.5.2+dfsg/Src/mesg.c:532:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(lbuf, "[%d]", eval(n->lft->lft));
data/spin-6.5.2+dfsg/Src/mesg.c:610:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char s[128];
data/spin-6.5.2+dfsg/Src/mesg.c:624:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(state -)\t[values: %d",
data/spin-6.5.2+dfsg/Src/mesg.c:627:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "(state -)\t[%d", eval(n->lft));
data/spin-6.5.2+dfsg/Src/mesg.c:637:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char snm[128];
data/spin-6.5.2+dfsg/Src/mesg.c:673:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[512];
data/spin-6.5.2+dfsg/Src/mesg.c:689:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lbuf, "%d", v);
data/spin-6.5.2+dfsg/Src/mesg.c:875:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char sv[512];
data/spin-6.5.2+dfsg/Src/mesg.c:876:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/spin-6.5.2+dfsg/Src/mesg.c:887:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(mn, "[]");
data/spin-6.5.2+dfsg/Src/mesg.c:903:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", t->val);
data/spin-6.5.2+dfsg/Src/mesg.c:910:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
{ strcat(mn, "??");
data/spin-6.5.2+dfsg/Src/mesg.c:911:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mx, "??");
data/spin-6.5.2+dfsg/Src/mesg.c:918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char mn[512];
data/spin-6.5.2+dfsg/Src/mesg.c:919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mx[512];
data/spin-6.5.2+dfsg/Src/msc_tcl.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[256], *t, *z;
data/spin-6.5.2+dfsg/Src/msc_tcl.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char cmd[512];
data/spin-6.5.2+dfsg/Src/msc_tcl.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char snap[256]; FILE *fd;
data/spin-6.5.2+dfsg/Src/msc_tcl.c:298:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(pfd = fopen(snap, MFLAGS)))
data/spin-6.5.2+dfsg/Src/msc_tcl.c:306:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd = fopen(snap, "r")))
data/spin-6.5.2+dfsg/Src/msc_tcl.c:308:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd = fopen(snap, "r")))
data/spin-6.5.2+dfsg/Src/pangen1.c:447:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int j; char foo[128];
data/spin-6.5.2+dfsg/Src/pangen1.c:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[128]; int i;
data/spin-6.5.2+dfsg/Src/pangen1.c:566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], buf2[128], buf3[128];
data/spin-6.5.2+dfsg/Src/pangen1.c:577:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf, "((P%d *)pptr(h))->", p);
data/spin-6.5.2+dfsg/Src/pangen1.c:599:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf2, "\", ((P%d *)pptr(h))->", p);
data/spin-6.5.2+dfsg/Src/pangen1.c:600:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf3, ");\n");
data/spin-6.5.2+dfsg/Src/pangen1.c:605:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "((P%d *)pptr(h))->", p);
data/spin-6.5.2+dfsg/Src/pangen1.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/spin-6.5.2+dfsg/Src/pangen1.c:644:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "((Q%d *)z)->", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char *ptr, buf[256];
data/spin-6.5.2+dfsg/Src/pangen1.c:761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[64];
data/spin-6.5.2+dfsg/Src/pangen1.c:773:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "((P%d *)pptr(pid))->", p->tn);
data/spin-6.5.2+dfsg/Src/pangen1.c:1367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf0[256];
data/spin-6.5.2+dfsg/Src/pangen1.c:1483:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf0, "((Q%d *)z)->", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:1493:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf0, "((Q%d *)z)->contents[j].fld", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:1502:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf0, "((Q%d *)z)->", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:1519:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf0, "((Q%d *)z)->contents[j].fld", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:1549:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf0, "((Q%d *)z)->", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:1566:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf0, "\t\t\t((Q%d *)z)->contents", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.c:1572:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf0, "\t\t\t((Q%d *)z)->contents", q->qid);
data/spin-6.5.2+dfsg/Src/pangen1.h:8457:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
to distinguish open from closed states - this can reduce states by 50%
data/spin-6.5.2+dfsg/Src/pangen2.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *NextLab[64]; /* must match value in dstep.c:18 */
data/spin-6.5.2+dfsg/Src/pangen2.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nm[3];
data/spin-6.5.2+dfsg/Src/pangen2.c:214:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd_tc = fopen(Cfile[0].nm[separate], MFLAGS)) /* main routines */
data/spin-6.5.2+dfsg/Src/pangen2.c:215:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| !(fd_th = fopen(Cfile[1].nm[separate], MFLAGS)) /* header file */
data/spin-6.5.2+dfsg/Src/pangen2.c:216:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| !(fd_tt = fopen(Cfile[2].nm[separate], MFLAGS)) /* transition matrix */
data/spin-6.5.2+dfsg/Src/pangen2.c:217:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| !(fd_tm = fopen(Cfile[3].nm[separate], MFLAGS)) /* forward moves */
data/spin-6.5.2+dfsg/Src/pangen2.c:218:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| !(fd_tb = fopen(Cfile[4].nm[separate], MFLAGS))) /* backward moves */
data/spin-6.5.2+dfsg/Src/pangen2.c:756:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fd_th = fopen("pan.p", MFLAGS)))
data/spin-6.5.2+dfsg/Src/pangen2.c:801:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct AA { char TT[9]; char CC[8]; };
data/spin-6.5.2+dfsg/Src/pangen2.c:801:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct AA { char TT[9]; char CC[8]; };
data/spin-6.5.2+dfsg/Src/pangen2.c:947:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pregat[128];
data/spin-6.5.2+dfsg/Src/pangen2.c:951:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pregat, "((P%d *)_this)->",j);
data/spin-6.5.2+dfsg/Src/pangen2.c:953:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pregat, "now.");
data/spin-6.5.2+dfsg/Src/pangen2.c:2845:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char tempbuf[64];
data/spin-6.5.2+dfsg/Src/pangen2.c:2853:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempbuf, "(trpt+1)->bup.ovals[%d] = ",
data/spin-6.5.2+dfsg/Src/pangen2.c:2857:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempbuf, "(trpt+1)->bup.oval = ");
data/spin-6.5.2+dfsg/Src/pangen2.c:3061:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char tempbuf[64];
data/spin-6.5.2+dfsg/Src/pangen2.c:3063:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempbuf, "(trpt+1)->bup.ovals[%d] = ",
data/spin-6.5.2+dfsg/Src/pangen3.c:444:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
case PRINT: { char c, buf[1024];
data/spin-6.5.2+dfsg/Src/pangen4.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf1[256];
data/spin-6.5.2+dfsg/Src/pangen4.c:247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf1, "((Q%d *)z)->contents", q->qid);
