Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tix-8.4.3/win/tixWinWm.c
Examining data/tix-8.4.3/win/tixWinInt.h
Examining data/tix-8.4.3/win/tixWinXpm.c
Examining data/tix-8.4.3/win/tixWinDefault.h
Examining data/tix-8.4.3/win/tixWinDraw.c
Examining data/tix-8.4.3/win/tixWCmpt.c
Examining data/tix-8.4.3/win/tixWinPort.h
Examining data/tix-8.4.3/unix/tixUnixDefault.h
Examining data/tix-8.4.3/unix/tixUnixInt.h
Examining data/tix-8.4.3/unix/tixUnixMwm.c
Examining data/tix-8.4.3/unix/tixUnixXpm.c
Examining data/tix-8.4.3/unix/tixUnixDraw.c
Examining data/tix-8.4.3/unix/tixUnixWm.c
Examining data/tix-8.4.3/unix/tixUnixPort.h
Examining data/tix-8.4.3/generic/tixDItem.c
Examining data/tix-8.4.3/generic/tixScroll.c
Examining data/tix-8.4.3/generic/tixCompat.c
Examining data/tix-8.4.3/generic/tixWidget.c
Examining data/tix-8.4.3/generic/tixClass.c
Examining data/tix-8.4.3/generic/tixImgCmp.c
Examining data/tix-8.4.3/generic/tixImgXpm.c
Examining data/tix-8.4.3/generic/tixImgXpm.h
Examining data/tix-8.4.3/generic/tixTList.c
Examining data/tix-8.4.3/generic/tixTList.h
Examining data/tix-8.4.3/generic/tixCmds.c
Examining data/tix-8.4.3/generic/tixDiImg.c
Examining data/tix-8.4.3/generic/tixDiStyle.c
Examining data/tix-8.4.3/generic/tixDiITxt.c
Examining data/tix-8.4.3/generic/tixDiWin.c
Examining data/tix-8.4.3/generic/tixForm.c
Examining data/tix-8.4.3/generic/tixForm.h
Examining data/tix-8.4.3/generic/tixFormMisc.c
Examining data/tix-8.4.3/generic/tixGrRC.c
Examining data/tix-8.4.3/generic/tixGrid.c
Examining data/tix-8.4.3/generic/tixGrid.h
Examining data/tix-8.4.3/generic/tixGeometry.c
Examining data/tix-8.4.3/generic/tixGrData.c
Examining data/tix-8.4.3/generic/tixGrData.h
Examining data/tix-8.4.3/generic/tixList.c
Examining data/tix-8.4.3/generic/tixDiText.c
Examining data/tix-8.4.3/generic/tixHLCol.c
Examining data/tix-8.4.3/generic/tixHLHdr.c
Examining data/tix-8.4.3/generic/tixOption.c
Examining data/tix-8.4.3/generic/tixHLInd.c
Examining data/tix-8.4.3/generic/tixAppInit.c
Examining data/tix-8.4.3/generic/tixHList.c
Examining data/tix-8.4.3/generic/tixHList.h
Examining data/tix-8.4.3/generic/tixNBFrame.c
Examining data/tix-8.4.3/generic/tixInputO.c
Examining data/tix-8.4.3/generic/tixGrSort.c
Examining data/tix-8.4.3/generic/tixSmpLs.c
Examining data/tix-8.4.3/generic/tixError.c
Examining data/tix-8.4.3/generic/tixMethod.c
Examining data/tix-8.4.3/generic/tixDef.h
Examining data/tix-8.4.3/generic/tixInt.h
Examining data/tix-8.4.3/generic/tixGrFmt.c
Examining data/tix-8.4.3/generic/tixGrSel.c
Examining data/tix-8.4.3/generic/tixGrUtl.c
Examining data/tix-8.4.3/generic/tix.h
Examining data/tix-8.4.3/generic/tixPort.h
Examining data/tix-8.4.3/generic/tixUtils.c
Examining data/tix-8.4.3/generic/tixInit.c
Examining data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c
Examining data/tix-8.4.3/PyTix-2.0/2.0/tkappinit.c
FINAL RESULTS:
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:491:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argv0, className);
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:1582:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<tktimertoken at %p%s>", v,
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:2187:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, varg);
data/tix-8.4.3/generic/tixClass.c:940:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(index, "w:%s", argv[2]);
data/tix-8.4.3/generic/tixCompat.c:30:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_string, s);
data/tix-8.4.3/generic/tixGrRC.c:78:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorMsg, "%s %s ?option value ...?", argv[-2], argv[-1]);
data/tix-8.4.3/generic/tixGrRC.c:110:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errorMsg, "%s %s ?option value ...?", argv[-2], argv[-1]);
data/tix-8.4.3/generic/tixGrid.c:2607:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s %d %d %d %d", wPtr->formatCmd, areaNames[which],
data/tix-8.4.3/generic/tixHList.c:2798:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *) pathName, "%s%c%s", parentName, sep, name);
data/tix-8.4.3/generic/tixImgXpm.c:782:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(useName, colorName);
data/tix-8.4.3/generic/tixImgXpm.c:788:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(useName, colorName);
data/tix-8.4.3/generic/tixImgXpm.c:794:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(useName, colorName);
data/tix-8.4.3/generic/tixImgXpm.c:800:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(useName, colorName);
data/tix-8.4.3/generic/tixImgXpm.c:807:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(useName, colorName);
data/tix-8.4.3/generic/tixMethod.c:370:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, context);
data/tix-8.4.3/generic/tixMethod.c:372:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff+conLen+1, method);
