Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tktreectrl-2.4.1/generic/qebind.c
Examining data/tktreectrl-2.4.1/generic/qebind.h
Examining data/tktreectrl-2.4.1/generic/tkTreeColumn.c
Examining data/tktreectrl-2.4.1/generic/tkTreeCtrl.c
Examining data/tktreectrl-2.4.1/generic/tkTreeCtrl.h
Examining data/tktreectrl-2.4.1/generic/tkTreeDisplay.c
Examining data/tktreectrl-2.4.1/generic/tkTreeDrag.c
Examining data/tktreectrl-2.4.1/generic/tkTreeElem.c
Examining data/tktreectrl-2.4.1/generic/tkTreeElem.h
Examining data/tktreectrl-2.4.1/generic/tkTreeHeader.c
Examining data/tktreectrl-2.4.1/generic/tkTreeItem.c
Examining data/tktreectrl-2.4.1/generic/tkTreeMarquee.c
Examining data/tktreectrl-2.4.1/generic/tkTreeNotify.c
Examining data/tktreectrl-2.4.1/generic/tkTreeStyle.c
Examining data/tktreectrl-2.4.1/generic/tkTreeTheme.c
Examining data/tktreectrl-2.4.1/generic/tkTreeUtils.c
Examining data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c
Examining data/tktreectrl-2.4.1/shellicon/shellicon.c
Examining data/tktreectrl-2.4.1/unix/tkUnixTree.c
Examining data/tktreectrl-2.4.1/win/tkWinTree.c
FINAL RESULTS:
data/tktreectrl-2.4.1/generic/qebind.c:225:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(eiPtr->name, name);
data/tktreectrl-2.4.1/generic/qebind.c:682:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(cmdNew, "%s\n%s", cmdOld, command);
data/tktreectrl-2.4.1/generic/qebind.c:688:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(cmdNew, command);
data/tktreectrl-2.4.1/generic/qebind.c:1215:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "\n (<%s%s%s> binding on %s)",
data/tktreectrl-2.4.1/generic/qebind.c:2054:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(dPtr->command, command);
data/tktreectrl-2.4.1/generic/qebind.c:2078:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(eiPtr->command, command);
data/tktreectrl-2.4.1/generic/qebind.c:2159:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(dPtr->command, command);
data/tktreectrl-2.4.1/generic/qebind.c:2201:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(eiPtr->command, command);
data/tktreectrl-2.4.1/generic/tkTreeColumn.c:1514:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s%d", tree->columnPrefix, column->id);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:2987:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(domainPtr->stateNames[slot], string);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:61:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:1428:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "image create photo %s", imageName);
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:2594:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s%d", tree->itemPrefix, item->id);
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:3267:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)specPtr->defValue, Tcl_DStringValue(&dString));
data/tktreectrl-2.4.1/generic/tkTreeItem.c:5380:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s%d", tree->itemPrefix, item->id);
data/tktreectrl-2.4.1/generic/tkTreeItem.c:7652:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "\n (preparing to sort item %s%d column %s%d)",
data/tktreectrl-2.4.1/generic/tkTreeItem.c:8065:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(domainPtr->stateNames[slot], string);
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:51:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s%d",
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:88:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%s%d",
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:195:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(chars2, chars);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:64:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, 512, fmt, args);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:172:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:203:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2216:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pImage->string, string);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2370:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "%c%s ", flags[j].flagChar,
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5173:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, value);
data/tktreectrl-2.4.1/shellicon/shellicon.c:773:20: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE hShell32 = LoadLibrary("shell32.dll");
data/tktreectrl-2.4.1/win/tkWinTree.c:1440:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hInst = LoadLibrary("kernel32.dll"); /* FIXME: leak? */
data/tktreectrl-2.4.1/win/tkWinTree.c:1571:14: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary("comctl32.dll");
data/tktreectrl-2.4.1/win/tkWinTree.c:1626:20: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
*phlib = handle = LoadLibrary("uxtheme.dll");
data/tktreectrl-2.4.1/win/tkWinTree.c:2437:23: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE library = LoadLibrary("dwmapi.dll");
data/tktreectrl-2.4.1/win/tkWinTree.c:2457:25: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE library = ::LoadLibrary(L"dwmapi.dll");
data/tktreectrl-2.4.1/win/tkWinTree.c:3025:25: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
DllExports.handle = LoadLibrary("gdiplus.dll");
data/tktreectrl-2.4.1/generic/qebind.c:889:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_NewStringObj((char *) objectList[i], -1));
data/tktreectrl-2.4.1/generic/qebind.c:1210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/tktreectrl-2.4.1/generic/qebind.c:1293:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int ParseEventDescription1(BindingTable *bindPtr, char *pattern, char eventName[FIELD_SIZE], char detailName[FIELD_SIZE])
data/tktreectrl-2.4.1/generic/qebind.c:1293:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int ParseEventDescription1(BindingTable *bindPtr, char *pattern, char eventName[FIELD_SIZE], char detailName[FIELD_SIZE])
data/tktreectrl-2.4.1/generic/qebind.c:1293:101: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int ParseEventDescription1(BindingTable *bindPtr, char *pattern, char eventName[FIELD_SIZE], char detailName[FIELD_SIZE])
data/tktreectrl-2.4.1/generic/qebind.c:1341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eventName[FIELD_SIZE], detailName[FIELD_SIZE];
data/tktreectrl-2.4.1/generic/qebind.c:1344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMsg[512];
data/tktreectrl-2.4.1/generic/qebind.c:1358:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errorMsg, "unknown event \"%.128s\"", eventName);
data/tktreectrl-2.4.1/generic/qebind.c:1378:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errorMsg, "unknown detail \"%.128s\" for event \"%.128s\"",
data/tktreectrl-2.4.1/generic/qebind.c:1455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numStorage[TCL_DOUBLE_SPACE];
data/tktreectrl-2.4.1/generic/qebind.c:1464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numStorage[TCL_INTEGER_SPACE];