data/spin-6.5.2+dfsg/Src/pangen4.c:261:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "((Q%d *)z)->contents[j].fld", q->qid);
data/spin-6.5.2+dfsg/Src/pangen4.c:276:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf1, "((Q%d *)z)->contents", q->qid);
data/spin-6.5.2+dfsg/Src/pangen4.c:293:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf1, "[slot].fld");
data/spin-6.5.2+dfsg/Src/pangen6.c:1164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/spin-6.5.2+dfsg/Src/pangen7.c:400:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[32];
data/spin-6.5.2+dfsg/Src/pangen7.c:402:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf, "N%d", i);
data/spin-6.5.2+dfsg/Src/reprosrc.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char mtxt[1024];
data/spin-6.5.2+dfsg/Src/reprosrc.c:149:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtxt, "%c", n);
data/spin-6.5.2+dfsg/Src/reprosrc.c:151:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtxt, "<%d?>", n);
data/spin-6.5.2+dfsg/Src/reprosrc.c:158:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case '\t': sprintf(mtxt, "\\t"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:159:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case '\f': sprintf(mtxt, "\\f"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:160:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case '\n': sprintf(mtxt, "\\n"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:161:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case '\r': sprintf(mtxt, "\\r"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:162:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'c': sprintf(mtxt, "condition"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:163:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 's': sprintf(mtxt, "send"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:164:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'r': sprintf(mtxt, "recv"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:165:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'R': sprintf(mtxt, "recv poll"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:167:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case '?': sprintf(mtxt, "(x->y:z)"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:169:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ALWAYS: sprintf(mtxt, "[]"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:170:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case EVENTUALLY: sprintf(mtxt, "<>"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:171:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case IMPLIES: sprintf(mtxt, "->"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:172:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case EQUIV: sprintf(mtxt, "<->"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:175:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case IN: sprintf(mtxt, "in"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:176:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ACTIVE: sprintf(mtxt, "active"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:177:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case AND: sprintf(mtxt, "&&"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:178:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ARROW: sprintf(mtxt, "->"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:180:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ASSERT: sprintf(mtxt, "assert"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:181:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ATOMIC: sprintf(mtxt, "atomic"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:182:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case BREAK: sprintf(mtxt, "break"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:183:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case C_CODE: sprintf(mtxt, "c_code"); in_c_code++; break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:184:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case C_DECL: sprintf(mtxt, "c_decl"); in_c_decl++; break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:185:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case C_EXPR: sprintf(mtxt, "c_expr"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:186:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case C_STATE: sprintf(mtxt, "c_state"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:187:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case C_TRACK: sprintf(mtxt, "c_track"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:188:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case CLAIM: sprintf(mtxt, "never"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:189:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case CONST: sprintf(mtxt, "%d", yylval->val); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:190:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case DECR: sprintf(mtxt, "--"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:191:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case D_STEP: sprintf(mtxt, "d_step"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:192:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case D_PROCTYPE: sprintf(mtxt, "d_proctype"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:193:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case DO: sprintf(mtxt, "do"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:195:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ELSE: sprintf(mtxt, "else"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:196:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case EMPTY: sprintf(mtxt, "empty"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:197:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ENABLED: sprintf(mtxt, "enabled"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:198:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case EQ: sprintf(mtxt, "=="); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:199:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case EVAL: sprintf(mtxt, "eval"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:200:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case FI: sprintf(mtxt, "fi"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:201:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case FOR: sprintf(mtxt, "for"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:202:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case FULL: sprintf(mtxt, "full"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:203:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case GE: sprintf(mtxt, ">="); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:204:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case GET_P: sprintf(mtxt, "get_priority"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:205:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case GOTO: sprintf(mtxt, "goto"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:207:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case HIDDEN: sprintf(mtxt, "hidden"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:208:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case IF: sprintf(mtxt, "if"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:209:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case INCR: sprintf(mtxt, "++"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:211:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case