Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/terminatorx-4.0.1/src/tX_capabilities.cc
Examining data/terminatorx-4.0.1/src/tX_capabilities.h
Examining data/terminatorx-4.0.1/src/tX_ladspa_class.cc
Examining data/terminatorx-4.0.1/src/tX_ladspa_class.h
Examining data/terminatorx-4.0.1/src/tX_ui_support.h
Examining data/terminatorx-4.0.1/src/tX_ui_support.cc
Examining data/terminatorx-4.0.1/src/tX_ui_callbacks.h
Examining data/terminatorx-4.0.1/src/tX_ui_callbacks.cc
Examining data/terminatorx-4.0.1/src/tX_ui_interface.h
Examining data/terminatorx-4.0.1/src/tX_ui_interface.cc
Examining data/terminatorx-4.0.1/src/tX_midiin.cc
Examining data/terminatorx-4.0.1/src/tX_midiin.h
Examining data/terminatorx-4.0.1/src/tX_legacy_global.c
Examining data/terminatorx-4.0.1/src/tX_legacy_vtt.cc
Examining data/terminatorx-4.0.1/src/tX_vttfx.cc
Examining data/terminatorx-4.0.1/src/tX_vttfx.h
Examining data/terminatorx-4.0.1/src/tX_ladspa.cc
Examining data/terminatorx-4.0.1/src/tX_ladspa.h
Examining data/terminatorx-4.0.1/src/tX_panel.cc
Examining data/terminatorx-4.0.1/src/tX_panel.h
Examining data/terminatorx-4.0.1/src/tX_extdial.cc
Examining data/terminatorx-4.0.1/src/tX_extdial.h
Examining data/terminatorx-4.0.1/src/tX_dial.h
Examining data/terminatorx-4.0.1/src/tX_dial.c
Examining data/terminatorx-4.0.1/src/tX_knobloader.c
Examining data/terminatorx-4.0.1/src/tX_knobloader.h
Examining data/terminatorx-4.0.1/src/tX_sequencer.cc
Examining data/terminatorx-4.0.1/src/tX_sequencer.h
Examining data/terminatorx-4.0.1/src/tX_event.cc
Examining data/terminatorx-4.0.1/src/tX_event.h
Examining data/terminatorx-4.0.1/src/tX_pbutton.h
Examining data/terminatorx-4.0.1/src/tX_pbutton.cc
Examining data/terminatorx-4.0.1/src/tX_seqpar.cc
Examining data/terminatorx-4.0.1/src/tX_seqpar.h
Examining data/terminatorx-4.0.1/src/tX_prelis.h
Examining data/terminatorx-4.0.1/src/tX_prelis.cc
Examining data/terminatorx-4.0.1/src/tX_loaddlg.h
Examining data/terminatorx-4.0.1/src/tX_loaddlg.cc
Examining data/terminatorx-4.0.1/src/tX_audiofile.h
Examining data/terminatorx-4.0.1/src/tX_audiofile.cc
Examining data/terminatorx-4.0.1/src/tX_audiodevice.h
Examining data/terminatorx-4.0.1/src/tX_audiodevice.cc
Examining data/terminatorx-4.0.1/src/tX_vttgui.cc
Examining data/terminatorx-4.0.1/src/tX_vttgui.h
Examining data/terminatorx-4.0.1/src/tX_vtt.h
Examining data/terminatorx-4.0.1/src/tX_vtt.cc
Examining data/terminatorx-4.0.1/src/wav_file.h
Examining data/terminatorx-4.0.1/src/tX_widget.h
Examining data/terminatorx-4.0.1/src/tX_mastergui.h
Examining data/terminatorx-4.0.1/src/tX_dialog.h
Examining data/terminatorx-4.0.1/src/tX_tape.cc
Examining data/terminatorx-4.0.1/src/tX_tape.h
Examining data/terminatorx-4.0.1/src/version.h
Examining data/terminatorx-4.0.1/src/tX_global.h
Examining data/terminatorx-4.0.1/src/tX_flash.h
Examining data/terminatorx-4.0.1/src/tX_flash.c
Examining data/terminatorx-4.0.1/src/tX_types.h
Examining data/terminatorx-4.0.1/src/tX_engine.h
Examining data/terminatorx-4.0.1/src/tX_endian.h
Examining data/terminatorx-4.0.1/src/wav_read.c
Examining data/terminatorx-4.0.1/src/tX_global.c
Examining data/terminatorx-4.0.1/src/main.cc
Examining data/terminatorx-4.0.1/src/tX_mouse.h
Examining data/terminatorx-4.0.1/src/tX_mouse.cc
Examining data/terminatorx-4.0.1/src/tX_logo.c
Examining data/terminatorx-4.0.1/src/tX_engine.cc
Examining data/terminatorx-4.0.1/src/wav_write.c
Examining data/terminatorx-4.0.1/src/tX_widget.c
Examining data/terminatorx-4.0.1/src/tX_endian.c
Examining data/terminatorx-4.0.1/src/tX_dialog.cc
Examining data/terminatorx-4.0.1/src/tX_mastergui.cc
FINAL RESULTS:
data/terminatorx-4.0.1/src/main.cc:142:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.oss_device,argv[i]+9);
data/terminatorx-4.0.1/src/main.cc:294:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, 4096, errorFmt, mouse_error->message);
data/terminatorx-4.0.1/src/tX_audiofile.cc:98:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, p_file_name);
data/terminatorx-4.0.1/src/tX_audiofile.cc:227:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(command, SOX_STR, filename);
data/terminatorx-4.0.1/src/tX_audiofile.cc:228:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
file = popen(command, "r");
data/terminatorx-4.0.1/src/tX_audiofile.cc:243:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(command, MPG123_STR, filename);
data/terminatorx-4.0.1/src/tX_audiofile.cc:244:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
file = popen(command, "r");
data/terminatorx-4.0.1/src/tX_audiofile.cc:258:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(command, OGG123_STR, filename);
data/terminatorx-4.0.1/src/tX_audiofile.cc:259:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
file = popen(command, "r");
data/terminatorx-4.0.1/src/tX_dialog.cc:78:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.oss_device, oss_device);
data/terminatorx-4.0.1/src/tX_dialog.cc:87:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.alsa_device_id, alsa_device);
data/terminatorx-4.0.1/src/tX_dialog.cc:134:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.wav_display_bg_focus, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "wav_display_bg_focus")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:135:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.wav_display_bg_no_focus, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "wav_display_bg_no_focus")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:136:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.wav_display_fg_focus, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "wav_display_fg_focus")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:137:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.wav_display_fg_no_focus, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "wav_display_fg_no_focus")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:138:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.wav_display_cursor, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "wav_display_cursor")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:139:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.wav_display_cursor_mute, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "wav_display_cursor_mute")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:142:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.vu_meter_bg, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "vu_meter_bg")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:143:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.vu_meter_loud, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "vu_meter_loud")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:144:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.vu_meter_normal, (char *) g_object_get_data(G_OBJECT(lookup_widget(dialog, "vu_meter_normal")), "Color"));
data/terminatorx-4.0.1/src/tX_dialog.cc:149:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.file_editor, gtk_entry_get_text(GTK_ENTRY(lookup_widget(dialog, "soundfile_editor"))));
data/terminatorx-4.0.1/src/tX_dialog.cc:150:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.lrdf_path, gtk_entry_get_text(GTK_ENTRY(lookup_widget(dialog, "ladspa_rdf_path"))));