data/tktreectrl-2.4.1/generic/qebind.c:1466:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(numStorage, "%ld", number);
data/tktreectrl-2.4.1/generic/qebind.c:1486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2];
data/tktreectrl-2.4.1/generic/qebind.c:1488:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(string, "%c", which);
data/tktreectrl-2.4.1/generic/qebind.c:1930:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2];
data/tktreectrl-2.4.1/generic/qebind.c:1965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eventName[FIELD_SIZE], detailName[FIELD_SIZE];
data/tktreectrl-2.4.1/generic/tkTreeColumn.c:1513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100 + TCL_INTEGER_SPACE];
data/tktreectrl-2.4.1/generic/tkTreeColumn.c:2939:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_NewStringObj((char *) tags[i], -1));
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:1911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[TCL_DOUBLE_SPACE+1];
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:1912:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[TCL_DOUBLE_SPACE+1];
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:1970:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[TCL_DOUBLE_SPACE+1];
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:1971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[TCL_DOUBLE_SPACE+1];
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stateNames[32]; /* Sparse array of state names. */
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:587:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *optionHax[64]; /* Used by OptionHax_xxx */
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1301:81: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MODULE_SCOPE int TreeTheme_GetButtonSize(TreeCtrl *tree, Drawable drawable, int open, int *widthPtr, int *heightPtr);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1327:118: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MODULE_SCOPE void Tree_DrawActiveOutline(TreeCtrl *tree, Drawable drawable, int x, int y, int width, int height, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticRWB[100];
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1]; /* Actual size will be > 1 */
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1734:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1736:66: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeClip *clip, GC gc, TreeRectangle tr, int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1739:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int outlineWidth, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1745:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeRectangle tr, int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1749:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1751:75: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeClip *clip, XColor *xcolor, TreeRectangle tr, int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1755:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeRectangle tr, int outlineWidth, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1758:61: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeRectangle tr, int outlineWidth, int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1764:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeRectangle tr, int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1768:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int outlineWidth, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1773:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int outlineWidth, int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.h:1776:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int rx, int ry, int open);
data/tktreectrl-2.4.1/generic/tkTreeDisplay.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[4];
data/tktreectrl-2.4.1/generic/tkTreeDisplay.c:3050:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, (TreeColumn *) columns.pointers,
data/tktreectrl-2.4.1/generic/tkTreeElem.c:2819:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PerStateInfo open;
data/tktreectrl-2.4.1/generic/tkTreeElem.c:2854:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tk_Offset(ElementRect, open.obj), Tk_Offset(ElementRect, open),
data/tktreectrl-2.4.1/generic/tkTreeElem.c:2854:63: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tk_Offset(ElementRect, open.obj), Tk_Offset(ElementRect, open),
data/tktreectrl-2.4.1/generic/tkTreeElem.c:2985:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FLAGS_FOR_STATE(open, open, state)
data/tktreectrl-2.4.1/generic/tkTreeElem.c:2985:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FLAGS_FOR_STATE(open, open, state)
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3042:88: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeColor_FillRoundRect(tree, args->display.td, clipPtr, tc, trBrush, tr, rx, ry, open);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3045:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tc != NULL) && (outlineWidth > 0) && (open != RECT_OPEN_WNES)) {
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3050:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trBrush, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3057:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3071:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tc != NULL) && (outlineWidth > 0) && (open != RECT_OPEN_WNES)) {
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3076:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outlineWidth, open);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3083:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3165:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FLAGS_FOR_STATE(open1, open, args->states.state1)
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3166:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FLAGS_FOR_STATE(open2, open, args->states.state2)
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3189:64: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
modified |= PerStateInfo_Undefine(tree, &pstFlags, &elemX->open, elem->stateDomain, args->state);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3234:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OBJECT_FOR_STATE(obj, pstFlags, open, args->state)
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3533:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(elemX->text, text, elemX->textLen);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3649:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(elemX->text, text, elemX->textLen);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:4246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticStr[256], *buf = staticStr;
data/tktreectrl-2.4.1/generic/tkTreeElem.c:4252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, text, bufLen);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:4254:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufLen, ellipsis, ellipsisLen);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:5302:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(typePtr, newTypePtr, sizeof(TreeElementType));