data/tix-8.4.3/generic/tixOption.c:188:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, classRec);
data/tix-8.4.3/generic/tixOption.c:189:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff+conLen, flag);
data/tix-8.4.3/generic/tixOption.c:259:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(method, "config%s", spec->argvName);
data/tix-8.4.3/generic/tixWidget.c:80:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(widCmd, "::%s", widRec);
data/tix-8.4.3/generic/tixWidget.c:82:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rootCmd, "::%s:root", widRec);
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvStore[ARGSZ];
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argvStore[ARGSZ];
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:1580:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/tix-8.4.3/generic/tixClass.c:932:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[STATIC_SPACE_SIZE];
data/tix-8.4.3/generic/tixClass.c:1742:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * specs[2] = {"export :", "restrict :"};
data/tix-8.4.3/generic/tixCmds.c:593:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[20];
data/tix-8.4.3/generic/tixCmds.c:596:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "#%4x%4x%4x", colorPtr->red, colorPtr->green,
data/tix-8.4.3/generic/tixDItem.c:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) widgRecList[i], argvName, flags);
data/tix-8.4.3/generic/tixDItem.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) widgRecList[i], argvName, flags);
data/tix-8.4.3/generic/tixDItem.c:350:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) widgRecList[i], NULL, flags);
data/tix-8.4.3/generic/tixDItem.c:386:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char *widgRecList[2];
data/tix-8.4.3/generic/tixDItem.c:421:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char *widgRecList[2];
data/tix-8.4.3/generic/tixDItem.c:448:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char *widgRecList[2];
data/tix-8.4.3/generic/tixDiStyle.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16 + TCL_INTEGER_SPACE];
data/tix-8.4.3/generic/tixDiStyle.c:233:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "tixStyle%d", counter++);
data/tix-8.4.3/generic/tixDiStyle.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)stylePtr, argv[0], 0);
data/tix-8.4.3/generic/tixDiStyle.c:329:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)stylePtr, argv[0], 0);
data/tix-8.4.3/generic/tixForm.c:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixForm.c:252:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d", masterPtr->grids[0], masterPtr->grids[1]);
data/tix-8.4.3/generic/tixForm.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isDefault[2][2];/* Is this side a default attachment*/
data/tix-8.4.3/generic/tixForm.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attType[2][2]; /* type of attachment
data/tix-8.4.3/generic/tixFormMisc.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/tix-8.4.3/generic/tixFormMisc.c:61:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static CONST84 char *sideNames[2][2] = {
data/tix-8.4.3/generic/tixFormMisc.c:65:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static CONST84 char *padNames[2][2] = {
data/tix-8.4.3/generic/tixFormMisc.c:89:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", clientPtr->pad[i][j]);
data/tix-8.4.3/generic/tixFormMisc.c:109:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", clientPtr->pad[i][j]);
data/tix-8.4.3/generic/tixFormMisc.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/tix-8.4.3/generic/tixFormMisc.c:130:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "{%%%d %d}", clientPtr->att[axis][which].grid,
data/tix-8.4.3/generic/tixFormMisc.c:136:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", clientPtr->off[axis][which]);
data/tix-8.4.3/generic/tixFormMisc.c:143:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", clientPtr->off[axis][which]);
data/tix-8.4.3/generic/tixGrData.c:475:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char * str[2];
data/tix-8.4.3/generic/tixGrRC.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMsg[300];
data/tix-8.4.3/generic/tixGrUtl.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40];
data/tix-8.4.3/generic/tixGrUtl.c:96:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", sizePtr->sizeValue);
data/tix-8.4.3/generic/tixGrUtl.c:101:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%fchar", sizePtr->charValue);
data/tix-8.4.3/generic/tixGrUtl.c:111:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", sizePtr->pad0);
data/tix-8.4.3/generic/tixGrUtl.c:115:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", sizePtr->pad1);
data/tix-8.4.3/generic/tixGrid.c:1581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/tix-8.4.3/generic/tixGrid.c:1676:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "xy %d %d", bd[0], bd[1]);