data/terminatorx-4.0.1/src/tX_dialog.cc:232:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "hw:%i,%i# %s", card, device, foo);
data/terminatorx-4.0.1/src/tX_dialog.cc:265:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "/dev/%s", namelist[i]->d_name);
data/terminatorx-4.0.1/src/tX_dialog.cc:303:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "<span foreground=\"%s\"><b>%s</b></span>", s, s);\
data/terminatorx-4.0.1/src/tX_dialog.cc:305:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colors[ctr], s);\
data/terminatorx-4.0.1/src/tX_dialog.cc:668:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Audio engine scheduling policy: %s.\nScheduling with realtime priority is %s.", prio_str, s_enabled ? "enabled" : "disabled");
data/terminatorx-4.0.1/src/tX_extdial.cc:29:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ed->sval, gtk_entry_get_text(GTK_ENTRY(ed->entry)));
data/terminatorx-4.0.1/src/tX_global.h:54:68: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define tX_debug(fmt, args...); { fprintf(stderr, "~ tX_debug: "); fprintf(stderr, fmt , ## args); fprintf(stderr, "\n"); }
data/terminatorx-4.0.1/src/tX_global.h:59:68: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define tX_error(fmt, args...); { fprintf(stderr, "* tX_error: "); fprintf(stderr, fmt , ## args); fprintf(stderr, "\n"); }
data/terminatorx-4.0.1/src/tX_global.h:60:72: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define tX_warning(fmt, args...); { fprintf(stderr, "+ tX_warning: "); fprintf(stderr, fmt , ## args); fprintf(stderr, "\n"); }
data/terminatorx-4.0.1/src/tX_global.h:61:64: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define tX_msg(fmt, args...); { fprintf(stderr, "- tX_msg: "); fprintf(stderr, fmt , ## args); fprintf(stderr, "\n"); }
data/terminatorx-4.0.1/src/tX_global.h:62:117: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define tX_plugin_warning(fmt, args...); { if (globals.verbose_plugin_loading) { fprintf(stderr, "+ tX_warning: "); fprintf(stderr, fmt , ## args); fprintf(stderr, "\n"); }}
data/terminatorx-4.0.1/src/tX_global.h:204:175: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define restore_string(s, i); if ((!elementFound) && (!xmlStrcmp(cur->name, (const xmlChar *) s))) { elementFound=1; if (xmlNodeListGetString(doc, cur->xmlChildrenNode, 1)) {strcpy(i, decode_xml(tmp_xml_buffer, (const char *) xmlNodeListGetString(doc, cur->xmlChildrenNode, 1))); }}
data/terminatorx-4.0.1/src/tX_global.h:210:184: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define restore_string_ac(s, i, init); if ((!elementFound) && (!xmlStrcmp(cur->name, (const xmlChar *) s))) { elementFound=1; if (xmlNodeListGetString(doc, cur->xmlChildrenNode, 1)) {strcpy(i, decode_xml(tmp_xml_buffer, (const char *) xmlNodeListGetString(doc, cur->xmlChildrenNode, 1))); init; }}
data/terminatorx-4.0.1/src/tX_global.h:219:87: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define tX_store(fmt, args...); { _store_compress_xml ? gzprintf(rz, fmt , ## args) : fprintf(rc, fmt , ## args); }
data/terminatorx-4.0.1/src/tX_ladspa.cc:137:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, dirname);
data/terminatorx-4.0.1/src/tX_ladspa.cc:139:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, entry->d_name);
data/terminatorx-4.0.1/src/tX_ladspa.cc:181:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, filename);
data/terminatorx-4.0.1/src/tX_ladspa.cc:182:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_string, "LADSPA-Plugin: %s\nLabel: %s\nFile: %s\nUnique ID: %li\nMaker: %s\nCopyright: %s", ld->Name, ld->Label, file, ld->UniqueID, ld->Maker, ld->Copyright);
data/terminatorx-4.0.1/src/tX_ladspa.cc:217:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, filename);
data/terminatorx-4.0.1/src/tX_ladspa.cc:218:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info_string, "LADSPA-Stereo-Plugin: %s\nLabel: %s\nFile: %s\nUnique ID: %li\nMaker: %s\nCopyright: %s", ld->Name, ld->Label, file, ld->UniqueID, ld->Maker, ld->Copyright);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:141:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, dirname);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:143:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, entry->d_name);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s - (%s, %li)", p->getName(), p->getLabel(), p->getUniqueID());
data/terminatorx-4.0.1/src/tX_legacy_global.c:36:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, getenv("HOME"));
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:639:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, newvtt->filename);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:693:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, newvtt->filename);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:748:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, newvtt->filename);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:802:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, newvtt->filename);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:856:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftmp, newvtt->filename);
data/terminatorx-4.0.1/src/tX_loaddlg.cc:129:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Loading tX-set [%s]", setname);
data/terminatorx-4.0.1/src/tX_loaddlg.cc:144:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Loading file No. %i of %i [%s]", ld_current, ld_count, filename);
data/terminatorx-4.0.1/src/tX_loaddlg.cc:146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Loading file [%s]", filename);
data/terminatorx-4.0.1/src/tX_mastergui.cc:234:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buffer, TX_MEMTAG" %i kB", &mem);
data/terminatorx-4.0.1/src/tX_mastergui.cc:340:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "Failed to acesss file: \"%s\"", globals.tables_filename);
data/terminatorx-4.0.1/src/tX_mastergui.cc:349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "Failed to acesss file: \"%s\"", globals.tables_filename);
data/terminatorx-4.0.1/src/tX_mastergui.cc:357:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tx_mg_current_setname, buffer);
data/terminatorx-4.0.1/src/tX_mastergui.cc:364:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wbuf,"terminatorX - %s", strip_path(buffer));
data/terminatorx-4.0.1/src/tX_mastergui.cc:520:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tx_mg_current_setname, buffer);
data/terminatorx-4.0.1/src/tX_mastergui.cc:521:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.tables_filename, buffer);
data/terminatorx-4.0.1/src/tX_mastergui.cc:537:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wbuf,"terminatorX - %s", strip_path(buffer));
data/terminatorx-4.0.1/src/tX_mastergui.cc:558:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, filename);
data/terminatorx-4.0.1/src/tX_mastergui.cc:651:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message,"Error starting engine: couldn't start audio driver.\nThis terminatorX binary was compiled without support for %s.\nPlease check the audio device settings in the \"Preferences\" dialog.", audio_backend);
data/terminatorx-4.0.1/src/tX_mastergui.cc:710:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(rec_dialog)));