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:1415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imageName[128];
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:1421:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imageName, "::TreeCtrl::ImageColumnH%dC%d",
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:1427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/tktreectrl-2.4.1/generic/tkTreeHeader.c:2593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100 + TCL_INTEGER_SPACE];
data/tktreectrl-2.4.1/generic/tkTreeItem.c:5379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100 + TCL_INTEGER_SPACE];
data/tktreectrl-2.4.1/generic/tkTreeItem.c:5788:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Tcl_GetBooleanFromObj(interp, objv[i + 1], &open)
data/tktreectrl-2.4.1/generic/tkTreeItem.c:5852:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open) item->state |= STATE_ITEM_OPEN;
data/tktreectrl-2.4.1/generic/tkTreeItem.c:7651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/tktreectrl-2.4.1/generic/tkTreeItem.c:8462:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Tcl_NewStringObj((char *) tags[i], -1));
data/tktreectrl-2.4.1/generic/tkTreeItem.c:8969:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open;
data/tktreectrl-2.4.1/generic/tkTreeItem.c:8983:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (mode == -1 || open != mode) {
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10 + TCL_INTEGER_SPACE];
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10 + TCL_INTEGER_SPACE];
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars2[64];
data/tktreectrl-2.4.1/generic/tkTreeNotify.c:194:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chars2, "TWPed");
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:6156:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[2];
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:6168:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[4];
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:6180:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[6];
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:6196:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[2];
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:6248:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[4];
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:7871:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:7915:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "treectrl_header_elem.header");
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:7930:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "treectrl_header_elem.bitmap");
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:7945:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "treectrl_header_elem.image");
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:7960:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "treectrl_header_elem.text");
data/tktreectrl-2.4.1/generic/tkTreeStyle.c:7970:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "treectrl_header_style_%d", tree->headerStyle.nextId);
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:65:65: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int TreeTheme_DrawButton(TreeCtrl *tree, Drawable drawable, int open, int x, int y, int width, int height)
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:76:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open = open ? 1 : 0;
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:77:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
padding = themeData->buttonPadding[open];
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:80:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
width = themeData->buttonWidth[open];
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:81:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
height = themeData->buttonHeight[open];
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:84:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ttk_state = open ? TTK_STATE_OPEN : 0;
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:93:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int TreeTheme_GetButtonSize(TreeCtrl *tree, Drawable drawable, int open, int *widthPtr, int *heightPtr)
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:101:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open = open ? 1 : 0;
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:102:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
padding = themeData->buttonPadding[open];
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:103:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*widthPtr = themeData->buttonWidth[open] - padding.left - padding.right;
data/tktreectrl-2.4.1/generic/tkTreeTheme.c:104:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*heightPtr = themeData->buttonHeight[open] - padding.top - padding.bottom;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticStr[256], *tmpStr = staticStr;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpStr, string, bytesTest);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpStr + bytesTest, ellipsis, ellipsisNumBytes);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpStr, string, bytesThatFit);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:297:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpStr + bytesThatFit, ellipsis, ellipsisNumBytes);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:907:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticStr[256], *buf = staticStr;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:957:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, chunkPtr->start, chunkPtr->numBytes);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:958:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + chunkPtr->numBytes, ellipsis, ellipsisLen);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:1100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticStr[256], *buf = staticStr;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:1106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, firstByte, (lastByte - firstByte));
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:1107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + (lastByte - firstByte), ellipsis, ellipsisLen);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2373:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(buf, "and %c", flags[j].flagChar);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbug[4]; /* "DBUG" */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[1]; /* First byte of client's space. Actual
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2767:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr, MIN(size1, size2));
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:3078:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pointers, tplPtr->pointers, (tplPtr->count + 1) * sizeof(ClientData));
