Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tlf-1.4.1/test/run_bands.c
Examining data/tlf-1.4.1/test/test.h
Examining data/tlf-1.4.1/test/run_recallexchange.c
Examining data/tlf-1.4.1/test/run_addmult.c
Examining data/tlf-1.4.1/test/test_initial_exchange.c
Examining data/tlf-1.4.1/test/run_checklogfile.c
Examining data/tlf-1.4.1/test/test_zone_nr.c
Examining data/tlf-1.4.1/test/run_locator2longlat.c
Examining data/tlf-1.4.1/test/run_cabrillo.c
Examining data/tlf-1.4.1/test/test_addpfx.c
Examining data/tlf-1.4.1/test/test_bands.c
Examining data/tlf-1.4.1/test/test_cabrillo.c
Examining data/tlf-1.4.1/test/test_clusterinfo.c
Examining data/tlf-1.4.1/test/run_clusterinfo.c
Examining data/tlf-1.4.1/test/run_dxcc.c
Examining data/tlf-1.4.1/test/test_addcall.c
Examining data/tlf-1.4.1/test/run_cw_utils.c
Examining data/tlf-1.4.1/test/functions.c
Examining data/tlf-1.4.1/test/test_recallexchange.c
Examining data/tlf-1.4.1/test/run_wwv.c
Examining data/tlf-1.4.1/test/test_dxcc.c
Examining data/tlf-1.4.1/test/test_cw_utils.c
Examining data/tlf-1.4.1/test/test_addmult.c
Examining data/tlf-1.4.1/test/test_checklogfile.c
Examining data/tlf-1.4.1/test/run_zone_nr.c
Examining data/tlf-1.4.1/test/data.c
Examining data/tlf-1.4.1/test/run_initial_exchange.c
Examining data/tlf-1.4.1/test/test_wwv.c
Examining data/tlf-1.4.1/test/test_logutils.c
Examining data/tlf-1.4.1/test/test_searchlog.c
Examining data/tlf-1.4.1/test/run_readcalls.c
Examining data/tlf-1.4.1/test/run_sendbuf.c
Examining data/tlf-1.4.1/test/run_searchlog.c
Examining data/tlf-1.4.1/test/run_addpfx.c
Examining data/tlf-1.4.1/test/run_getctydata.c
Examining data/tlf-1.4.1/test/test_score.c
Examining data/tlf-1.4.1/test/test_getctydata.c
Examining data/tlf-1.4.1/test/test_prefix.c
Examining data/tlf-1.4.1/test/run_prefix.c
Examining data/tlf-1.4.1/test/run_score.c
Examining data/tlf-1.4.1/test/run_logutils.c
Examining data/tlf-1.4.1/test/test_readcalls.c
Examining data/tlf-1.4.1/test/test_sendbuf.c
Examining data/tlf-1.4.1/test/test_locator2longlat.c
Examining data/tlf-1.4.1/test/run_addcall.c
Examining data/tlf-1.4.1/src/deleteqso.h
Examining data/tlf-1.4.1/src/qsonr_to_str.c
Examining data/tlf-1.4.1/src/getsummary.h
Examining data/tlf-1.4.1/src/addcall.c
Examining data/tlf-1.4.1/src/paccdx.h
Examining data/tlf-1.4.1/src/recall_exchange.c
Examining data/tlf-1.4.1/src/keystroke_names.h
Examining data/tlf-1.4.1/src/logview.h
Examining data/tlf-1.4.1/src/getexchange.h
Examining data/tlf-1.4.1/src/set_tone.h
Examining data/tlf-1.4.1/src/showinfo.c
Examining data/tlf-1.4.1/src/zone_nr.c
Examining data/tlf-1.4.1/src/note.c
Examining data/tlf-1.4.1/src/sunup.h
Examining data/tlf-1.4.1/src/zone_nr.h
Examining data/tlf-1.4.1/src/checkqtclogfile.c
Examining data/tlf-1.4.1/src/addpfx.c
Examining data/tlf-1.4.1/src/sunup.c
Examining data/tlf-1.4.1/src/background_process.h
Examining data/tlf-1.4.1/src/writeparas.h
Examining data/tlf-1.4.1/src/rules.h
Examining data/tlf-1.4.1/src/store_qso.h
Examining data/tlf-1.4.1/src/addpfx.h
Examining data/tlf-1.4.1/src/gettxinfo.h
Examining data/tlf-1.4.1/src/addspot.h
Examining data/tlf-1.4.1/src/showinfo.h
Examining data/tlf-1.4.1/src/rtty.c
Examining data/tlf-1.4.1/src/fldigixmlrpc.h
Examining data/tlf-1.4.1/src/showzones.h
Examining data/tlf-1.4.1/src/sockserv.h
Examining data/tlf-1.4.1/src/cabrillo_utils.h
Examining data/tlf-1.4.1/src/setparameters.c
Examining data/tlf-1.4.1/src/setcontest.c
Examining data/tlf-1.4.1/src/readqtccalls.c
Examining data/tlf-1.4.1/src/readctydata.h
Examining data/tlf-1.4.1/src/qtcwin.c
Examining data/tlf-1.4.1/src/fldigixmlrpc.c
Examining data/tlf-1.4.1/src/readqtccalls.h
Examining data/tlf-1.4.1/src/readcabrillo.c
Examining data/tlf-1.4.1/src/parse_logcfg.c
Examining data/tlf-1.4.1/src/printcall.c
Examining data/tlf-1.4.1/src/getexchange.c
Examining data/tlf-1.4.1/src/speedupndown.h
Examining data/tlf-1.4.1/src/sendqrg.h
Examining data/tlf-1.4.1/src/store_qso.c
Examining data/tlf-1.4.1/src/makelogline.c
Examining data/tlf-1.4.1/src/ui_utils.c
Examining data/tlf-1.4.1/src/log_to_disk.h
Examining data/tlf-1.4.1/src/sendbuf.h
Examining data/tlf-1.4.1/src/splitscreen.h
Examining data/tlf-1.4.1/src/qtcvars.h
Examining data/tlf-1.4.1/src/recall_exchange.h
Examining data/tlf-1.4.1/src/rtty.h
Examining data/tlf-1.4.1/src/clear_display.h
Examining data/tlf-1.4.1/src/keyer.c
Examining data/tlf-1.4.1/src/sendbuf.c
Examining data/tlf-1.4.1/src/logit.h
Examining data/tlf-1.4.1/src/write_keyer.c
Examining data/tlf-1.4.1/src/callinput.c
Examining data/tlf-1.4.1/src/calledit.c
Examining data/tlf-1.4.1/src/nicebox.h
Examining data/tlf-1.4.1/src/logview.c
Examining data/tlf-1.4.1/src/last10.h
Examining data/tlf-1.4.1/src/muf.h
Examining data/tlf-1.4.1/src/addarea.c
Examining data/tlf-1.4.1/src/write_keyer.h
Examining data/tlf-1.4.1/src/stoptx.c
Examining data/tlf-1.4.1/src/ignore_unused.h
Examining data/tlf-1.4.1/src/displayit.h
Examining data/tlf-1.4.1/src/audio.c
Examining data/tlf-1.4.1/src/background_process.c
Examining data/tlf-1.4.1/src/muf.c
Examining data/tlf-1.4.1/src/initial_exchange.h
Examining data/tlf-1.4.1/src/trx_memory.c
Examining data/tlf-1.4.1/src/listmessages.h
Examining data/tlf-1.4.1/src/qtc_log.c
Examining data/tlf-1.4.1/src/genqtclist.c
Examining data/tlf-1.4.1/src/writeparas.c
Examining data/tlf-1.4.1/src/score.c
Examining data/tlf-1.4.1/src/rules.c
Examining data/tlf-1.4.1/src/get_time.c
Examining data/tlf-1.4.1/src/tlf_panel.h
Examining data/tlf-1.4.1/src/err_utils.c
Examining data/tlf-1.4.1/src/netkeyer.h
Examining data/tlf-1.4.1/src/qtc_log.h
Examining data/tlf-1.4.1/src/readcabrillo.h
Examining data/tlf-1.4.1/src/dxcc.h
Examining data/tlf-1.4.1/src/log_to_disk.c
Examining data/tlf-1.4.1/src/changepars.c