data/terminatorx-4.0.1/src/tX_mastergui.cc:713:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.record_filename, buffer);
data/terminatorx-4.0.1/src/tX_mastergui.cc:983:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label_str, "Delete <b>all</b> events for turntable <b>%s</b>.", vtt->name);
data/terminatorx-4.0.1/src/tX_mastergui.cc:1006:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label_str, "Delete all <b>%s</b> events for turntable '%s'.", sp->get_name(), sp->get_vtt_name());
data/terminatorx-4.0.1/src/tX_mastergui.cc:1043:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "Delete '%s' Events", (*sp)->get_name());
data/terminatorx-4.0.1/src/tX_mastergui.cc:1618:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, message);
data/terminatorx-4.0.1/src/tX_mastergui.cc:1756:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("gnome-help","gnome-help","help:terminatorX-manual", NULL);
data/terminatorx-4.0.1/src/tX_mastergui.cc:1778:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(BROWSER1, BROWSER1, "http://terminatorX.org", NULL);
data/terminatorx-4.0.1/src/tX_mastergui.cc:1779:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(BROWSER2, BROWSER2, "http://terminatorX.org", NULL);
data/terminatorx-4.0.1/src/tX_mastergui.cc:1780:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(BROWSER3, BROWSER3, "http://terminatorX.org", NULL);
data/terminatorx-4.0.1/src/tX_midiin.cc:417:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Learning MIDI mapping for <b>%s</b>\nfor turntable <b>%s</b>.\n\nWaiting for MIDI event...", sp->get_name(), sp->get_vtt_name());
data/terminatorx-4.0.1/src/tX_panel.cc:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "<b>%s</b>", gtk_label_get_text(GTK_LABEL(widget)));
data/terminatorx-4.0.1/src/tX_prelis.cc:106:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev, globals.oss_device);
data/terminatorx-4.0.1/src/tX_prelis.cc:107:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ogg123_dev, dev);
data/terminatorx-4.0.1/src/tX_prelis.cc:108:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nm, name);
data/terminatorx-4.0.1/src/tX_prelis.cc:111:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("ogg123", "ogg123", "-q", "-d", "oss", "-o", ogg123_dev, nm, NULL);
data/terminatorx-4.0.1/src/tX_prelis.cc:116:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("mpg123", "mpg123", "-q", "-o","oss","-a", dev, nm, NULL);
data/terminatorx-4.0.1/src/tX_prelis.cc:120:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("play", "play", "-q", nm, NULL);
data/terminatorx-4.0.1/src/tX_seqpar.cc:330:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "id=\"%i\" midiType=\"%s\" midiChannel=\"%i\" midiNumber=\"%i\" midiReverse=\"%s\"", persistence_id, type, bound_midi_event.channel, bound_midi_event.number, (reverse_midi ? "true" : "false"));
data/terminatorx-4.0.1/src/tX_seqpar.cc:337:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, buffer2);
data/terminatorx-4.0.1/src/tX_seqpar.cc:342:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, buffer2);
data/terminatorx-4.0.1/src/tX_seqpar.cc:934:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, n);
data/terminatorx-4.0.1/src/tX_seqpar.cc:935:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(label_name, sn);
data/terminatorx-4.0.1/src/tX_tape.cc:37:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file.name, name);
data/terminatorx-4.0.1/src/tX_ui_callbacks.cc:166:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "<span foreground=\"%s\"><b>%s</b></span>", col, col);
data/terminatorx-4.0.1/src/tX_vtt.cc:238:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, newname);
data/terminatorx-4.0.1/src/tX_vtt.cc:268:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, fname);
data/terminatorx-4.0.1/src/tX_vtt.cc:1559:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn_buff, vtt->filename);
data/terminatorx-4.0.1/src/tX_vttfx.cc:108:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp, token);
data/terminatorx-4.0.1/src/tX_vttfx.cc:122:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(target, temp);
data/terminatorx-4.0.1/src/tX_vttfx.cc:123:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp,token);
data/terminatorx-4.0.1/src/tX_vttfx.cc:132:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(target, temp);
data/terminatorx-4.0.1/src/tX_vttfx.cc:135:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, target);
data/terminatorx-4.0.1/src/tX_vttfx.cc:159:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s: Enable", plugin->getName());
data/terminatorx-4.0.1/src/tX_vttfx.cc:202:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s: %s", plugin->getLabel(), cpn);
data/terminatorx-4.0.1/src/tX_vttfx.cc:203:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer2, cpn);
data/terminatorx-4.0.1/src/tX_vttfx.cc:360:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s: Dry/Wet", plugin->getLabel());
data/terminatorx-4.0.1/src/tX_vttgui.cc:68:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (temp, fn);
data/terminatorx-4.0.1/src/tX_vttgui.cc:79:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dest, temp);
data/terminatorx-4.0.1/src/tX_vttgui.cc:228:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name_buf, "Select Audio File for %s", vtt->name);
data/terminatorx-4.0.1/src/tX_vttgui.cc:240:39: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
gtk_file_filter_add_pattern(filter, strcat(buffer, extensions[i]));
data/terminatorx-4.0.1/src/tX_vttgui.cc:268:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globals.current_path, filename);
data/terminatorx-4.0.1/src/tX_vttgui.cc:293:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s \"%s\" &", globals.file_editor, vtt->filename);
data/terminatorx-4.0.1/src/tX_vttgui.cc:294:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command) < 0) {
data/terminatorx-4.0.1/src/tX_vttgui.cc:309:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reload_buffer, vtt->filename);
data/terminatorx-4.0.1/src/tX_vttgui.cc:673:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bold_name, newname);
data/terminatorx-4.0.1/src/tX_vttgui.cc:1320:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, plugin->getLabel());
data/terminatorx-4.0.1/src/wav_read.c:143:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->name,file_name);
data/terminatorx-4.0.1/src/main.cc:160:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value=getenv(name);
data/terminatorx-4.0.1/src/tX_global.c:52:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HOME")) {
data/terminatorx-4.0.1/src/tX_global.c:53:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(buffer, getenv("HOME"), length-16);
data/terminatorx-4.0.1/src/tX_ladspa.cc:44:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ladspa_path_ptr=getenv("LADSPA_PATH");
data/terminatorx-4.0.1/src/tX_legacy_global.c:34:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HOME"))
data/terminatorx-4.0.1/src/tX_legacy_global.c:36:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(buffer, getenv("HOME"));