INLINE: sprintf(mtxt, "inline"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:212:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case INIT: sprintf(mtxt, "init"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:213:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case ISLOCAL: sprintf(mtxt, "local"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:215:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case LABEL: sprintf(mtxt, "<label-name>"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:217:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case LE: sprintf(mtxt, "<="); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:218:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case LEN: sprintf(mtxt, "len"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:219:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case LSHIFT: sprintf(mtxt, "<<"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:221:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case LTL: sprintf(mtxt, "ltl"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:226:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case XR: sprintf(mtxt, "xr"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:227:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case XS: sprintf(mtxt, "xs"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:228:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(mtxt, "<?>"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:233:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case BIT: sprintf(mtxt, "bit"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:234:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case BYTE: sprintf(mtxt, "byte"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:235:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case CHAN: sprintf(mtxt, "chan"); in_decl++; break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:236:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case INT: sprintf(mtxt, "int"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:237:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case MTYPE: sprintf(mtxt, "mtype"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:238:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case SHORT: sprintf(mtxt, "short"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:239:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case UNSIGNED: sprintf(mtxt, "unsigned"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:240:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(mtxt, "<unknown type>"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:244:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case NE: sprintf(mtxt, "!="); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:246:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case NEMPTY: sprintf(mtxt, "nempty"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:247:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case NFULL: sprintf(mtxt, "nfull"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:249:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case NON_ATOMIC: sprintf(mtxt, "<sub-sequence>"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:251:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case NONPROGRESS: sprintf(mtxt, "np_"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:252:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case OD: sprintf(mtxt, "od"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:253:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case OF: sprintf(mtxt, "of"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:254:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case OR: sprintf(mtxt, "||"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:255:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case O_SND: sprintf(mtxt, "!!"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:256:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case PC_VAL: sprintf(mtxt, "pc_value"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:257:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case PRINT: sprintf(mtxt, "printf"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:258:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case PRINTM: sprintf(mtxt, "printm"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:259:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case PRIORITY: sprintf(mtxt, "priority"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:260:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case PROCTYPE: sprintf(mtxt, "proctype"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:261:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case PROVIDED: sprintf(mtxt, "provided"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:262:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case RETURN: sprintf(mtxt, "return"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:264:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case R_RCV: sprintf(mtxt, "??"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:265:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case RSHIFT: sprintf(mtxt, ">>"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:266:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case RUN: sprintf(mtxt, "run"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:267:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case SEP: sprintf(mtxt, "::"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:269:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case SET_P: sprintf(mtxt, "set_priority"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:270:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case SHOW: sprintf(mtxt, "show"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:278:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TRACE: sprintf(mtxt, "trace"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:279:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TIMEOUT: sprintf(mtxt, "(timeout)"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:280:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case TYPEDEF: sprintf(mtxt, "typedef"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:282:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case UNLESS: sprintf(mtxt, "unless"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/spin-6.5.2+dfsg/Src/run.c:144:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256];
data/spin-6.5.2+dfsg/Src/run.c:155:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(buf);
data/spin-6.5.2+dfsg/Src/run.c:495:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int i, j; char lbuf[512]; /* matches value in sr_buf() */
data/spin-6.5.2+dfsg/Src/run.c:497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tBuf[4096]; /* match size of global GBuf[] */
data/spin-6.5.2+dfsg/Src/run.c:532:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'c': sprintf(lbuf, "%c", j); break;
data/spin-6.5.2+dfsg/Src/run.c:533:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'd': sprintf(lbuf, "%d", j); break;
data/spin-6.5.2+dfsg/Src/run.c:544:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'o': sprintf(lbuf, "%o", j); break;
data/spin-6.5.2+dfsg/Src/run.c:545:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'u': sprintf(lbuf, "%u", (unsigned) j); break;
data/spin-6.5.2+dfsg/Src/run.c:546:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'x': sprintf(lbuf, "%x", j); break;