Examining data/tlf-1.4.1/src/addcall.h
Examining data/tlf-1.4.1/src/dxcc.c
Examining data/tlf-1.4.1/src/set_tone.c
Examining data/tlf-1.4.1/src/sockserv.c
Examining data/tlf-1.4.1/src/ui_utils.h
Examining data/tlf-1.4.1/src/clear_display.c
Examining data/tlf-1.4.1/src/showzones.c
Examining data/tlf-1.4.1/src/qtcwin.h
Examining data/tlf-1.4.1/src/getpx.h
Examining data/tlf-1.4.1/src/lancode.h
Examining data/tlf-1.4.1/src/searchlog.c
Examining data/tlf-1.4.1/src/clusterinfo.h
Examining data/tlf-1.4.1/src/focm.c
Examining data/tlf-1.4.1/src/showscore.c
Examining data/tlf-1.4.1/src/log_utils.c
Examining data/tlf-1.4.1/src/changepars.h
Examining data/tlf-1.4.1/src/log_utils.h
Examining data/tlf-1.4.1/src/logit.c
Examining data/tlf-1.4.1/src/splitscreen.c
Examining data/tlf-1.4.1/src/showscore.h
Examining data/tlf-1.4.1/src/qsonr_to_str.h
Examining data/tlf-1.4.1/src/edit_last.c
Examining data/tlf-1.4.1/src/addmult.h
Examining data/tlf-1.4.1/src/displayit.c
Examining data/tlf-1.4.1/src/addmult.c
Examining data/tlf-1.4.1/src/getctydata.h
Examining data/tlf-1.4.1/src/genqtclist.h
Examining data/tlf-1.4.1/src/qtcutil.h
Examining data/tlf-1.4.1/src/changefreq.h
Examining data/tlf-1.4.1/src/readcalls.c
Examining data/tlf-1.4.1/src/getmessages.h
Examining data/tlf-1.4.1/src/cleanup.c
Examining data/tlf-1.4.1/src/tlf.h
Examining data/tlf-1.4.1/src/scroll_log.h
Examining data/tlf-1.4.1/src/searchcallarray.c
Examining data/tlf-1.4.1/src/bands.h
Examining data/tlf-1.4.1/src/globalvars.h
Examining data/tlf-1.4.1/src/callinput.h
Examining data/tlf-1.4.1/src/edit_last.h
Examining data/tlf-1.4.1/src/writecabrillo.c
Examining data/tlf-1.4.1/src/clusterinfo.c
Examining data/tlf-1.4.1/src/grabspot.c
Examining data/tlf-1.4.1/src/tlf_curses.h
Examining data/tlf-1.4.1/src/getsummary.c
Examining data/tlf-1.4.1/src/deleteqso.c
Examining data/tlf-1.4.1/src/bandmap.c
Examining data/tlf-1.4.1/src/speedupndown.c
Examining data/tlf-1.4.1/src/trx_memory.h
Examining data/tlf-1.4.1/src/freq_display.h
Examining data/tlf-1.4.1/src/getwwv.c
Examining data/tlf-1.4.1/src/prevqso.h
Examining data/tlf-1.4.1/src/setcontest.h
Examining data/tlf-1.4.1/src/setparameters.h
Examining data/tlf-1.4.1/src/show_help.c
Examining data/tlf-1.4.1/src/startmsg.c
Examining data/tlf-1.4.1/src/locator2longlat.c
Examining data/tlf-1.4.1/src/netkeyer.c
Examining data/tlf-1.4.1/src/last10.c
Examining data/tlf-1.4.1/src/cw_utils.c
Examining data/tlf-1.4.1/src/addspot.c
Examining data/tlf-1.4.1/src/score.h
Examining data/tlf-1.4.1/src/qrb.c
Examining data/tlf-1.4.1/src/time_update.h
Examining data/tlf-1.4.1/src/sendspcall.c
Examining data/tlf-1.4.1/src/makelogline.h
Examining data/tlf-1.4.1/src/audio.h
Examining data/tlf-1.4.1/src/checkparameters.h
Examining data/tlf-1.4.1/src/getwwv.h
Examining data/tlf-1.4.1/src/cleanup.h
Examining data/tlf-1.4.1/src/editlog.c
Examining data/tlf-1.4.1/src/note.h
Examining data/tlf-1.4.1/src/nicebox.c
Examining data/tlf-1.4.1/src/editlog.h
Examining data/tlf-1.4.1/src/bands.c
Examining data/tlf-1.4.1/src/messagechange.h
Examining data/tlf-1.4.1/src/checkqtclogfile.h
Examining data/tlf-1.4.1/src/qtcutil.c
Examining data/tlf-1.4.1/src/qrb.h
Examining data/tlf-1.4.1/src/readctydata.c
Examining data/tlf-1.4.1/src/show_help.h
Examining data/tlf-1.4.1/src/showpxmap.h
Examining data/tlf-1.4.1/src/prevqso.c
Examining data/tlf-1.4.1/src/writecabrillo.h
Examining data/tlf-1.4.1/src/searchcallarray.h
Examining data/tlf-1.4.1/src/calledit.h
Examining data/tlf-1.4.1/src/focm.h
Examining data/tlf-1.4.1/src/readcalls.h
Examining data/tlf-1.4.1/src/showpxmap.c
Examining data/tlf-1.4.1/src/gettxinfo.c
Examining data/tlf-1.4.1/src/err_utils.h
Examining data/tlf-1.4.1/src/getpx.c
Examining data/tlf-1.4.1/src/sendspcall.h
Examining data/tlf-1.4.1/src/checklogfile.h
Examining data/tlf-1.4.1/src/checklogfile.c
Examining data/tlf-1.4.1/src/keyer.h
Examining data/tlf-1.4.1/src/checkparameters.c
Examining data/tlf-1.4.1/src/main.c
Examining data/tlf-1.4.1/src/getmessages.c
Examining data/tlf-1.4.1/src/listmessages.c
Examining data/tlf-1.4.1/src/startmsg.h
Examining data/tlf-1.4.1/src/cw_utils.h
Examining data/tlf-1.4.1/src/paccdx.c
Examining data/tlf-1.4.1/src/scroll_log.c
Examining data/tlf-1.4.1/src/locator2longlat.h
Examining data/tlf-1.4.1/src/autocq.c
Examining data/tlf-1.4.1/src/sendqrg.c
Examining data/tlf-1.4.1/src/get_time.h
Examining data/tlf-1.4.1/src/grabspot.h
Examining data/tlf-1.4.1/src/printcall.h
Examining data/tlf-1.4.1/src/freq_display.c
Examining data/tlf-1.4.1/src/autocq.h
Examining data/tlf-1.4.1/src/lancode.c
Examining data/tlf-1.4.1/src/getctydata.c
Examining data/tlf-1.4.1/src/addarea.h
Examining data/tlf-1.4.1/src/messagechange.c
Examining data/tlf-1.4.1/src/cabrillo_utils.c
Examining data/tlf-1.4.1/src/initial_exchange.c
Examining data/tlf-1.4.1/src/parse_logcfg.h
Examining data/tlf-1.4.1/src/time_update.c
Examining data/tlf-1.4.1/src/bandmap.h
Examining data/tlf-1.4.1/src/searchlog.h
Examining data/tlf-1.4.1/src/stoptx.h
Examining data/tlf-1.4.1/src/changefreq.c
FINAL RESULTS:
data/tlf-1.4.1/src/addcall.c:120:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(worked[i].exchange, comment);
data/tlf-1.4.1/src/addmult.c:343:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mults_location, "%s%s%s", PACKAGE_DATA_DIR, "/", multsfile);
data/tlf-1.4.1/src/addmult.c:446:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(multis[nr_multis].name, multiplier);
data/tlf-1.4.1/src/addspot.c:56:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(spotline, "DX de TLF-%c: %9.3f %s", thisnode, freq / 1000.0, call);
data/tlf-1.4.1/src/addspot.c:57:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(spotline, spaces(43));