data/tix-8.4.3/generic/tixGrid.c:1678:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "x %d %d", bd[0], bd[1]);
data/tix-8.4.3/generic/tixGrid.c:1680:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "y %d %d", bd[0], bd[1]);
data/tix-8.4.3/generic/tixGrid.c:1827:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)wPtr, argv[0], 0);
data/tix-8.4.3/generic/tixGrid.c:1848:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) wPtr, argv[0], 0);
data/tix-8.4.3/generic/tixGrid.c:1891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20];
data/tix-8.4.3/generic/tixGrid.c:1909:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", x);
data/tix-8.4.3/generic/tixGrid.c:1911:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", y);
data/tix-8.4.3/generic/tixGrid.c:1995:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char*)chPtr, entryConfigSpecs, chPtr->iPtr, (char *) argv[2], 0);
data/tix-8.4.3/generic/tixGrid.c:2016:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/tix-8.4.3/generic/tixGrid.c:2042:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "{%f %f} {%f %f}", first[0], last[0], first[1], last[1]);
data/tix-8.4.3/generic/tixGrid.c:2061:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixGrid.c:2067:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d", x, y);
data/tix-8.4.3/generic/tixGrid.c:2162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/tix-8.4.3/generic/tixGrid.c:2199:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", rePtr->index[0], rePtr->index[1]);
data/tix-8.4.3/generic/tixGrid.c:2243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/tix-8.4.3/generic/tixGrid.c:2245:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d", changePtr[0], changePtr[1]);
data/tix-8.4.3/generic/tixGrid.c:2474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/tix-8.4.3/generic/tixGrid.c:2478:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%f %f", first, last);
data/tix-8.4.3/generic/tixGrid.c:2583:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static CONST84 char * areaNames[4] = {
data/tix-8.4.3/generic/tixGrid.c:2598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[STATIC_SPACE_SIZE];
data/tix-8.4.3/generic/tixGrid.c:2937:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[60];
data/tix-8.4.3/generic/tixGrid.c:2939:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, " %f %f", first, last);
data/tix-8.4.3/generic/tixGrid.c:3232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixGrid.c:3244:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d %d %d", rect[0][0], rect[1][0],
data/tix-8.4.3/generic/tixHLCol.c:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/tix-8.4.3/generic/tixHLCol.c:357:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", wPtr->actualSize[column].width);
data/tix-8.4.3/generic/tixHLHdr.c:406:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) argv[1], 0);
data/tix-8.4.3/generic/tixHLHdr.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/tix-8.4.3/generic/tixHLHdr.c:575:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d",
data/tix-8.4.3/generic/tixHLInd.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixHLInd.c:276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d",
data/tix-8.4.3/generic/tixHList.c:741:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)wPtr, argv[0], 0);
data/tix-8.4.3/generic/tixHList.c:762:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) wPtr, argv[0], 0);
data/tix-8.4.3/generic/tixHList.c:894:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) argv[1], 0);
data/tix-8.4.3/generic/tixHList.c:915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/tix-8.4.3/generic/tixHList.c:940:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "{%f %f} {%f %f}", first[0], last[0], first[1], last[1]);
data/tix-8.4.3/generic/tixHList.c:1184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char column[20];
data/tix-8.4.3/generic/tixHList.c:1284:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(column, "%d", i);
data/tix-8.4.3/generic/tixHList.c:1428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixHList.c:1446:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d %d %d", x1, y1, x1+wXSize-1, y2);
data/tix-8.4.3/generic/tixHList.c:1658:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/tix-8.4.3/generic/tixHList.c:1660:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%d", wPtr->leftPixel);
data/tix-8.4.3/generic/tixHList.c:1725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/tix-8.4.3/generic/tixHList.c:1727:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%d", wPtr->topPixel);
data/tix-8.4.3/generic/tixHList.c:2669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixedSpace[FIXED_SPACE+1];
data/tix-8.4.3/generic/tixHList.c:2768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40];