data/spin-6.5.2+dfsg/Src/sched.c:371:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char is_blocked[256];
data/spin-6.5.2+dfsg/Src/sched.c:570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256];
data/spin-6.5.2+dfsg/Src/sched.c:578:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
j = atoi(buf);
data/spin-6.5.2+dfsg/Src/sched.c:937:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256], tag1[64], tag2[64];
data/spin-6.5.2+dfsg/Src/sched.c:1071:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[128];
data/spin-6.5.2+dfsg/Src/spinlex.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CurScope[MAXSCOPESZ];
data/spin-6.5.2+dfsg/Src/spinlex.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yytext[2048];
data/spin-6.5.2+dfsg/Src/spinlex.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *Inliner[MAXINL], IArg_cont[MAXPAR][MAXLEN];
data/spin-6.5.2+dfsg/Src/spinlex.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pushedback[4096];
data/spin-6.5.2+dfsg/Src/spinlex.c:690:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/spin-6.5.2+dfsg/Src/spinlex.c:894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[128];
data/spin-6.5.2+dfsg/Src/spinlex.c:1088:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ tmp->anms[j] = (char *) emalloc(strlen(IArg_cont[j])+1);
data/spin-6.5.2+dfsg/Src/spinlex.c:1126:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lineno = atoi(yytext); /* pickup the line number */
data/spin-6.5.2+dfsg/Src/spinlex.c:1181:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Buf1[SOMETHINGBIG], Buf2[RATHERSMALL];
data/spin-6.5.2+dfsg/Src/spinlex.c:1194:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->name, "c_code%d", c_code++);
data/spin-6.5.2+dfsg/Src/spinlex.c:1316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[256];
data/spin-6.5.2+dfsg/Src/spinlex.c:1322:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(tmpbuf, "%d_", scope_seq[i]);
data/spin-6.5.2+dfsg/Src/spinlex.c:1329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char b[512];
data/spin-6.5.2+dfsg/Src/spinlex.c:1376:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
defer_fd = fopen(TMP_FILE2, "r");
data/spin-6.5.2+dfsg/Src/spinlex.c:1396:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ defer_fd = fopen(TMP_FILE2, "w+");
data/spin-6.5.2+dfsg/Src/spinlex.c:1422:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp_hold[256];
data/spin-6.5.2+dfsg/Src/spinlex.c:1595:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char name[64], from[32], upto[32];
data/spin-6.5.2+dfsg/Src/spinlex.c:1605:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(from);
data/spin-6.5.2+dfsg/Src/spinlex.c:1606:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b = atoi(upto);
data/spin-6.5.2+dfsg/Src/spinlex.c:1618:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256];
data/spin-6.5.2+dfsg/Src/spinlex.c:1626:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[256];
data/spin-6.5.2+dfsg/Src/spinlex.c:1961:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(yytext, "'%c'", yylval->val);
data/spin-6.5.2+dfsg/Src/spinlex.c:1965:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(yytext, "%d", yylval->val);
data/spin-6.5.2+dfsg/Src/spinlex.c:1971:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case ARROW: strcpy(yytext, "->"); break; /* NEW */
data/spin-6.5.2+dfsg/Src/spinlex.c:1972:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case SEP: strcpy(yytext, "::"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1974:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case DECR: strcpy(yytext, "--"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1975:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case INCR: strcpy(yytext, "++"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1976:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case LSHIFT: strcpy(yytext, "<<"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1977:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case RSHIFT: strcpy(yytext, ">>"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1978:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case LE: strcpy(yytext, "<="); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1980:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case GE: strcpy(yytext, ">="); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1982:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case EQ: strcpy(yytext, "=="); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1984:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case NE: strcpy(yytext, "!="); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1985:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case R_RCV: strcpy(yytext, "??"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1987:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case O_SND: strcpy(yytext, "!!"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1989:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case AND: strcpy(yytext, "&&"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1990:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case OR: strcpy(yytext, "||"); break;
data/spin-6.5.2+dfsg/Src/structs.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->sym, s->sym, sizeof(Symbol));
data/spin-6.5.2+dfsg/Src/structs.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[512];
data/spin-6.5.2+dfsg/Src/structs.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[512];
data/spin-6.5.2+dfsg/Src/structs.c:401:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(lbuf, "[%d]", eval(tmp->lft));
data/spin-6.5.2+dfsg/Src/structs.c:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eprefix[128];
data/spin-6.5.2+dfsg/Src/structs.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eprefix[128];
data/spin-6.5.2+dfsg/Src/structs.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[256], eprefix[300];
data/spin-6.5.2+dfsg/Src/structs.c:463:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "[ %d ].", ix);
data/spin-6.5.2+dfsg/Src/structs.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eprefix[256];
data/spin-6.5.2+dfsg/Src/structs.c:492:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char pref[300];
data/spin-6.5.2+dfsg/Src/sym.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char CurScope[MAXSCOPESZ];
data/spin-6.5.2+dfsg/Src/sym.c:67:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m, "_%d_", sp->context->sc);
data/spin-6.5.2+dfsg/Src/sym.c:181:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int res = 0; char buf[16], buf2[16];
data/spin-6.5.2+dfsg/Src/sym.c:491:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case UNSIGNED: strcpy(foo, "unsigned "); break;
data/spin-6.5.2+dfsg/Src/sym.c:492:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case BIT: strcpy(foo, "bit "); break;
data/spin-6.5.2+dfsg/Src/sym.c:493:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case BYTE: strcpy(foo, "byte "); break;
data/spin-6.5.2+dfsg/Src/sym.c:494:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case CHAN: strcpy(foo, "chan "); break;
data/spin-6.5.2+dfsg/Src/sym.c:495:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case SHORT: strcpy(foo, "short "); break;
data/spin-6.5.2+dfsg/Src/sym.c:496:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case INT: strcpy(foo, "int "); break;
data/spin-6.5.2+dfsg/Src/sym.c:497:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case MTYPE: strcpy(foo, "mtype "); break;