data/terminatorx-4.0.1/src/main.cc:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/terminatorx-4.0.1/src/tX_audiodevice.cc:90:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&target_buffer[buffer_pos], data, vtt_buffer_size << 1);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:92:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&target_buffer[buffer_pos], data, (vtt_buffer_size-rest) << 1);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:93:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next_target_buffer, &data[vtt_buffer_size-rest], rest << 1);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:107:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int tX_audiodevice_oss :: open()
data/terminatorx-4.0.1/src/tX_audiodevice.cc:114:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=::open(globals.oss_device, O_WRONLY, 0);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:196:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int tX_audiodevice_alsa :: open()
data/terminatorx-4.0.1/src/tX_audiodevice.cc:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcm_name[64];
data/terminatorx-4.0.1/src/tX_audiodevice.cc:514:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuffer, overrun_buffer, sizeof(int16_t) * samples_in_overrun_buffer);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:523:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&outbuffer[outbuffer_pos], data, sizeof(int16_t) * sample);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:529:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overrun_buffer, &data[sample], sizeof(int16_t) * samples_in_overrun_buffer);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:557:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int tX_audiodevice_pulse::open() {
data/terminatorx-4.0.1/src/tX_audiodevice.cc:695:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int tX_audiodevice_jack::open()
data/terminatorx-4.0.1/src/tX_audiodevice.cc:764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overrun_buffer, &vtt_class::mix_buffer[sample], sizeof(f_prec) * samples_in_overrun_buffer);
data/terminatorx-4.0.1/src/tX_audiodevice.h:67:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open()=0;
data/terminatorx-4.0.1/src/tX_audiodevice.h:87:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/terminatorx-4.0.1/src/tX_audiodevice.h:105:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/terminatorx-4.0.1/src/tX_audiodevice.h:126:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/terminatorx-4.0.1/src/tX_audiodevice.h:176:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/terminatorx-4.0.1/src/tX_audiofile.cc:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[SOX_BLOCKSIZE];
data/terminatorx-4.0.1/src/tX_audiofile.cc:198:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &ptr[prev_bytes],(void *) buffer, bytes);
data/terminatorx-4.0.1/src/tX_audiofile.cc:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[PATH_MAX*2];
data/terminatorx-4.0.1/src/tX_audiofile.cc:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[PATH_MAX*2];
data/terminatorx-4.0.1/src/tX_audiofile.cc:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[PATH_MAX*2];
data/terminatorx-4.0.1/src/tX_audiofile.cc:358:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(filename, O_RDONLY);
data/terminatorx-4.0.1/src/tX_audiofile.cc:585:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcmout[VORBIS_BUFF_SIZE];
data/terminatorx-4.0.1/src/tX_audiofile.cc:597:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file=fopen(filename, "r");
data/terminatorx-4.0.1/src/tX_audiofile.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/terminatorx-4.0.1/src/tX_dialog.cc:82:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globals.oss_samplerate=atoi(gtk_combo_box_text_get_active_text(GTK_COMBO_BOX_TEXT(lookup_widget(dialog, "oss_samplerate"))));
data/terminatorx-4.0.1/src/tX_dialog.cc:93:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globals.alsa_samplerate=atoi(gtk_combo_box_text_get_active_text(GTK_COMBO_BOX_TEXT(lookup_widget(dialog, "alsa_samplerate"))));
data/terminatorx-4.0.1/src/tX_dialog.cc:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX+1];
data/terminatorx-4.0.1/src/tX_dialog.cc:220:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen("/proc/asound/pcm", "r"))) {
data/terminatorx-4.0.1/src/tX_dialog.cc:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[PATH_MAX];
data/terminatorx-4.0.1/src/tX_dialog.cc:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_dialog.cc:264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/terminatorx-4.0.1/src/tX_dialog.cc:300:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *colors[MAX_COLORS]={ NULL };
data/terminatorx-4.0.1/src/tX_dialog.cc:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/terminatorx-4.0.1/src/tX_dialog.cc:641:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/terminatorx-4.0.1/src/tX_dialog.cc:647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio_str[32]="";
data/terminatorx-4.0.1/src/tX_dialog.cc:652:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prio_str, "SCHED_OTHER");
data/terminatorx-4.0.1/src/tX_dialog.cc:656:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prio_str, "SCHED_RR");
data/terminatorx-4.0.1/src/tX_dialog.cc:660:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prio_str, "SCHED_FIFO");
data/terminatorx-4.0.1/src/tX_dialog.cc:665:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prio_str, "UNKNOWN (%i)", policy);
data/terminatorx-4.0.1/src/tX_engine.cc:233:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (device->open()) {
data/terminatorx-4.0.1/src/tX_extdial.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[30];
data/terminatorx-4.0.1/src/tX_extdial.h:45:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
void f2s() { sprintf(sval, "%3f", fval); sval[4]=0; /* printf("f2s(): s:%s, f%f\n", sval, fval); */ };
data/terminatorx-4.0.1/src/tX_global.c:57:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, ".terminatorXrc");
data/terminatorx-4.0.1/src/tX_global.c:73:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.oss_device, "/dev/dsp");
data/terminatorx-4.0.1/src/tX_global.c:78:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.alsa_device_id, "hw:0,0");
data/terminatorx-4.0.1/src/tX_global.c:115:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.record_filename, "tX_record.wav");
data/terminatorx-4.0.1/src/tX_global.c:131:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.lrdf_path, "/usr/share/ladspa/rdf:/usr/local/share/ladspa/rdf");
data/terminatorx-4.0.1/src/tX_global.c:144:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.wav_display_bg_focus, "#00004C");
data/terminatorx-4.0.1/src/tX_global.c:145:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.wav_display_bg_no_focus, "#000000");
data/terminatorx-4.0.1/src/tX_global.c:147:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.wav_display_fg_focus, "#FFFF00");
data/terminatorx-4.0.1/src/tX_global.c:148:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.wav_display_fg_no_focus, "#00FF00");
data/terminatorx-4.0.1/src/tX_global.c:150:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.wav_display_cursor, "#FF6666");
data/terminatorx-4.0.1/src/tX_global.c:151:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.wav_display_cursor_mute, "#FFFFFF");
data/terminatorx-4.0.1/src/tX_global.c:153:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.vu_meter_bg, "#000000");