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:3146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tplPtr->pointers + tplPtr->count, tpl2Ptr->pointers,
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:3399:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) copy->tagPtr, tagInfo->tagPtr, tagInfo->numTags * sizeof(Tk_Uid));
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:3787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) expr->uids, expr->staticUids, sizeof(expr->staticUids));
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5793:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5799:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5800:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5801:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5802:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5908:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5913:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5914:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5915:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:5916:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:7965:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:7973:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tr, rx, ry, open);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8086:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8091:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_W)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8096:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_N)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8101:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_E)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8106:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_S)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8138:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8145:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outlineWidth, open);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8150:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_W)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8155:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_N)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8160:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_E)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8165:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(open & RECT_OPEN_S)) {
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8236:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8243:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8247:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rx, ry, open);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8276:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8283:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rx, ry, open);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:8286:60: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_FillRoundRect(tree, td, clip, tc->color, tr, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:205:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:209:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int w = !(open & RECT_OPEN_W);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:210:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int n = !(open & RECT_OPEN_N);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:211:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int e = !(open & RECT_OPEN_E);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:212:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int s = !(open & RECT_OPEN_S);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:240:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int w = !(open & RECT_OPEN_W);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:241:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int n = !(open & RECT_OPEN_N);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:242:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int e = !(open & RECT_OPEN_E);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:243:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int s = !(open & RECT_OPEN_S);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:1127:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info.value = open ? kThemeDisclosureDown : kThemeDisclosureRight;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:1137:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int angle = tree->themeData->animButtonAngle * (open ? -1 : 1);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:1179:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open, /* TRUE if expanded button. */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2144:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2148:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2149:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2150:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2151:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2184:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2197:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outlineWidth, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2209:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p = MakeRectPath_OutlineFilled(tr, outlineWidth, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2249:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2253:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2254:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2255:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2256:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2270:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open) {
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2339:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2357:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2364:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2372:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (rx == ry && !open) {
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2378:62: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CGMutablePathRef p = MakeRoundRectPath_Fill(tr, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2401:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2405:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2406:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2407:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2408:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2425:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open) {
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2499:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2505:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int antialias = !open; /* the arcs can be antialiased, but not the line ends! */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2512:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2519:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2524:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (rx == ry && !open) {