data/spin-6.5.2+dfsg/Src/sym.c:498:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case STRUCT: strcpy(foo, "struct"); break;
data/spin-6.5.2+dfsg/Src/sym.c:499:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case PROCTYPE: strcpy(foo, "proctype"); break;
data/spin-6.5.2+dfsg/Src/sym.c:500:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case LABEL: strcpy(foo, "label "); return 0;
data/spin-6.5.2+dfsg/Src/sym.c:501:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(foo, "value "); return 0;
data/spin-6.5.2+dfsg/Src/sym.c:509:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[128];
data/spin-6.5.2+dfsg/Src/sym.c:647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/spin-6.5.2+dfsg/Src/tl.h:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char isred[64], isgrn[64];
data/spin-6.5.2+dfsg/Src/tl_buchi.c:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ int i; char altnm[64];
data/spin-6.5.2+dfsg/Src/tl_buchi.c:480:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[64];
data/spin-6.5.2+dfsg/Src/tl_buchi.c:524:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[64];
data/spin-6.5.2+dfsg/Src/tl_lex.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/spin-6.5.2+dfsg/Src/tl_lex.c:54:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected '%c'", tok);
data/spin-6.5.2+dfsg/Src/tl_lex.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peek_buf[512];
data/spin-6.5.2+dfsg/Src/tl_main.c:148:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
claim_name = (char *) emalloc(strlen(argv[1])+1);
data/spin-6.5.2+dfsg/Src/tl_trans.c:139:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char buf[32];
data/spin-6.5.2+dfsg/Src/tl_trans.c:140:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "S%d", state_cnt++);
data/spin-6.5.2+dfsg/Src/tl_trans.c:375:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "accept"); /* new */
data/spin-6.5.2+dfsg/Src/tl_trans.c:377:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "T0"); /* cycle */
data/spin-6.5.2+dfsg/Src/tl_trans.c:381:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "accept"); /* last hop */
data/spin-6.5.2+dfsg/Src/tl_trans.c:383:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "T%d", count+incr_cnt);
data/spin-6.5.2+dfsg/Src/tl_trans.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[128], nwnm[256];
data/spin-6.5.2+dfsg/Src/tl_trans.c:404:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nwnm, "accept_all");
data/spin-6.5.2+dfsg/Src/tl_trans.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curnm[64];
data/spin-6.5.2+dfsg/Src/tl_trans.c:434:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(curnm, "accept_");
data/spin-6.5.2+dfsg/Src/tl_trans.c:436:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(curnm, "T%d_", k);
data/spin-6.5.2+dfsg/Src/vars.c:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[64]; sprintf(buf, "%d->%d (%d)", v, i+s+(int)u, t);
data/spin-6.5.2+dfsg/Src/vars.c:190:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ char buf[64]; sprintf(buf, "%d->%d (%d)", v, i+s+(int)u, t);
data/spin-6.5.2+dfsg/Src/flow.c:666:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln = strlen((const char *) l->s->bscp);
data/spin-6.5.2+dfsg/Src/flow.c:785:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ ln = strlen((const char *) l->s->bscp);
data/spin-6.5.2+dfsg/Src/guided.c:149:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strlen(*trailfilename) < sizeof(snap))
data/spin-6.5.2+dfsg/Src/guided.c:162:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ snap[strlen(snap)-2] = '\0'; /* .tra */
data/spin-6.5.2+dfsg/Src/guided.c:177:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snap[strlen(snap)-2] = '\0'; /* last try */
data/spin-6.5.2+dfsg/Src/main.c:171:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ ptr += strlen(what);
data/spin-6.5.2+dfsg/Src/main.c:223:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ for (i = 0; i < (int) strlen(s); i++)
data/spin-6.5.2+dfsg/Src/main.c:236:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int n = strlen(t) - 1;
data/spin-6.5.2+dfsg/Src/main.c:270:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (preprocessonly == 0 && strlen(out1) > 0)
data/spin-6.5.2+dfsg/Src/main.c:298:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-j%d ", jumpsteps);
data/spin-6.5.2+dfsg/Src/main.c:301:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-k%s ", *trailfilename);
data/spin-6.5.2+dfsg/Src/main.c:304:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-u%d ", cutoff);
data/spin-6.5.2+dfsg/Src/main.c:308:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pan_runtime, " ");
data/spin-6.5.2+dfsg/Src/main.c:311:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ sprintf(&pan_runtime[strlen(pan_runtime)], "-q%d ", j->n);
data/spin-6.5.2+dfsg/Src/main.c:314:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ sprintf(&pan_runtime[strlen(pan_runtime)], "\"-P%s\" ", PreProc);
data/spin-6.5.2+dfsg/Src/main.c:336:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = (char *) emalloc(strlen("spin -t") +
data/spin-6.5.2+dfsg/Src/main.c:337:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pan_runtime) + strlen(Fname->name) + 8);
data/spin-6.5.2+dfsg/Src/main.c:337:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pan_runtime) + strlen(Fname->name) + 8);
data/spin-6.5.2+dfsg/Src/main.c:348:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (replay && strlen(pan_comptime) == 0)
data/spin-6.5.2+dfsg/Src/main.c:358:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) emalloc(8 + strlen(P_X) + strlen(pan_runtime) +4);
data/spin-6.5.2+dfsg/Src/main.c:358:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) emalloc(8 + strlen(P_X) + strlen(pan_runtime) +4);
data/spin-6.5.2+dfsg/Src/main.c:444:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(PreProc) +
data/spin-6.5.2+dfsg/Src/main.c:445:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(C_X) +
data/spin-6.5.2+dfsg/Src/main.c:446:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pan_comptime) +
data/spin-6.5.2+dfsg/Src/main.c:447:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(P_X) +
data/spin-6.5.2+dfsg/Src/main.c:448:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pan_runtime) +
data/spin-6.5.2+dfsg/Src/main.c:449:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(" -p_reverse & "));
data/spin-6.5.2+dfsg/Src/main.c:588:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(PreProc, "gcc ", strlen("gcc ")) == 0)
data/spin-6.5.2+dfsg/Src/main.c:596:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(PreProc) < sizeof(precmd));
data/spin-6.5.2+dfsg/Src/main.c:599:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(precmd, " ");
data/spin-6.5.2+dfsg/Src/main.c:602:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(precmd) > sizeof(precmd))
data/spin-6.5.2+dfsg/Src/main.c:775:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) emalloc(strlen(pan_comptime)+strlen(s)+2);
data/spin-6.5.2+dfsg/Src/main.c:775:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) emalloc(strlen(pan_comptime)+strlen(s)+2);
data/spin-6.5.2+dfsg/Src/main.c:823:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, "-biterate", strlen("-biterate")) == 0)
data/spin-6.5.2+dfsg/Src/main.c:835:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, "-swarm", strlen("-swarm")) == 0)
data/spin-6.5.2+dfsg/Src/main.c:850:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strncmp(s, pats[i].ifsee, strlen(pats[i].ifsee)) == 0)