data/terminatorx-4.0.1/src/tX_global.c:154:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.vu_meter_loud, "#FF0000");
data/terminatorx-4.0.1/src/tX_global.c:155:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(globals.vu_meter_normal, "#00FF00");
data/terminatorx-4.0.1/src/tX_global.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_name[PATH_MAX]="";
data/terminatorx-4.0.1/src/tX_global.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_type[16]="oss";
data/terminatorx-4.0.1/src/tX_global.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_xml_buffer[4096];
data/terminatorx-4.0.1/src/tX_global.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_name[PATH_MAX+256]="";
data/terminatorx-4.0.1/src/tX_global.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_type[16];
data/terminatorx-4.0.1/src/tX_global.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[32]="\t";
data/terminatorx-4.0.1/src/tX_global.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_xml_buffer[4096];
data/terminatorx-4.0.1/src/tX_global.c:306:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rc=fopen(rc_name, "w");
data/terminatorx-4.0.1/src/tX_global.c:310:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(device_type, "pulse");
data/terminatorx-4.0.1/src/tX_global.c:313:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(device_type, "jack");
data/terminatorx-4.0.1/src/tX_global.c:316:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(device_type, "alsa");
data/terminatorx-4.0.1/src/tX_global.c:320:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(device_type, "oss");
data/terminatorx-4.0.1/src/tX_global.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4096];
data/terminatorx-4.0.1/src/tX_global.c:435:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case '<': tmp[t]=0; strcat(tmp, "<"); t+=4; break;
data/terminatorx-4.0.1/src/tX_global.c:436:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case '>': tmp[t]=0; strcat(tmp, ">"); t+=4; break;
data/terminatorx-4.0.1/src/tX_global.c:437:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case '&': tmp[t]=0; strcat(tmp, "&"); t+=5; break;
data/terminatorx-4.0.1/src/tX_global.c:438:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case '"': tmp[t]=0; strcat(tmp, """); t+=6; break;
data/terminatorx-4.0.1/src/tX_global.c:439:15: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case '\'': strcat(tmp, "'"); t+=7; break;
data/terminatorx-4.0.1/src/tX_global.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xinput_device[256];
data/terminatorx-4.0.1/src/tX_global.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_fn[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tables_filename[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record_filename[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_editor[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_path[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oss_device[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alsa_device_id[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lrdf_path[PATH_MAX];
data/terminatorx-4.0.1/src/tX_global.h:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wav_display_bg_focus[8];
data/terminatorx-4.0.1/src/tX_global.h:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wav_display_bg_no_focus[8];
data/terminatorx-4.0.1/src/tX_global.h:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wav_display_fg_focus[8];
data/terminatorx-4.0.1/src/tX_global.h:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wav_display_fg_no_focus[8];
data/terminatorx-4.0.1/src/tX_global.h:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wav_display_cursor[8];
data/terminatorx-4.0.1/src/tX_global.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wav_display_cursor_mute[8];
data/terminatorx-4.0.1/src/tX_global.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vu_meter_bg[8];
data/terminatorx-4.0.1/src/tX_global.h:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vu_meter_loud[8];
data/terminatorx-4.0.1/src/tX_global.h:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vu_meter_normal[8];
data/terminatorx-4.0.1/src/tX_knobloader.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource_path[256];
data/terminatorx-4.0.1/src/tX_ladspa.cc:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ladspa_path[PATH_MAX];
data/terminatorx-4.0.1/src/tX_ladspa.cc:48:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ladspa_path, "/usr/lib/ladspa:/usr/local/lib/ladspa");
data/terminatorx-4.0.1/src/tX_ladspa.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_string[4096];
data/terminatorx-4.0.1/src/tX_ladspa.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[1024];
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *uris[rdf_files.size()+1];
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:140:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "file:");
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256]="";
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:373:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/terminatorx-4.0.1/src/tX_legacy_global.c:41:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, ".terminatorX3rc.bin");
data/terminatorx-4.0.1/src/tX_legacy_global.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_name[PATH_MAX+256]="";
data/terminatorx-4.0.1/src/tX_legacy_global.c:49:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rc=fopen(rc_name, "r");
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:247:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Couldn't find required plugin with ID [%li].", id);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:404:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Couldn't find required plugin with ID [%li].", id);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:564:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Couldn't find required plugin with ID [%li].", id);
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftmp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftmp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftmp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftmp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftmp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_loaddlg.cc:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/terminatorx-4.0.1/src/tX_loaddlg.cc:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/terminatorx-4.0.1/src/tX_mastergui.cc:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/terminatorx-4.0.1/src/tX_mastergui.cc:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/terminatorx-4.0.1/src/tX_mastergui.cc:228:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "/proc/%i/status", mypid);
data/terminatorx-4.0.1/src/tX_mastergui.cc:229:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procfs=fopen(filename, "r");
data/terminatorx-4.0.1/src/tX_mastergui.cc:235:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.1lf M", ((double) mem)/1024.0);
data/terminatorx-4.0.1/src/tX_mastergui.cc:270:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_mg_current_setname[PATH_MAX]="";
data/terminatorx-4.0.1/src/tX_mastergui.cc:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[PATH_MAX];