data/tix-8.4.3/generic/tixHList.c:2788:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", parent->numCreatedChild);
data/tix-8.4.3/generic/tixHList.c:4210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/tix-8.4.3/generic/tixHList.c:4215:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " %g %g", d_first, d_last);
data/tix-8.4.3/generic/tixImgCmp.c:393:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char *argvbuf[10];
data/tix-8.4.3/generic/tixImgCmp.c:643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) masterPtr, argv[2], 0);
data/tix-8.4.3/generic/tixImgCmp.c:651:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
configSpecs, (char *) masterPtr, argv[2], 0);
data/tix-8.4.3/generic/tixImgXpm.c:130:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char *argvbuf[10];
data/tix-8.4.3/generic/tixImgXpm.c:536:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fileName, "r");
data/tix-8.4.3/generic/tixImgXpm.c:983:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) masterPtr, argv[2], 0);
data/tix-8.4.3/generic/tixImgXpm.c:991:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
configSpecs, (char *) masterPtr, argv[2], 0);
data/tix-8.4.3/generic/tixImgXpm.c:1003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[30];
data/tix-8.4.3/generic/tixImgXpm.c:1009:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", count);
data/tix-8.4.3/generic/tixInit.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[10];
data/tix-8.4.3/generic/tixInit.c:185:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", tixOption.isDebug);
data/tix-8.4.3/generic/tixInputO.c:275:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) wPtr, argv[2], 0);
data/tix-8.4.3/generic/tixInputO.c:284:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)wPtr, argv[2], 0);
data/tix-8.4.3/generic/tixNBFrame.c:502:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)wPtr, argv[2], 0);
data/tix-8.4.3/generic/tixNBFrame.c:513:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) wPtr, argv[2], 0);
data/tix-8.4.3/generic/tixNBFrame.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[20];
data/tix-8.4.3/generic/tixNBFrame.c:559:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d %d", wPtr->width, wPtr->height);
data/tix-8.4.3/generic/tixNBFrame.c:669:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)tPtr, argv[3], 0);
data/tix-8.4.3/generic/tixNBFrame.c:687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)tPtr, argv[3], 0);
data/tix-8.4.3/generic/tixOption.c:247:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char * argv[2];
data/tix-8.4.3/generic/tixOption.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[STATIC_SPACE_SIZE];
data/tix-8.4.3/generic/tixOption.c:330:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char * cmdArgv[2];
data/tix-8.4.3/generic/tixOption.c:389:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char *argv[6];
data/tix-8.4.3/generic/tixScroll.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[100];
data/tix-8.4.3/generic/tixScroll.c:111:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, " %f %f", d_first, d_last);
data/tix-8.4.3/generic/tixTList.c:685:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CONST84 char * argv[2];
data/tix-8.4.3/generic/tixTList.c:1102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40];
data/tix-8.4.3/generic/tixTList.c:1179:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", at);
data/tix-8.4.3/generic/tixTList.c:1192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixTList.c:1208:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", i);
data/tix-8.4.3/generic/tixTList.c:1232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixTList.c:1238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", index);
data/tix-8.4.3/generic/tixTList.c:1275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/tix-8.4.3/generic/tixTList.c:1285:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", i);
data/tix-8.4.3/generic/tixTList.c:1292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixTList.c:1294:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", wPtr->entList.numItems);
data/tix-8.4.3/generic/tixTList.c:1376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixTList.c:1422:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", dst);
data/tix-8.4.3/generic/tixTList.c:1444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)wPtr, argv[0], 0);
data/tix-8.4.3/generic/tixTList.c:1465:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) wPtr, argv[0], 0);
data/tix-8.4.3/generic/tixTList.c:1486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[40];
data/tix-8.4.3/generic/tixTList.c:1509:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "{%f %f} {%f %f}", first[0], last[0], first[1], last[1]);
data/tix-8.4.3/generic/tixTList.c:1643:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char*)chPtr, entryConfigSpecs, chPtr->iPtr, (char *) argv[1], 0);