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2533:74: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CGMutablePathRef p = MakeRoundRectPath_Stroke(tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2575:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2581:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2582:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2583:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2584:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2664:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2684:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2692:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2702:64: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p = MakeRoundRectPath_OutlineFilled(tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2730:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/macosx/tkMacOSXTree.c:2734:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_FillRoundRectX11(tree, td, clip, gc, tr, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:94:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:99:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int w = !(open & RECT_OPEN_W);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:100:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int n = !(open & RECT_OPEN_N);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:101:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int e = !(open & RECT_OPEN_E);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:102:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int s = !(open & RECT_OPEN_S);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:1138:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GtkExpanderStyle expander_style = open ? GTK_EXPANDER_EXPANDED : GTK_EXPANDER_COLLAPSED;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:1231:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open, /* TRUE if expanded button. */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:1535:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tree->themeData->animButtonExpanding = !open;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:1536:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open)
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2084:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open, /* TRUE if expanded button. */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2619:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2623:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2624:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2625:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2626:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2632:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open) {
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2669:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2687:80: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeGradient_DrawRectX11(tree, td, clip, gradient, trBrush, tr, outlineWidth, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2724:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MakeRectPath_Outline(c, tr, outlineWidth, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2732:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outlineWidth, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2746:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2750:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2751:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2752:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2753:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2760:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open) {
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2833:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2837:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2838:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2839:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2840:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2850:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open) {
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2932:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2953:79: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeGradient_FillRoundRectX11(tree, td, clip, gradient, trBrush, tr, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:2990:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MakeRoundRectPath_Fill(c, tr, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3014:82: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeGradient_FillRoundRectX11(tree, td, NULL, gradient, trBrush, tr, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3027:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3032:73: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3045:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3068:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3106:60: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MakeRoundRectPath_Outline(c, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3126:73: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3138:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/unix/tkUnixTree.c:3143:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_FillRoundRectX11(tree, td, clip, gc, tr, rx, ry, open);
data/tktreectrl-2.4.1/win/tkWinTree.c:134:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/win/tkWinTree.c:139:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int w = !(open & RECT_OPEN_W);
data/tktreectrl-2.4.1/win/tkWinTree.c:140:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int n = !(open & RECT_OPEN_N);
data/tktreectrl-2.4.1/win/tkWinTree.c:141:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int e = !(open & RECT_OPEN_E);
data/tktreectrl-2.4.1/win/tkWinTree.c:142:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int s = !(open & RECT_OPEN_S);
data/tktreectrl-2.4.1/win/tkWinTree.c:1500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myPath[1024];
data/tktreectrl-2.4.1/win/tkWinTree.c:1528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/tktreectrl-2.4.1/win/tkWinTree.c:2023:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iStateId = open ? HGLPS_OPENED : HGLPS_CLOSED;
data/tktreectrl-2.4.1/win/tkWinTree.c:2026:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iStateId = open ? GLPS_OPENED : GLPS_CLOSED;
data/tktreectrl-2.4.1/win/tkWinTree.c:2081:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open, /* TRUE if expanded button. */
data/tktreectrl-2.4.1/win/tkWinTree.c:2098:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
size = open ? themeData->buttonOpen : themeData->buttonClosed;
data/tktreectrl-2.4.1/win/tkWinTree.c:2110:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iStateId = open ? GLPS_OPENED : GLPS_CLOSED;
data/tktreectrl-2.4.1/win/tkWinTree.c:2147:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open)
data/tktreectrl-2.4.1/win/tkWinTree.c:3337:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open, /* RECT_OPEN_x flags. */