data/terminatorx-4.0.1/src/tX_mastergui.cc:316:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in=fopen(buffer, "r");
data/terminatorx-4.0.1/src/tX_mastergui.cc:319:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuff[256];
data/terminatorx-4.0.1/src/tX_mastergui.cc:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[PATH_MAX+256];
data/terminatorx-4.0.1/src/tX_mastergui.cc:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[PATH_MAX+256];
data/terminatorx-4.0.1/src/tX_mastergui.cc:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/terminatorx-4.0.1/src/tX_mastergui.cc:499:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (filename, "dont segfault workaround ;)");
data/terminatorx-4.0.1/src/tX_mastergui.cc:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[PATH_MAX];
data/terminatorx-4.0.1/src/tX_mastergui.cc:514:27: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (strcmp(ext, ".tX")) strcat(buffer, ".tX");
data/terminatorx-4.0.1/src/tX_mastergui.cc:516:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, ".tX");
data/terminatorx-4.0.1/src/tX_mastergui.cc:529:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out=fopen(buffer, "w");
data/terminatorx-4.0.1/src/tX_mastergui.cc:556:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/terminatorx-4.0.1/src/tX_mastergui.cc:631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_backend[256];
data/terminatorx-4.0.1/src/tX_mastergui.cc:632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[4096];
data/terminatorx-4.0.1/src/tX_mastergui.cc:636:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(audio_backend, "the Open Sound System (OSS)");
data/terminatorx-4.0.1/src/tX_mastergui.cc:639:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(audio_backend, "the Advanced Linux Sound Architecture (ALSA)");
data/terminatorx-4.0.1/src/tX_mastergui.cc:642:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(audio_backend, "the JACK Audio Connection Kit");
data/terminatorx-4.0.1/src/tX_mastergui.cc:645:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(audio_backend, "PulseAudio");
data/terminatorx-4.0.1/src/tX_mastergui.cc:648:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(audio_backend, "unkown");
data/terminatorx-4.0.1/src/tX_mastergui.cc:708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/terminatorx-4.0.1/src/tX_mastergui.cc:880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/terminatorx-4.0.1/src/tX_mastergui.cc:900:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%02i:%02i.%02i", minu, sec, hun);
data/terminatorx-4.0.1/src/tX_mastergui.cc:973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_str[512];
data/terminatorx-4.0.1/src/tX_mastergui.cc:997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_str[512];
data/terminatorx-4.0.1/src/tX_mastergui.cc:1018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[328];
data/terminatorx-4.0.1/src/tX_mastergui.cc:1617:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096]="Plugin info:\n\n";
data/terminatorx-4.0.1/src/tX_midiin.cc:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[128];
data/terminatorx-4.0.1/src/tX_midiin.cc:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[128];
data/terminatorx-4.0.1/src/tX_midiin.cc:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[128];
data/terminatorx-4.0.1/src/tX_midiin.cc:403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/terminatorx-4.0.1/src/tX_midiin.h:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[128];
data/terminatorx-4.0.1/src/tX_panel.cc:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[128];
data/terminatorx-4.0.1/src/tX_pbutton.cc:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_icons[ALL_ICONS][256];
data/terminatorx-4.0.1/src/tX_prelis.cc:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[PATH_MAX];
data/terminatorx-4.0.1/src/tX_prelis.cc:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ogg123_dev[PATH_MAX]="dev:";
data/terminatorx-4.0.1/src/tX_prelis.cc:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[PATH_MAX];
data/terminatorx-4.0.1/src/tX_seqpar.cc:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/terminatorx-4.0.1/src/tX_seqpar.cc:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[256];
data/terminatorx-4.0.1/src/tX_seqpar.cc:332:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "id=\"%i\"", persistence_id);
data/terminatorx-4.0.1/src/tX_seqpar.cc:336:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer2, " midiUpperBound=\"%lf\"", midi_upper_bound);
data/terminatorx-4.0.1/src/tX_seqpar.cc:341:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer2, " midiLowerBound=\"%lf\"", midi_lower_bound);
data/terminatorx-4.0.1/src/tX_seqpar.h:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_name[2048];
data/terminatorx-4.0.1/src/tX_seqpar.h:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[2048];
data/terminatorx-4.0.1/src/tX_ui_callbacks.cc:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/terminatorx-4.0.1/src/tX_ui_callbacks.cc:165:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(col, "#%02X%02X%02X", (int) (p.red * 255.0), (int) (p.green * 255.0), (int) (p.blue * 255.0));
data/terminatorx-4.0.1/src/tX_vtt.cc:96:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name, "Turntable %i", vtt_amount);
data/terminatorx-4.0.1/src/tX_vtt.cc:97:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "NONE");
data/terminatorx-4.0.1/src/tX_vtt.cc:520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) output_buffer2, (void *) output_buffer, sizeof(float)*((int)samples_in_outputbuffer));
data/terminatorx-4.0.1/src/tX_vtt.cc:1210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_xml_buffer[4096];
data/terminatorx-4.0.1/src/tX_vtt.cc:1300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[256];
data/terminatorx-4.0.1/src/tX_vtt.cc:1324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/terminatorx-4.0.1/src/tX_vtt.cc:1331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_xml_buffer[4096];
data/terminatorx-4.0.1/src/tX_vtt.cc:1418:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Trying to load mono plugin into stereo queue [%i].", ladspa_id);
data/terminatorx-4.0.1/src/tX_vtt.cc:1424:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"Trying to load stereo plugin into mono queue [%i].", ladspa_id);
data/terminatorx-4.0.1/src/tX_vtt.cc:1431:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"The terminatorX set file you are loading makes use of a LADSPA plugin that is not installed on this machine. The plugin's ID is [%i].", ladspa_id);
data/terminatorx-4.0.1/src/tX_vtt.cc:1502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn_buff[4096];
data/terminatorx-4.0.1/src/tX_vtt.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // Turntable's name
data/terminatorx-4.0.1/src/tX_vtt.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX]; // The corresponding audiofile
data/terminatorx-4.0.1/src/tX_vttfx.cc:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]="";
data/terminatorx-4.0.1/src/tX_vttfx.cc:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[2048]="";
data/terminatorx-4.0.1/src/tX_vttfx.cc:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/terminatorx-4.0.1/src/tX_vttfx.cc:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[2048];