data/tlf-1.4.1/src/addspot.c:62:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spotline + 70, spottime);
data/tlf-1.4.1/src/audio.c:76:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commands, ph_message[message_nr]);
data/tlf-1.4.1/src/audio.c:78:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(commands));;
data/tlf-1.4.1/src/audio.c:83:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("pkill -SIGINT -n rec"));;
data/tlf-1.4.1/src/audio.c:174:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("echo " " > ~/.VRlock"));;
data/tlf-1.4.1/src/audio.c:176:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system
data/tlf-1.4.1/src/audio.c:190:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("rm ~/.VRlock"));;
data/tlf-1.4.1/src/audio.c:191:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("pkill -f soundlogs > /dev/null 2> /dev/null "));;
data/tlf-1.4.1/src/audio.c:237:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commands, sc_device);
data/tlf-1.4.1/src/audio.c:242:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commands, playbackfile + 6);
data/tlf-1.4.1/src/audio.c:244:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commands, playbackfile);
data/tlf-1.4.1/src/audio.c:247:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commands, playbackfile);
data/tlf-1.4.1/src/audio.c:253:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(commands));;
data/tlf-1.4.1/src/background_process.c:184:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(debugbuffer, lan_message);
data/tlf-1.4.1/src/background_process.c:238:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(talkarray[t], talkarray[t + 1]);
data/tlf-1.4.1/src/background_process.c:341:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonecpy, tonestr);
data/tlf-1.4.1/src/background_process.c:390:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonestr, simulator_tone);
data/tlf-1.4.1/src/background_process.c:407:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonestr, tonecpy);
data/tlf-1.4.1/src/background_process.c:414:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonecpy, tonestr);
data/tlf-1.4.1/src/background_process.c:415:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonestr, simulator_tone);
data/tlf-1.4.1/src/background_process.c:420:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(callcpy, CALLMASTERARRAY(callnumber));
data/tlf-1.4.1/src/background_process.c:430:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonestr, tonecpy);
data/tlf-1.4.1/src/background_process.c:438:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonecpy, tonestr);
data/tlf-1.4.1/src/background_process.c:439:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonestr, simulator_tone);
data/tlf-1.4.1/src/background_process.c:444:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(callcpy, CALLMASTERARRAY(callnumber));
data/tlf-1.4.1/src/background_process.c:455:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tonestr, tonecpy);
data/tlf-1.4.1/src/bandmap.c:1074:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, data->call);
data/tlf-1.4.1/src/calledit.c:168:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(call1, call2);
data/tlf-1.4.1/src/calledit.c:172:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, call1);
data/tlf-1.4.1/src/calledit.c:248:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(call1, call2);
data/tlf-1.4.1/src/calledit.c:251:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, call1);
data/tlf-1.4.1/src/callinput.c:314:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, cqzone);
data/tlf-1.4.1/src/callinput.c:317:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, ituzone);
data/tlf-1.4.1/src/callinput.c:871:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("clear"));;
data/tlf-1.4.1/src/callinput.c:872:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(shell));;
data/tlf-1.4.1/src/callinput.c:873:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("clear"));;
data/tlf-1.4.1/src/callinput.c:1045:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hiscall, instring);
data/tlf-1.4.1/src/callinput.c:1141:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall_sent, hiscall);
data/tlf-1.4.1/src/callinput.c:1235:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("./play_vk", X_OK) == 0) {
data/tlf-1.4.1/src/callinput.c:1236:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(playcommand, "./play_vk %s", audiofile);
data/tlf-1.4.1/src/callinput.c:1238:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(playcommand, "play_vk %s", audiofile);
data/tlf-1.4.1/src/callinput.c:1249:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(playcommand));;
data/tlf-1.4.1/src/changepars.c:860:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mprint, "%-4s", tmp);
data/tlf-1.4.1/src/changepars.c:863:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mprint, (worked_at & BAND160) ? "*" : "-");
data/tlf-1.4.1/src/changepars.c:864:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mprint, (worked_at & BAND80) ? "*" : "-");
data/tlf-1.4.1/src/changepars.c:865:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mprint, (worked_at & BAND40) ? "*" : "-");
data/tlf-1.4.1/src/changepars.c:866:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mprint, (worked_at & BAND20) ? "*" : "-");
data/tlf-1.4.1/src/changepars.c:867:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mprint, (worked_at & BAND15) ? "*" : "-");
data/tlf-1.4.1/src/changepars.c:868:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mprint, (worked_at & BAND10) ? "*" : "-");
data/tlf-1.4.1/src/changepars.c:1001:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, eom);
data/tlf-1.4.1/src/checklogfile.c:69:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = system(cmd);