data/spin-6.5.2+dfsg/Src/main.c:857:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, "-dfspar", strlen("-dfspar")) == 0)
data/spin-6.5.2+dfsg/Src/main.c:862:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) emalloc(strlen(pan_runtime)+strlen(s)+2);
data/spin-6.5.2+dfsg/Src/main.c:862:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) emalloc(strlen(pan_runtime)+strlen(s)+2);
data/spin-6.5.2+dfsg/Src/main.c:894:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(CurScope, "_");
data/spin-6.5.2+dfsg/Src/main.c:896:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(CPP) < sizeof(PreProc));
data/spin-6.5.2+dfsg/Src/main.c:936:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case 'P': assert(strlen((const char *) &argv[1][2]) < sizeof(PreProc));
data/spin-6.5.2+dfsg/Src/main.c:1079:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ assert(strlen(argv[1]) < sizeof(out2));
data/spin-6.5.2+dfsg/Src/main.c:1111:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(argv[1])+1 < sizeof(cmd));
data/spin-6.5.2+dfsg/Src/main.c:1121:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ int i = (int) strlen(oFname->name);
data/spin-6.5.2+dfsg/Src/main.c:1219:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_ltl[4] = (char *) emalloc(strlen(fm)+4);
data/spin-6.5.2+dfsg/Src/main.c:1222:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(add_ltl[4], ")");
data/spin-6.5.2+dfsg/Src/main.c:1253:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(yytext)>1)
data/spin-6.5.2+dfsg/Src/mesg.c:175:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = getchar();
data/spin-6.5.2+dfsg/Src/mesg.c:202:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getchar();
data/spin-6.5.2+dfsg/Src/mesg.c:526:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lbuf, "");
data/spin-6.5.2+dfsg/Src/mesg.c:530:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(GBuf, "-");
data/spin-6.5.2+dfsg/Src/mesg.c:546:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(GBuf, ",");
data/spin-6.5.2+dfsg/Src/mesg.c:547:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (tr[0] == '[') strcat(GBuf, "[");
data/spin-6.5.2+dfsg/Src/mesg.c:556:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (tr[0] == '[') strcat(GBuf, "]");
data/spin-6.5.2+dfsg/Src/mesg.c:629:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "!");
data/spin-6.5.2+dfsg/Src/mesg.c:631:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "?");
data/spin-6.5.2+dfsg/Src/mesg.c:681:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if(strlen(n->lft->sym->name) >= sizeof(lbuf))
data/spin-6.5.2+dfsg/Src/mesg.c:834:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->str = emalloc(strlen(s)+1);
data/spin-6.5.2+dfsg/Src/mesg.c:890:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mn, ""); /* clear */
data/spin-6.5.2+dfsg/Src/mesg.c:891:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mx, "[");
data/spin-6.5.2+dfsg/Src/mesg.c:893:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mx, "]");
data/spin-6.5.2+dfsg/Src/mesg.c:902:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(mn, "1"); /* really: t->val */
data/spin-6.5.2+dfsg/Src/mesg.c:906:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(mn, ".");
data/spin-6.5.2+dfsg/Src/mesg.c:907:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mx, ".");
data/spin-6.5.2+dfsg/Src/mesg.c:923:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mn, "");
data/spin-6.5.2+dfsg/Src/mesg.c:924:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mx, "");
data/spin-6.5.2+dfsg/Src/mesg.c:940:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(sp) == strlen("_nr_pr") && strcmp(sp, "_nr_pr") == 0)
data/spin-6.5.2+dfsg/Src/mesg.c:940:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(sp) == strlen("_nr_pr") && strcmp(sp, "_nr_pr") == 0)
data/spin-6.5.2+dfsg/Src/mesg.c:941:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(sp) == strlen("_pid") && strcmp(sp, "_pid") == 0)
data/spin-6.5.2+dfsg/Src/mesg.c:941:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(sp) == strlen("_pid") && strcmp(sp, "_pid") == 0)
data/spin-6.5.2+dfsg/Src/mesg.c:942:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(sp) == strlen("_p") && strcmp(sp, "_p") == 0))
data/spin-6.5.2+dfsg/Src/mesg.c:942:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(sp) == strlen("_p") && strcmp(sp, "_p") == 0))
data/spin-6.5.2+dfsg/Src/msc_tcl.c:157:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bw = (float)1.8*(float)strlen(s); /* guess at default font width */
data/spin-6.5.2+dfsg/Src/msc_tcl.c:173:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(s, "%d:%250s", &a, d) == 2
data/spin-6.5.2+dfsg/Src/msc_tcl.c:175:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (!I[a] || strlen(I[a]) <= strlen(s))
data/spin-6.5.2+dfsg/Src/msc_tcl.c:175:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (!I[a] || strlen(I[a]) <= strlen(s))
data/spin-6.5.2+dfsg/Src/msc_tcl.c:176:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ I[a] = (char *) emalloc((int) strlen(s)+1);
data/spin-6.5.2+dfsg/Src/msc_tcl.c:183:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
z = t = (char *) emalloc(2*strlen(s)+1);
data/spin-6.5.2+dfsg/Src/msc_tcl.c:185:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(s); i++)
data/spin-6.5.2+dfsg/Src/msc_tcl.c:307:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ snap[strlen(snap)-2] = '\0';
data/spin-6.5.2+dfsg/Src/msc_tcl.c:340:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ char *tmp = emalloc((int) strlen(s)+1);
data/spin-6.5.2+dfsg/Src/pangen1.c:537:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(buf);
data/spin-6.5.2+dfsg/Src/pangen1.c:549:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(buf);
data/spin-6.5.2+dfsg/Src/pangen1.h:8448:46: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
0. pre-allocates full hash-table with slots equal to max statevector size
data/spin-6.5.2+dfsg/Src/pangen2.c:948:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pregat, "");
data/spin-6.5.2+dfsg/Src/pangen2.c:1665:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns->name = (char *) emalloc((int) strlen(s->name) + 4);
data/spin-6.5.2+dfsg/Src/pangen3.c:445:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, now->sym->name, 510);
data/spin-6.5.2+dfsg/Src/pangen6.c:2006:42: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
d. the dominator is reachable, and not equal to this node
data/spin-6.5.2+dfsg/Src/pangen7.c:404:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ assert(strlen(p->n->name) < sizeof(buf));
data/spin-6.5.2+dfsg/Src/reprosrc.c:145:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mtxt, "");