data/terminatorx-4.0.1/src/tX_vttfx.cc:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/terminatorx-4.0.1/src/tX_vttgui.cc:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[PATH_MAX];
data/terminatorx-4.0.1/src/tX_vttgui.cc:116:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char global_filename_buffer[PATH_MAX];
data/terminatorx-4.0.1/src/tX_vttgui.cc:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/terminatorx-4.0.1/src/tX_vttgui.cc:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[512];
data/terminatorx-4.0.1/src/tX_vttgui.cc:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32]="*.";
data/terminatorx-4.0.1/src/tX_vttgui.cc:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[2*PATH_MAX];
data/terminatorx-4.0.1/src/tX_vttgui.cc:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reload_buffer[PATH_MAX];
data/terminatorx-4.0.1/src/tX_vttgui.cc:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bold_name[128];
data/terminatorx-4.0.1/src/tX_vttgui.cc:672:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bold_name, "<b>");
data/terminatorx-4.0.1/src/tX_vttgui.cc:674:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bold_name, "</b>");
data/terminatorx-4.0.1/src/tX_vttgui.cc:679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tooltip[2048];
data/terminatorx-4.0.1/src/tX_vttgui.cc:807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nice_name[256];
data/terminatorx-4.0.1/src/tX_vttgui.cc:1313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/terminatorx-4.0.1/src/tX_vttgui.cc:1357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tooltip[2048];
data/terminatorx-4.0.1/src/tX_vttgui.cc:1376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tooltip[2048];
data/terminatorx-4.0.1/src/wav_file.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/terminatorx-4.0.1/src/wav_file.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[43];
data/terminatorx-4.0.1/src/wav_read.c:82:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(file_name, "r");
data/terminatorx-4.0.1/src/wav_write.c:36:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info->head, "RIFF WAVEfmt data ");
data/terminatorx-4.0.1/src/wav_write.c:89:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->handle = fopen(info->name, "w");
data/terminatorx-4.0.1/src/main.cc:141:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]+9)<=PATH_MAX)
data/terminatorx-4.0.1/src/main.cc:162:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length=strlen(value);
data/terminatorx-4.0.1/src/main.cc:259:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250);
data/terminatorx-4.0.1/src/tX_audiodevice.cc:203:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pcm_name, globals.alsa_device_id, sizeof(pcm_name));
data/terminatorx-4.0.1/src/tX_audiodevice.cc:734:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/terminatorx-4.0.1/src/tX_audiofile.cc:72:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filename,"");
data/terminatorx-4.0.1/src/tX_audiofile.cc:85:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ext) >3) {
data/terminatorx-4.0.1/src/tX_dialog.cc:223:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer)) buffer[strlen(buffer)-1]=0;
data/terminatorx-4.0.1/src/tX_dialog.cc:223:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer)) buffer[strlen(buffer)-1]=0;
data/terminatorx-4.0.1/src/tX_engine.cc:115:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/terminatorx-4.0.1/src/tX_engine.cc:284:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50);
data/terminatorx-4.0.1/src/tX_global.c:48:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(buffer,"", length);
data/terminatorx-4.0.1/src/tX_global.c:50:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, globals.alternate_rc, length);
data/terminatorx-4.0.1/src/tX_global.c:53:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, getenv("HOME"), length-16);
data/terminatorx-4.0.1/src/tX_global.c:54:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buffer[strlen(buffer)-1]!='/')
data/terminatorx-4.0.1/src/tX_global.c:55:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, "/");
data/terminatorx-4.0.1/src/tX_global.c:67:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globals.xinput_device, "");
data/terminatorx-4.0.1/src/tX_global.c:101:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globals.last_fn,"");
data/terminatorx-4.0.1/src/tX_global.c:114:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globals.tables_filename, "");
data/terminatorx-4.0.1/src/tX_global.c:116:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globals.file_editor, "");
data/terminatorx-4.0.1/src/tX_global.c:130:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(globals.current_path, "");
data/terminatorx-4.0.1/src/tX_global.c:431:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max=strlen(src);
data/terminatorx-4.0.1/src/tX_global.c:456:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int inlen=strlen(src);
data/terminatorx-4.0.1/src/tX_ladspa.cc:50:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(ladspa_path, ladspa_path_ptr, sizeof(ladspa_path));
data/terminatorx-4.0.1/src/tX_ladspa.cc:61:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (end > start) strncpy(buffer, start, end - start);
data/terminatorx-4.0.1/src/tX_ladspa.cc:115:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dirlen=strlen(dirname);
data/terminatorx-4.0.1/src/tX_ladspa.cc:135:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *) malloc (dirlen + strlen(entry->d_name) + 1 + needslash);
data/terminatorx-4.0.1/src/tX_ladspa.cc:138:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (needslash) strcat(filename, "/");
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:48:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lena=strlen(a);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:49:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenb=strlen(b);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:77:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (end > start) strncpy(buffer, start, end - start);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:117:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dirlen=strlen(dirname);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:138:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *) malloc (dirlen + strlen(entry->d_name) + 10 + needslash);
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:142:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (needslash) strcat(filename, "/");
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:268:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, "\t");
data/terminatorx-4.0.1/src/tX_ladspa_class.cc:289:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1]=0;
data/terminatorx-4.0.1/src/tX_legacy_global.c:32:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer,"");
data/terminatorx-4.0.1/src/tX_legacy_global.c:37:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buffer[strlen(buffer)-1]!='/')
data/terminatorx-4.0.1/src/tX_legacy_global.c:38:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, "/");
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:636:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newvtt->filename))