data/tlf-1.4.1/src/checklogfile.c:97:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, fill);
data/tlf-1.4.1/src/clusterinfo.c:283:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(spotline, spottime);
data/tlf-1.4.1/src/clusterinfo.c:348:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(marker_out, "%4d %4d \"%s\" color=%s\n",
data/tlf-1.4.1/src/clusterinfo.c:367:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(xplanetmsg, lastmsg);
data/tlf-1.4.1/src/clusterinfo.c:406:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(calldupe, call);
data/tlf-1.4.1/src/displayit.c:50:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terminal1, terminal2);
data/tlf-1.4.1/src/displayit.c:51:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terminal2, terminal3);
data/tlf-1.4.1/src/displayit.c:52:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terminal3, terminal4);
data/tlf-1.4.1/src/displayit.c:53:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(terminal4, term2buf);
data/tlf-1.4.1/src/edit_last.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, qsos[nr]);
data/tlf-1.4.1/src/edit_last.c:91:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qsos[nr], buffer);
data/tlf-1.4.1/src/editlog.c:61:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
retval = (system(cmdstr));;
data/tlf-1.4.1/src/fldigixmlrpc.c:608:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, tempstr);
data/tlf-1.4.1/src/fldigixmlrpc.c:610:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(thiscall, hiscall);
data/tlf-1.4.1/src/fldigixmlrpc.c:667:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, tempstr);
data/tlf-1.4.1/src/fldigixmlrpc.c:669:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tcomment, comment);
data/tlf-1.4.1/src/genqtclist.c:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc + qpos, tstring);
data/tlf-1.4.1/src/getctydata.c:151:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call2, checkcall + loc + 1); /* 2nd part after '/' */
data/tlf-1.4.1/src/getctydata.c:155:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkcall, call2);
data/tlf-1.4.1/src/getctydata.c:185:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkcall, checkbuffer);
data/tlf-1.4.1/src/getctydata.c:244:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zone_export, cqzone);
data/tlf-1.4.1/src/getctydata.c:246:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zone_export, ituzone);
data/tlf-1.4.1/src/getexchange.c:134:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, ituzone);
data/tlf-1.4.1/src/getexchange.c:136:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, cqzone);
data/tlf-1.4.1/src/getexchange.c:140:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, continent);
data/tlf-1.4.1/src/getexchange.c:366:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, instring);
data/tlf-1.4.1/src/getexchange.c:389:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentbuf, comment);
data/tlf-1.4.1/src/getexchange.c:392:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:396:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentbuf, comment);
data/tlf-1.4.1/src/getexchange.c:399:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:407:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentbuf, comment);
data/tlf-1.4.1/src/getexchange.c:410:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:414:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentbuf, comment);
data/tlf-1.4.1/src/getexchange.c:417:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:429:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commentbuf, comment + 1);
data/tlf-1.4.1/src/getexchange.c:430:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:438:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commentbuf, comment + 2);
data/tlf-1.4.1/src/getexchange.c:439:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:446:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentbuf, comment);
data/tlf-1.4.1/src/getexchange.c:449:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:453:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentbuf, comment);
data/tlf-1.4.1/src/getexchange.c:456:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, commentbuf);
data/tlf-1.4.1/src/getexchange.c:480:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, gridmult);
data/tlf-1.4.1/src/getexchange.c:719:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, callupdate);
data/tlf-1.4.1/src/getexchange.c:815:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, callupdate);
data/tlf-1.4.1/src/getexchange.c:859:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, multi);
data/tlf-1.4.1/src/getexchange.c:869:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " %4s %1s %2s %2s ", serial, precedent,
data/tlf-1.4.1/src/getexchange.c:877:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ssexchange, serial);
data/tlf-1.4.1/src/getexchange.c:879:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ssexchange, precedent);
data/tlf-1.4.1/src/getexchange.c:881:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ssexchange, check);
data/tlf-1.4.1/src/getexchange.c:883:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ssexchange, section);
data/tlf-1.4.1/src/getexchange.c:938:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, get_mult(jj));
data/tlf-1.4.1/src/getexchange.c:965:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, get_mult(idx));
data/tlf-1.4.1/src/getexchange.c:981:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, get_mult(jj));
data/tlf-1.4.1/src/getexchange.c:1027:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, callupdate);