data/tix-8.4.3/generic/tixTList.c:1664:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/tix-8.4.3/generic/tixTList.c:1677:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", index);
data/tix-8.4.3/generic/tixTList.c:2094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/tix-8.4.3/generic/tixTList.c:2100:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "{%f %f}", first, last);
data/tix-8.4.3/unix/tixUnixMwm.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40];
data/tix-8.4.3/unix/tixUnixMwm.c:371:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-border %d",
data/tix-8.4.3/unix/tixUnixMwm.c:375:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-resizeh %d",
data/tix-8.4.3/unix/tixUnixMwm.c:379:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-title %d",
data/tix-8.4.3/unix/tixUnixMwm.c:383:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-menu %d",
data/tix-8.4.3/unix/tixUnixMwm.c:387:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-minimize %d",
data/tix-8.4.3/unix/tixUnixMwm.c:391:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "-maximize %d",
data/tix-8.4.3/unix/tixUnixMwm.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/tix-8.4.3/unix/tixUnixMwm.c:630:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, " f.send_msg %d\n", (int)(ptPtr->protocol));
data/tix-8.4.3/PyTix-2.0/2.0/_tkinter.c:484:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv0 = (char*)ckalloc(strlen(className) + 1);
data/tix-8.4.3/generic/tixClass.c:277:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!parsePtr->superClass || strlen(parsePtr->superClass) == 0) {
data/tix-8.4.3/generic/tixClass.c:861:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(method);
data/tix-8.4.3/generic/tixClass.c:936:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(argv[2]) + 3) > STATIC_SPACE_SIZE) {
data/tix-8.4.3/generic/tixClass.c:937:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = (char*)ckalloc(strlen(argv[2]) + 3);
data/tix-8.4.3/generic/tixCmds.c:107:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(argv[0], "tixWidgetDoWhenIdle", strlen(argv[0]))== 0) {
data/tix-8.4.3/generic/tixCompat.c:26:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s)+1;
data/tix-8.4.3/generic/tixDItem.c:245:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[n]);
data/tix-8.4.3/generic/tixDItem.c:304:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argvName);
data/tix-8.4.3/generic/tixDItem.c:353:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_DStringAppend(&dString, result, (int) strlen(result));
data/tix-8.4.3/generic/tixDiStyle.c:198:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixDiStyle.c:606:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(Tk_PathName(ddPtr->tkwin)));
data/tix-8.4.3/generic/tixDiStyle.c:609:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(diTypePtr->name));
data/tix-8.4.3/generic/tixDiStyle.c:954:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value == NULL || strlen(value) == 0) {
data/tix-8.4.3/generic/tixForm.c:401:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[1]);
data/tix-8.4.3/generic/tixFormMisc.c:325:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(value);
data/tix-8.4.3/generic/tixGrRC.c:65:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixGrSort.c:174:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/generic/tixGrSort.c:241:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixGrUtl.c:131:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp("-size", argv[i], strlen(argv[i])) == 0) {
data/tix-8.4.3/generic/tixGrid.c:1738:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixGrid.c:1895:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/generic/tixGrid.c:2085:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixGrid.c:2230:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[-1]);
data/tix-8.4.3/generic/tixGrid.c:2241:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/generic/tixGrid.c:2601:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(wPtr->formatCmd) + 10 + (TCL_INTEGER_SPACE *4) + 10;
data/tix-8.4.3/generic/tixGrid.c:3277:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixHLCol.c:204:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixHLHdr.c:451:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(argv[i], "-itemtype", strlen(argv[i])) == 0) {
data/tix-8.4.3/generic/tixHLInd.c:154:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixHList.c:680:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[-1]);
data/tix-8.4.3/generic/tixHList.c:691:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/generic/tixHList.c:791:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/generic/tixHList.c:1012:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixHList.c:1547:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixHList.c:2701:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixHList.c:2796:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathName = ckalloc(strlen(parentName)+1+ strlen(name)+1);