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:690:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newvtt->filename))
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:745:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newvtt->filename))
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:799:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newvtt->filename))
data/terminatorx-4.0.1/src/tX_legacy_vtt.cc:853:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newvtt->filename))
data/terminatorx-4.0.1/src/tX_loaddlg.cc:114:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp)>1) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:306:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globals.tables_filename, buffer, sizeof(globals.tables_filename));
data/terminatorx-4.0.1/src/tX_mastergui.cc:321:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fread(idbuff, strlen(TX_SET_ID_10), 1, in);
data/terminatorx-4.0.1/src/tX_mastergui.cc:322:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(idbuff, TX_SET_ID_10, strlen(TX_SET_ID_10))==0) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:324:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(idbuff, TX_SET_ID_11, strlen(TX_SET_ID_11))==0) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:326:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(idbuff, TX_SET_ID_12, strlen(TX_SET_ID_12))==0) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:328:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(idbuff, TX_SET_ID_13, strlen(TX_SET_ID_13))==0) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:330:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(idbuff, TX_SET_ID_14, strlen(TX_SET_ID_14))==0) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:390:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(globals.tables_filename)) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:488:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, (char *) gtk_selection_data_get_data(selection_data), (size_t) gtk_selection_data_get_length(selection_data));
data/terminatorx-4.0.1/src/tX_mastergui.cc:712:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer)) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:733:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(globals.record_filename)) {
data/terminatorx-4.0.1/src/tX_mastergui.cc:739:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(globals.record_filename, filename, sizeof(globals.record_filename)-1);
data/terminatorx-4.0.1/src/tX_midiin.cc:453:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indent, "\t");
data/terminatorx-4.0.1/src/tX_midiin.cc:472:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent)-1]=0;
data/terminatorx-4.0.1/src/tX_mouse.cc:412:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t bytes_read = read(fd, &eventbuffer, sizeof(eventbuffer));
data/terminatorx-4.0.1/src/tX_prelis.cc:53:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200);
data/terminatorx-4.0.1/src/tX_prelis.cc:77:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ext)>3)
data/terminatorx-4.0.1/src/tX_sequencer.cc:265:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indent, "\t");
data/terminatorx-4.0.1/src/tX_sequencer.cc:271:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent)-1]=0;
data/terminatorx-4.0.1/src/tX_vtt.cc:255:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filename,"");
data/terminatorx-4.0.1/src/tX_vtt.cc:1215:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indent, "\t");
data/terminatorx-4.0.1/src/tX_vtt.cc:1272:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indent, "\t");
data/terminatorx-4.0.1/src/tX_vtt.cc:1277:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent)-1]=0;
data/terminatorx-4.0.1/src/tX_vtt.cc:1281:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indent, "\t");
data/terminatorx-4.0.1/src/tX_vtt.cc:1286:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent)-1]=0;
data/terminatorx-4.0.1/src/tX_vtt.cc:1289:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent)-1]=0;
data/terminatorx-4.0.1/src/tX_vtt.cc:1307:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(indent, "\t");
data/terminatorx-4.0.1/src/tX_vtt.cc:1558:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vtt->filename)) {
data/terminatorx-4.0.1/src/tX_vttfx.cc:105:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token)+strlen(temp)<10)
data/terminatorx-4.0.1/src/tX_vttfx.cc:105:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token)+strlen(temp)<10)
data/terminatorx-4.0.1/src/tX_vttfx.cc:107:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp)) strcat(temp, " ");
data/terminatorx-4.0.1/src/tX_vttfx.cc:107:22: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strlen(temp)) strcat(temp, " ");
data/terminatorx-4.0.1/src/tX_vttfx.cc:112:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp))
data/terminatorx-4.0.1/src/tX_vttfx.cc:114:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(target)) strcat(target, "\n");
data/terminatorx-4.0.1/src/tX_vttfx.cc:114:24: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(strlen(target)) strcat(target, "\n");
data/terminatorx-4.0.1/src/tX_vttfx.cc:115:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(temp)>10)
data/terminatorx-4.0.1/src/tX_vttfx.cc:129:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp))
data/terminatorx-4.0.1/src/tX_vttfx.cc:131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(target)) strcat(target, "\n");
data/terminatorx-4.0.1/src/tX_vttfx.cc:131:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(strlen(target)) strcat(target, "\n");
data/terminatorx-4.0.1/src/tX_vttfx.cc:292:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (indent, "\t");
data/terminatorx-4.0.1/src/tX_vttfx.cc:303:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent)-1]=0;
data/terminatorx-4.0.1/src/tX_vttgui.cc:73:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) > (unsigned int) globals.filename_length) {
data/terminatorx-4.0.1/src/tX_vttgui.cc:200:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, (char *) gtk_selection_data_get_data(selection_data), (size_t) gtk_selection_data_get_length(selection_data));
data/terminatorx-4.0.1/src/tX_vttgui.cc:241:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int c=0; c<strlen(buffer); c++) {
data/terminatorx-4.0.1/src/tX_vttgui.cc:257:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(globals.current_path)>0 ) {
data/terminatorx-4.0.1/src/tX_vttgui.cc:292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(globals.file_editor)>0) {
data/terminatorx-4.0.1/src/tX_vttgui.cc:738:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dnd_uri, "text/uri-list", 128);
data/terminatorx-4.0.1/src/tX_vttgui.cc:1321:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 6) {
ANALYSIS SUMMARY:
Hits = 421
Lines analyzed = 22751 in approximately 1.21 seconds (18804 lines/second)
Physical Source Lines of Code (SLOC) = 16820
Hits@level = [0] 93 [1] 93 [2] 210 [3] 6 [4] 112 [5] 0
Hits@level+ = [0+] 514 [1+] 421 [2+] 328 [3+] 118 [4+] 112 [5+] 0
Hits/KSLOC@level+ = [0+] 30.5589 [1+] 25.0297 [2+] 19.5006 [3+] 7.01546 [4+] 6.65874 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.