data/tlf-1.4.1/src/getexchange.c:1048:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ssexchange, section);
data/tlf-1.4.1/src/getexchange.c:1200:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, comment2);
data/tlf-1.4.1/src/getmessages.c:56:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mycontinent, mydx->continent);
data/tlf-1.4.1/src/getpx.c:99:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pxstr, pxbuffer);
data/tlf-1.4.1/src/getwwv.c:102:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lastwwv, "Condx: %-18s %-8s %-10s %-9s %-5s %s",
data/tlf-1.4.1/src/grabspot.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, data->call);
data/tlf-1.4.1/src/lancode.c:183:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_message, lan_recv_message);
data/tlf-1.4.1/src/listmessages.c:51:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(printbuffer, backgrnd_str);
data/tlf-1.4.1/src/log_to_disk.c:87:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_rst, his_rst); /* remember last report */
data/tlf-1.4.1/src/log_to_disk.c:93:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lan_logline, spaces(78));
data/tlf-1.4.1/src/logit.c:97:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, cqzone);
data/tlf-1.4.1/src/logit.c:129:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, itustr); /* fill in the ITUzone */
data/tlf-1.4.1/src/logit.c:131:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, cqzone); /* fill in the CQzone */
data/tlf-1.4.1/src/logit.c:150:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, cqzone); /* fill in the zone */
data/tlf-1.4.1/src/logview.c:41:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comstr, logfile);
data/tlf-1.4.1/src/logview.c:44:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(comstr));;
data/tlf-1.4.1/src/main.c:494:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(synclogfile, arg);
data/tlf-1.4.1/src/main.c:899:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(welcome, " Welcome to %s by PA0R!!", argp_program_version);
data/tlf-1.4.1/src/main.c:906:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline0, backgrnd_str);
data/tlf-1.4.1/src/main.c:907:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline1, backgrnd_str);
data/tlf-1.4.1/src/main.c:908:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline2, backgrnd_str);
data/tlf-1.4.1/src/main.c:909:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline3, backgrnd_str);
data/tlf-1.4.1/src/main.c:910:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, backgrnd_str);
data/tlf-1.4.1/src/main.c:912:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(terminal1, backgrnd_str);
data/tlf-1.4.1/src/main.c:913:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(terminal2, backgrnd_str);
data/tlf-1.4.1/src/main.c:914:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(terminal3, backgrnd_str);
data/tlf-1.4.1/src/main.c:915:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(terminal4, backgrnd_str);
data/tlf-1.4.1/src/main.c:942:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tstring, "Converting cabrillo for contest %s from file %s.cbr",
data/tlf-1.4.1/src/makelogline.c:73:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastcall, hiscall);
data/tlf-1.4.1/src/makelogline.c:97:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, freq_buff);
data/tlf-1.4.1/src/makelogline.c:131:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logline4, band[bandinx]);
data/tlf-1.4.1/src/makelogline.c:146:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, time_buf);
data/tlf-1.4.1/src/makelogline.c:155:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, khz);
data/tlf-1.4.1/src/makelogline.c:159:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, lastqsonr);
data/tlf-1.4.1/src/makelogline.c:162:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, qsonrstr);
data/tlf-1.4.1/src/makelogline.c:188:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, his_rst); /* till 54 */
data/tlf-1.4.1/src/makelogline.c:190:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logline4, my_rst);
data/tlf-1.4.1/src/makelogline.c:263:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logline4 + 54, "%4.0d %s", sr_nr, grid);
data/tlf-1.4.1/src/messagechange.c:70:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[bufnr], printbuf);
data/tlf-1.4.1/src/parse_logcfg.c:112:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defltconf, PACKAGE_DATA_DIR);
data/tlf-1.4.1/src/parse_logcfg.c:648:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[ii - 2], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:653:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[ii - 2], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:658:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[SP_TU_MSG], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:663:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[CQ_TU_MSG], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:695:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whichcontest, g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:706:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile, g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:861:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:871:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:882:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:966:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:982:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:996:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1003:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1068:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[ii - 58], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1116:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(markerfile, g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:1127:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(markerfile, g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:1133:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(markerfile, g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:1189:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(country_list_raw, temp_buffer);