data/tktreectrl-2.4.1/win/tkWinTree.c:3342:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3343:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3344:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3345:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3385:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/win/tkWinTree.c:3405:80: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TreeGradient_DrawRectX11(tree, td, clip, gradient, trBrush, tr, outlineWidth, open);
data/tktreectrl-2.4.1/win/tkWinTree.c:3432:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRectPath_Outline(path, tr, open, outlineWidth);
data/tktreectrl-2.4.1/win/tkWinTree.c:3458:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open, /* RECT_OPEN_x flags. */
data/tktreectrl-2.4.1/win/tkWinTree.c:3465:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3466:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3467:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3468:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3557:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/win/tkWinTree.c:3572:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/win/tkWinTree.c:3595:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, 0, 0, 0);
data/tktreectrl-2.4.1/win/tkWinTree.c:3602:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, i, i-1, 0);
data/tktreectrl-2.4.1/win/tkWinTree.c:3607:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, i, i, 0);
data/tktreectrl-2.4.1/win/tkWinTree.c:3633:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/win/tkWinTree.c:3657:70: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_DrawRoundRectX11(tree, td, clip, gc, tr, outlineWidth, rx, ry, open);
data/tktreectrl-2.4.1/win/tkWinTree.c:3686:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, 0, 0,
data/tktreectrl-2.4.1/win/tkWinTree.c:3696:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, i, i-1, 0);
data/tktreectrl-2.4.1/win/tkWinTree.c:3701:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, i, i, 0);
data/tktreectrl-2.4.1/win/tkWinTree.c:3736:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags. */
data/tktreectrl-2.4.1/win/tkWinTree.c:3743:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawW = (open & RECT_OPEN_W) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3744:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawN = (open & RECT_OPEN_N) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3745:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawE = (open & RECT_OPEN_E) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3746:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int drawS = (open & RECT_OPEN_S) == 0;
data/tktreectrl-2.4.1/win/tkWinTree.c:3819:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/win/tkWinTree.c:3836:56: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Tree_FillRoundRectX11(tree, td, clip, gc, tr, rx, ry, open);
data/tktreectrl-2.4.1/win/tkWinTree.c:3865:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Fill(path, tr, rx, ry, open
data/tktreectrl-2.4.1/win/tkWinTree.c:3884:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, 0, 0, 0);
data/tktreectrl-2.4.1/win/tkWinTree.c:3912:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open /* RECT_OPEN_x flags */
data/tktreectrl-2.4.1/win/tkWinTree.c:3934:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rx, ry, open);
data/tktreectrl-2.4.1/win/tkWinTree.c:3957:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Fill(path, tr, rx, ry, open
data/tktreectrl-2.4.1/win/tkWinTree.c:3975:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GetRoundRectPath_Outline(path, tr, rx, ry, open, 0, 0, 0);
data/tktreectrl-2.4.1/generic/qebind.c:224:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eiPtr->name = Tcl_Alloc((int) strlen(name) + 1);
data/tktreectrl-2.4.1/generic/qebind.c:680:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int) (strlen(cmdOld) + strlen(command) + 2);
data/tktreectrl-2.4.1/generic/qebind.c:680:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (int) (strlen(cmdOld) + strlen(command) + 2);
data/tktreectrl-2.4.1/generic/qebind.c:687:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdNew = (char *) Tcl_Alloc((unsigned) strlen(command) + 1);
data/tktreectrl-2.4.1/generic/qebind.c:1195:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/tktreectrl-2.4.1/generic/qebind.c:1212:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *detailName = p + strlen(p) + 1;
data/tktreectrl-2.4.1/generic/qebind.c:1213:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *object = detailName + strlen(detailName) + 1;
data/tktreectrl-2.4.1/generic/qebind.c:1223:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/tktreectrl-2.4.1/generic/qebind.c:1225:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/tktreectrl-2.4.1/generic/qebind.c:1227:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:1463:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tree->itemPrefixLen = (int) strlen(tree->itemPrefix);
data/tktreectrl-2.4.1/generic/tkTreeCtrl.c:1464:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tree->columnPrefixLen = (int) strlen(tree->columnPrefix);
data/tktreectrl-2.4.1/generic/tkTreeDisplay.c:2651:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dItem->magic, "MAGC", 4);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:3513:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elemX->textLen = (int) strlen(elemX->textCfg);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:4248:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ellipsisLen = (int) strlen(ellipsis);
data/tktreectrl-2.4.1/generic/tkTreeElem.c:4480:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obj.length = (int) strlen(elemX->textCfg);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:251:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ellipsisNumBytes = (int) strlen(ellipsis);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:906:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ellipsisLen = (int) strlen(ellipsis);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:1102:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ellipsisLen = (int) strlen(ellipsis);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2712:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(elem->dbug, "DBUG", 4);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:2722:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(elem->dbug, "DBUG", 4);
data/tktreectrl-2.4.1/generic/tkTreeUtils.c:3030:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(tplPtr->magic, "MAGC", 4);
ANALYSIS SUMMARY:
Hits = 357
Lines analyzed = 74042 in approximately 1.67 seconds (44385 lines/second)
Physical Source Lines of Code (SLOC) = 50873
Hits@level = [0] 1 [1] 22 [2] 302 [3] 7 [4] 26 [5] 0
Hits@level+ = [0+] 358 [1+] 357 [2+] 335 [3+] 33 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 7.03713 [1+] 7.01747 [2+] 6.58503 [3+] 0.648674 [4+] 0.511077 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.