data/tix-8.4.3/generic/tixHList.c:2796:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathName = ckalloc(strlen(parentName)+1+ strlen(name)+1);
data/tix-8.4.3/generic/tixHList.c:2837:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(parentName, pathName, (size_t) numChars);
data/tix-8.4.3/generic/tixImgCmp.c:486:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(argv[i]);
data/tix-8.4.3/generic/tixImgCmp.c:563:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/tix-8.4.3/generic/tixImgCmp.c:570:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[2]);
data/tix-8.4.3/generic/tixImgCmp.c:655:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[i]);
data/tix-8.4.3/generic/tixImgXpm.c:765:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorName = (char*)ckalloc(strlen(colorDefn));
data/tix-8.4.3/generic/tixImgXpm.c:766:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
useName = (char*)ckalloc(strlen(colorDefn));
data/tix-8.4.3/generic/tixImgXpm.c:817:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(colors[i].cstring, masterPtr->data[i+lOffset],
data/tix-8.4.3/generic/tixImgXpm.c:972:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/tix-8.4.3/generic/tixInputO.c:268:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/tix-8.4.3/generic/tixMethod.c:348:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(superclass) == 0) {
data/tix-8.4.3/generic/tixMethod.c:366:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conLen = strlen(context);
data/tix-8.4.3/generic/tixMethod.c:367:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = conLen + strlen(method) + 3;
data/tix-8.4.3/generic/tixMethod.c:371:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buff+conLen, ":");
data/tix-8.4.3/generic/tixMethod.c:525:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(method);
data/tix-8.4.3/generic/tixNBFrame.c:441:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/tix-8.4.3/generic/tixOption.c:151:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flag);
data/tix-8.4.3/generic/tixOption.c:184:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conLen = strlen(classRec);
data/tix-8.4.3/generic/tixOption.c:185:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max = conLen + strlen(flag) + 1;
data/tix-8.4.3/generic/tixOption.c:252:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int bufsize = strlen(spec->argvName) + 7;
data/tix-8.4.3/generic/tixTList.c:388:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(wPtr->orientUid);
data/tix-8.4.3/generic/tixTList.c:1130:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[i]);
data/tix-8.4.3/generic/tixTList.c:1255:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixTList.c:1848:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[0]);
data/tix-8.4.3/generic/tixTList.c:2022:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[-1]);
data/tix-8.4.3/generic/tixTList.c:2036:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/generic/tixUtils.c:83:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[1]);
data/tix-8.4.3/generic/tixUtils.c:99:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->namelen = strlen(s->name);
data/tix-8.4.3/generic/tixUtils.c:363:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(Tk_PathName(tkwin)));
data/tix-8.4.3/generic/tixUtils.c:365:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_DStringAppend(&dString, subPath, (int) strlen(subPath));
data/tix-8.4.3/generic/tixUtils.c:610:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(value);
data/tix-8.4.3/generic/tixWidget.c:79:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
widCmd = ckalloc(strlen(widRec) + 3);
data/tix-8.4.3/generic/tixWidget.c:81:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootCmd = ckalloc(strlen(widRec) + 8);
data/tix-8.4.3/unix/tixUnixMwm.c:189:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/tix-8.4.3/unix/tixUnixMwm.c:272:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/tix-8.4.3/unix/tixUnixMwm.c:482:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/tix-8.4.3/unix/tixUnixMwm.c:526:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptPtr->messageLen = strlen(message);
data/tix-8.4.3/unix/tixUnixMwm.c:631:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Tcl_DStringAppend(&dString, tmp, (int)strlen(tmp));
ANALYSIS SUMMARY:
Hits = 241
Lines analyzed = 41610 in approximately 0.99 seconds (42012 lines/second)
Physical Source Lines of Code (SLOC) = 28075
Hits@level = [0] 10 [1] 76 [2] 144 [3] 0 [4] 21 [5] 0
Hits@level+ = [0+] 251 [1+] 241 [2+] 165 [3+] 21 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 8.94034 [1+] 8.58415 [2+] 5.87711 [3+] 0.747996 [4+] 0.747996 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.