data/tlf-1.4.1/src/parse_logcfg.c:1200:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(countrylist[counter], tk_ptr);
data/tlf-1.4.1/src/parse_logcfg.c:1349:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(synclogfile, g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:1354:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1360:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1394:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clusterlogin, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1474:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(myqra, fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1566:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cont_multiplier_list, temp_buffer);
data/tlf-1.4.1/src/parse_logcfg.c:1675:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parsepfx, "%sAA", tk_ptr);
data/tlf-1.4.1/src/parse_logcfg.c:1677:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parsepfx, "%s0AA", tk_ptr);
data/tlf-1.4.1/src/parse_logcfg.c:1698:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_recv_msgs[ii - 170], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1703:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_send_msgs[ii - 182], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1793:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message[SP_CALL_MSG], fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:2014:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuffer,
data/tlf-1.4.1/src/parse_logcfg.c:2023:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuffer,
data/tlf-1.4.1/src/parse_logcfg.c:2032:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuffer,
data/tlf-1.4.1/src/parse_logcfg.c:2041:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuffer,
data/tlf-1.4.1/src/qtc_log.c:50:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.band, band[bandinx]);
data/tlf-1.4.1/src/qtc_log.c:66:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.call, qtcreclist.callsign);
data/tlf-1.4.1/src/qtc_log.c:70:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtc_time, qtcreclist.qtclines[i].time);
data/tlf-1.4.1/src/qtc_log.c:72:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtc_call, qtcreclist.qtclines[i].callsign);
data/tlf-1.4.1/src/qtc_log.c:126:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.band, band[bandinx]);
data/tlf-1.4.1/src/qtc_log.c:142:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.call, qtclist.callsign);
data/tlf-1.4.1/src/qtc_log.c:147:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtcstr, qtclist.qtclines[i].qtc);
data/tlf-1.4.1/src/qtc_log.c:150:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtc_time, tempstrp);
data/tlf-1.4.1/src/qtc_log.c:158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtc_call, tempstrp);
data/tlf-1.4.1/src/qtc_log.c:261:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qtclogline,
data/tlf-1.4.1/src/qtc_log.c:274:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qtclogline,
data/tlf-1.4.1/src/qtcutil.c:68:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logline, "%s;L\n", (char *)qtc_key_list->data);
data/tlf-1.4.1/src/qtcutil.c:72:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logline, "%s;N\n", (char *)qtc_key_list->data);
data/tlf-1.4.1/src/qtcutil.c:192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(callsign, tmp);
data/tlf-1.4.1/src/qtcutil.c:214:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s;%c", callsign, flag[0]);
data/tlf-1.4.1/src/qtcwin.c:262:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reccommand, qtcrec_record_command[0]);
data/tlf-1.4.1/src/qtcwin.c:265:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(reccommand, tempc);
data/tlf-1.4.1/src/qtcwin.c:266:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(reccommand, qtcrec_record_command[1]);
data/tlf-1.4.1/src/qtcwin.c:267:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
record_run = system(reccommand);
data/tlf-1.4.1/src/qtcwin.c:280:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(reccommand, qtcrec_record_command_shutdown);
data/tlf-1.4.1/src/qtcwin.c:281:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(reccommand));;
data/tlf-1.4.1/src/qtcwin.c:291:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.callsign, tcall);
data/tlf-1.4.1/src/qtcwin.c:294:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtclist.callsign, tcall);
data/tlf-1.4.1/src/qtcwin.c:747:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmess, "%s %d/%d %s %d/%d\n",
data/tlf-1.4.1/src/qtcwin.c:762:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmess, tempc);
data/tlf-1.4.1/src/qtcwin.c:874:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmess, "%s %d/%d ", tempc, qtclist.serial, *qtccount);
data/tlf-1.4.1/src/qtcwin.c:1124:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempc, "%s;L\n", qtccallsign);
data/tlf-1.4.1/src/qtcwin.c:1133:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempc, "%s;N\n", qtccallsign);
data/tlf-1.4.1/src/qtcwin.c:1174:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtccallsign);
data/tlf-1.4.1/src/qtcwin.c:1193:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].time);
data/tlf-1.4.1/src/qtcwin.c:1197:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].callsign);