data/spin-6.5.2+dfsg/Src/reprosrc.c:154:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case '(': strcpy(mtxt, "("); in_decl++; break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:155:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case ')': strcpy(mtxt, ")"); in_decl--; break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:156:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case '{': strcpy(mtxt, "{"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:157:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case '}': strcpy(mtxt, "}"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:166:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case '@': sprintf(mtxt, "@"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:168:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case NEXT: sprintf(mtxt, "X"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:173:14: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case UNTIL: sprintf(mtxt, "U"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:174:19: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case WEAK_UNTIL: sprintf(mtxt, "W"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:179:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case ASGN: sprintf(mtxt, "="); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:194:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case DOT: sprintf(mtxt, "."); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:206:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case GT: sprintf(mtxt, ">"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:220:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case LT: sprintf(mtxt, "<"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:245:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case NEG: sprintf(mtxt, "!"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:263:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case RCV: sprintf(mtxt, "?"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:268:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case SEMI: sprintf(mtxt, ";"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:271:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case SND: sprintf(mtxt, "!"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:281:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
case UMIN: sprintf(mtxt, "-"); break;
data/spin-6.5.2+dfsg/Src/reprosrc.c:290:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b) == 0) return;
data/spin-6.5.2+dfsg/Src/reprosrc.c:292:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b[strlen(b)-1] != ':') /* label? */
data/spin-6.5.2+dfsg/Src/reprosrc.c:302:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(b, "");
data/spin-6.5.2+dfsg/Src/reprosrc.c:319:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/spin-6.5.2+dfsg/Src/reprosrc.c:342:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(yylval->sym->name) < sizeof(buf));
data/spin-6.5.2+dfsg/Src/reprosrc.c:367:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& c != SEP && strlen(buf) > 0)
data/spin-6.5.2+dfsg/Src/reprosrc.c:368:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/spin-6.5.2+dfsg/Src/run.c:150:9: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf("%64s", buf) <= 0)
data/spin-6.5.2+dfsg/Src/run.c:502:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int) strlen(s); i++)
data/spin-6.5.2+dfsg/Src/run.c:507:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case 't': strcat(GBuf, "\t"); break;
data/spin-6.5.2+dfsg/Src/run.c:508:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case 'n': strcat(GBuf, "\n"); break;
data/spin-6.5.2+dfsg/Src/run.c:514:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(GBuf, "%"); /* literal */
data/spin-6.5.2+dfsg/Src/run.c:558:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(GBuf) >= 4096) fatal("printf string too long", 0);
data/spin-6.5.2+dfsg/Src/sched.c:572:8: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (scanf("%64s", buf) == 0)
data/spin-6.5.2+dfsg/Src/sched.c:687:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(stdin);
data/spin-6.5.2+dfsg/Src/sched.c:869:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->bscp = (unsigned char *) emalloc(strlen((const char *)s->bscp)+1);
data/spin-6.5.2+dfsg/Src/sched.c:1106:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(nbuf, "-");
data/spin-6.5.2+dfsg/Src/spinlex.c:92:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (PushedBack + strlen(s) > 4094)
data/spin-6.5.2+dfsg/Src/spinlex.c:96:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PushedBack += strlen(s);
data/spin-6.5.2+dfsg/Src/spinlex.c:112:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ c = getc(yyin);
data/spin-6.5.2+dfsg/Src/spinlex.c:203:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *nw = (char *) emalloc(strlen(ptr)+1);
data/spin-6.5.2+dfsg/Src/spinlex.c:220:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(prc) > 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:221:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ tmp->prec = (char *) emalloc(strlen(prc)+1);
data/spin-6.5.2+dfsg/Src/spinlex.c:455:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, "enum", strlen("enum")) == 0) /* special case: a two-part typename */
data/spin-6.5.2+dfsg/Src/spinlex.c:456:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ p += strlen("enum")+1;
data/spin-6.5.2+dfsg/Src/spinlex.c:459:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, "unsigned", strlen("unsigned")) == 0) /* possibly a two-part typename */
data/spin-6.5.2+dfsg/Src/spinlex.c:460:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ p += strlen("unsigned")+1;
data/spin-6.5.2+dfsg/Src/spinlex.c:499:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Global ", strlen(" Global ")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:511:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:535:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Local", strlen(" Local")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:541:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = r->t->name + strlen(" Local");
data/spin-6.5.2+dfsg/Src/spinlex.c:545:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = (char *) emalloc(strlen(q)+1);
data/spin-6.5.2+dfsg/Src/spinlex.c:548:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = &s[strlen(s)-1];
data/spin-6.5.2+dfsg/Src/spinlex.c:584:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Global ", strlen(" Global ")) != 0
data/spin-6.5.2+dfsg/Src/spinlex.c:585:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) != 0
data/spin-6.5.2+dfsg/Src/spinlex.c:586:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Local", strlen(" Local")) != 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:600:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Global ", strlen(" Global ")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:604:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Global ", strlen(" Global ")) != 0
data/spin-6.5.2+dfsg/Src/spinlex.c:605:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) != 0
data/spin-6.5.2+dfsg/Src/spinlex.c:606:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Local", strlen(" Local")) != 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:618:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Global ", strlen(" Global ")) != 0
data/spin-6.5.2+dfsg/Src/spinlex.c:619:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) != 0
data/spin-6.5.2+dfsg/Src/spinlex.c:620:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(r->t->name, " Local", strlen(" Local")) != 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:679:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, "\"Hidden\"", strlen("\"Hidden\"")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:680:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ r->s->name[strlen(r->s->name)-1] = ' ';
data/spin-6.5.2+dfsg/Src/spinlex.c:682:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->s->name[strlen(r->s->name)-1] = '"';
data/spin-6.5.2+dfsg/Src/spinlex.c:696:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/spin-6.5.2+dfsg/Src/spinlex.c:698:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strncmp(r->t->name, " Local", strlen(" Local")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:699:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ p = r->t->name + strlen(" Local");