data/tlf-1.4.1/src/qtcwin.c:1201:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].serial);
data/tlf-1.4.1/src/qtcwin.c:1290:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].time);
data/tlf-1.4.1/src/qtcwin.c:1294:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].callsign);
data/tlf-1.4.1/src/qtcwin.c:1298:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].serial);
data/tlf-1.4.1/src/qtcwin.c:1312:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.qtclines[qtcrow].time, fieldval);
data/tlf-1.4.1/src/qtcwin.c:1318:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.qtclines[qtcrow].callsign, fieldval);
data/tlf-1.4.1/src/qtcwin.c:1321:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.qtclines[qtcrow].serial, fieldval);
data/tlf-1.4.1/src/qtcwin.c:1348:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtccallsign);
data/tlf-1.4.1/src/qtcwin.c:1378:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].time);
data/tlf-1.4.1/src/qtcwin.c:1381:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].callsign);
data/tlf-1.4.1/src/qtcwin.c:1384:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fieldval, "%s", qtcreclist.qtclines[qtcrow].serial);
data/tlf-1.4.1/src/qtcwin.c:1393:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.qtclines[qtcrow].time, fieldval);
data/tlf-1.4.1/src/qtcwin.c:1396:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.qtclines[qtcrow].callsign, fieldval);
data/tlf-1.4.1/src/qtcwin.c:1399:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcreclist.qtclines[qtcrow].serial, fieldval);
data/tlf-1.4.1/src/qtcwin.c:1589:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ttoken, wtoken);
data/tlf-1.4.1/src/qtcwin.c:1596:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokens[t], token);
data/tlf-1.4.1/src/qtcwin.c:1628:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokens[t], token);
data/tlf-1.4.1/src/qtcwin.c:1634:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tokens[1], tokens[2]);
data/tlf-1.4.1/src/qtcwin.c:1635:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tokens[t - 1], tokens[t]);
data/tlf-1.4.1/src/qtcwin.c:1682:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(currline, "%-38s", qtc_ry_line.content);
data/tlf-1.4.1/src/qtcwin.c:1757:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(firstline, qtc_ry_lines[0].content);
data/tlf-1.4.1/src/qtcwin.c:1760:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(firstline, qtc_ry_lines[0].content);
data/tlf-1.4.1/src/readcabrillo.c:65:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment, exchstr);
data/tlf-1.4.1/src/readcabrillo.c:83:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, getgrid(comment));
data/tlf-1.4.1/src/readcabrillo.c:125:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_last_qtc_rcall, qtcrcall);
data/tlf-1.4.1/src/readcabrillo.c:165:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.call, qtcrcall);
data/tlf-1.4.1/src/readcabrillo.c:261:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.band, band[bandinx]);
data/tlf-1.4.1/src/readcabrillo.c:295:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:298:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(my_rst, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:301:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(his_rst, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:304:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:307:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:321:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcrcall, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:322:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.call, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:325:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtchead, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:336:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtcscall, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:337:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.call, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:340:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtcstr, tempstr);
data/tlf-1.4.1/src/readcabrillo.c:342:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtc_time, tempstrp);
data/tlf-1.4.1/src/readcabrillo.c:346:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtc_line.qtc_call, tempstrp);
data/tlf-1.4.1/src/readcabrillo.c:435:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp_logfile, logfile);
data/tlf-1.4.1/src/readcabrillo.c:437:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_logfile, call);
data/tlf-1.4.1/src/readcabrillo.c:442:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output_logfile, logfile);
data/tlf-1.4.1/src/readcabrillo.c:443:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile, output_logfile);
data/tlf-1.4.1/src/readcabrillo.c:480:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_qsonrstr, qsonrstr);
data/tlf-1.4.1/src/readcabrillo.c:488:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qsonrstr, t_qsonrstr);
data/tlf-1.4.1/src/readcabrillo.c:496:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logfile, temp_logfile);
data/tlf-1.4.1/src/readcalls.c:273:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, presentcall);
data/tlf-1.4.1/src/readcalls.c:351:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, presentcall);
data/tlf-1.4.1/src/readcalls.c:403:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(checkcall, worked[n].call);
data/tlf-1.4.1/src/readcalls.c:501:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(wgetcmd, synclogfile);
data/tlf-1.4.1/src/readcalls.c:509:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(wgetcmd) == 0)