data/spin-6.5.2+dfsg/Src/spinlex.c:715:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ r->s->name[strlen(r->s->name)-1] = ' ';
data/spin-6.5.2+dfsg/Src/spinlex.c:718:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->t->name[strlen(r->t->name)-1] = ' ';
data/spin-6.5.2+dfsg/Src/spinlex.c:721:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(r->t->name, " Global ", strlen(" Global ")) == 0
data/spin-6.5.2+dfsg/Src/spinlex.c:722:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) == 0
data/spin-6.5.2+dfsg/Src/spinlex.c:723:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(r->t->name, " Local", strlen(" Local")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:732:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ r->s->name[strlen(r->s->name)-1] = ' ';
data/spin-6.5.2+dfsg/Src/spinlex.c:735:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->t->name[strlen(r->t->name)-1] = ' ';
data/spin-6.5.2+dfsg/Src/spinlex.c:769:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strncmp(r->t->name, " Global ", strlen(" Global ")) == 0
data/spin-6.5.2+dfsg/Src/spinlex.c:770:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) == 0
data/spin-6.5.2+dfsg/Src/spinlex.c:771:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(r->t->name, " Local", strlen(" Local")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:814:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strncmp(r->t->name, " Global ", strlen(" Global ")) == 0
data/spin-6.5.2+dfsg/Src/spinlex.c:815:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(r->t->name, " Hidden ", strlen(" Hidden ")) == 0
data/spin-6.5.2+dfsg/Src/spinlex.c:816:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(r->t->name, " Local", strlen(" Local")) == 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:1040:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(t, "spin_mutex_free(", strlen("spin_mutex_free(")) != 0)
data/spin-6.5.2+dfsg/Src/spinlex.c:1088:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ tmp->anms[j] = (char *) emalloc(strlen(IArg_cont[j])+1);
data/spin-6.5.2+dfsg/Src/spinlex.c:1193:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name = (char *) emalloc(strlen("c_code")+26);
data/spin-6.5.2+dfsg/Src/spinlex.c:1230:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(Buf1, "");
data/spin-6.5.2+dfsg/Src/spinlex.c:1235:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(Buf1);
data/spin-6.5.2+dfsg/Src/spinlex.c:1318:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(CurScope, "_");
data/spin-6.5.2+dfsg/Src/spinlex.c:1403:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(yyin)) != EOF)
data/spin-6.5.2+dfsg/Src/spinlex.c:1539:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(yytext, "\"");
data/spin-6.5.2+dfsg/Src/spinlex.c:1546:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(yytext, "\"");
data/spin-6.5.2+dfsg/Src/spinlex.c:1818:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yylval->sym->name = (char *) emalloc(strlen(s)+1);
data/spin-6.5.2+dfsg/Src/spinlex.c:1860:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| *(ptr+strlen(s)) == '.')
data/spin-6.5.2+dfsg/Src/spinlex.c:1952:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1952:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1957:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1957:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1962:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1962:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1966:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1966:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1973:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case SEMI: strcpy(yytext, ";"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1979:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case LT: strcpy(yytext, "<"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1981:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case GT: strcpy(yytext, ">"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1983:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case ASGN: strcpy(yytext, "="); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1986:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case RCV: strcpy(yytext, "?"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1988:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case SND: strcpy(yytext, "!"); break;
data/spin-6.5.2+dfsg/Src/spinlex.c:1992:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/spinlex.c:1992:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(IArg_cont[IArgno])+strlen(yytext) < sizeof(IArg_cont));
data/spin-6.5.2+dfsg/Src/structs.c:394:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(buf, ".");
data/spin-6.5.2+dfsg/Src/structs.c:462:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eprefix[strlen(eprefix)-1] = '\0';
data/spin-6.5.2+dfsg/Src/structs.c:468:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(eprefix, ".");
data/spin-6.5.2+dfsg/Src/structs.c:494:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pref, ".");
data/spin-6.5.2+dfsg/Src/sym.c:64:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen((const char *)sp->bscp) > 1)
data/spin-6.5.2+dfsg/Src/sym.c:66:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ m = (char *) emalloc(strlen((const char *)sp->bscp) + 1);
data/spin-6.5.2+dfsg/Src/sym.c:77:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (char *) emalloc(strlen((const char *)sp->name)
data/spin-6.5.2+dfsg/Src/sym.c:78:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen((const char *)sp->bscp) + 1);
data/spin-6.5.2+dfsg/Src/sym.c:103:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp((const char *)sp->bscp, CurScope, strlen((const char *)sp->bscp)) == 0)
data/spin-6.5.2+dfsg/Src/sym.c:124:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->name = (char *) emalloc(strlen(s) + 1);
data/spin-6.5.2+dfsg/Src/sym.c:130:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->bscp = (unsigned char *) emalloc(strlen((const char *)CurScope)+1);
data/spin-6.5.2+dfsg/Src/sym.c:211:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(buf);
data/spin-6.5.2+dfsg/Src/sym.c:400:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lst->nm = (char *) emalloc(strlen(s)+1);
data/spin-6.5.2+dfsg/Src/tl_lex.c:252:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->name = (char *) tl_emalloc((int) strlen(s) + 1);
data/spin-6.5.2+dfsg/Src/tl_main.c:138:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[1]);
data/spin-6.5.2+dfsg/Src/tl_main.c:148:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
claim_name = (char *) emalloc(strlen(argv[1])+1);
data/spin-6.5.2+dfsg/Src/tl_mem.c:91:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy(tmp, v, old_size);
data/spin-6.5.2+dfsg/Src/tl_trans.c:57:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/spin-6.5.2+dfsg/Src/tl_trans.c:64:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&(dumpbuf[dumpbuf_size]), s, len + 1);
ANALYSIS SUMMARY:
Hits = 721
Lines analyzed = 43958 in approximately 1.48 seconds (29673 lines/second)
Physical Source Lines of Code (SLOC) = 39919
Hits@level = [0] 2561 [1] 216 [2] 351 [3] 2 [4] 152 [5] 0
Hits@level+ = [0+] 3282 [1+] 721 [2+] 505 [3+] 154 [4+] 152 [5+] 0
Hits/KSLOC@level+ = [0+] 82.2165 [1+] 18.0616 [2+] 12.6506 [3+] 3.85781 [4+] 3.80771 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.