data/tlf-1.4.1/src/readcalls.c:518:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wgetcmd, "cp %s log2", logfile);
data/tlf-1.4.1/src/readcalls.c:519:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(wgetcmd) != 0)
data/tlf-1.4.1/src/readcalls.c:524:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wgetcmd, "cp %s %s%s", logfile, date_buf, logfile);
data/tlf-1.4.1/src/readcalls.c:525:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(wgetcmd) != 0)
data/tlf-1.4.1/src/readcalls.c:530:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wgetcmd, "cat log1 log2 | sort -g -k4,4 | uniq > %s",
data/tlf-1.4.1/src/readcalls.c:532:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(wgetcmd) == 0)
data/tlf-1.4.1/src/readcalls.c:540:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("rm log1"));;
data/tlf-1.4.1/src/readcalls.c:541:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("rm log2"));;
data/tlf-1.4.1/src/recall_exchange.c:66:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, worked[i].exchange);
data/tlf-1.4.1/src/recall_exchange.c:89:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment, current_ie->exchange);
data/tlf-1.4.1/src/rules.c:68:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(contest_conf, whichcontest);
data/tlf-1.4.1/src/rules.c:72:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(basic_contest_conf, whichcontest);
data/tlf-1.4.1/src/score.c:69:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpcall, call);
data/tlf-1.4.1/src/score.c:71:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpcall, hiscall);
data/tlf-1.4.1/src/score.c:83:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, pxstr);
data/tlf-1.4.1/src/scroll_log.c:112:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inputbuffer, spaces(80));
data/tlf-1.4.1/src/searchlog.c:187:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suggested_call, call);
data/tlf-1.4.1/src/searchlog.c:316:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, suggested_call);
data/tlf-1.4.1/src/searchlog.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(callmaster_location, callmaster_filename);
data/tlf-1.4.1/src/searchlog.c:816:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(callmaster_location, PACKAGE_DATA_DIR);
data/tlf-1.4.1/src/searchlog.c:818:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(callmaster_location, callmaster_filename);
data/tlf-1.4.1/src/searchlog.c:891:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mprint, get_mult(cnt));
data/tlf-1.4.1/src/sendbuf.c:188:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comstr, call);
data/tlf-1.4.1/src/sendbuf.c:268:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(termbuf, buffer);
data/tlf-1.4.1/src/sendspcall.c:58:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, call);
data/tlf-1.4.1/src/sendspcall.c:66:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, hiscall);
data/tlf-1.4.1/src/sendspcall.c:69:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, call);
data/tlf-1.4.1/src/sendspcall.c:78:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, hiscall);
data/tlf-1.4.1/src/sendspcall.c:81:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, call);
data/tlf-1.4.1/src/setparameters.c:127:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logfile, logbuffer);
data/tlf-1.4.1/src/show_help.c:63:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("clear"));;
data/tlf-1.4.1/src/show_help.c:64:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(cmdstr));;
data/tlf-1.4.1/src/show_help.c:65:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system("clear"));;
data/tlf-1.4.1/src/showinfo.c:83:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pxstr, dx->pfx);
data/tlf-1.4.1/src/showinfo.c:84:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(countrystr, dx->countryname); /* country */
data/tlf-1.4.1/src/showinfo.c:89:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cqzone, zonestr);
data/tlf-1.4.1/src/sockserv.c:145:13: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
if ((len = vsprintf(buf, fmt, args)) >= SOBUF) {
data/tlf-1.4.1/src/splitscreen.c:653:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dxtext, s + strlen(call) + 3);
data/tlf-1.4.1/src/splitscreen.c:674:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(spotline + 26, "%s", spotpointer + 14);
data/tlf-1.4.1/src/splitscreen.c:677:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(spotline + 26, "%s", spotpointer + 13);
data/tlf-1.4.1/src/splitscreen.c:680:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(spotline + 26, "%s", spotpointer + 12);
data/tlf-1.4.1/src/splitscreen.c:683:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(spotline + 26, "%s", spotpointer + 11);
data/tlf-1.4.1/src/splitscreen.c:691:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(spotline, spaces(43));
data/tlf-1.4.1/src/splitscreen.c:694:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spotline + 70, spottime);
data/tlf-1.4.1/src/splitscreen.c:697:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, spotline);
data/tlf-1.4.1/src/splitscreen.c:701:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(talkarray[t], talkarray[t + 1]);
data/tlf-1.4.1/src/store_qso.c:41:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qsos[nr_qsos], loglineptr);
data/tlf-1.4.1/src/trx_memory.c:43:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(trxmem.hiscall, hiscall);
data/tlf-1.4.1/src/trx_memory.c:56:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hiscall, trxmem.hiscall);
data/tlf-1.4.1/src/trx_memory.c:88:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_hiscall, hiscall);
data/tlf-1.4.1/src/trx_memory.c:94:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(trxmem.hiscall, tmp_hiscall);
data/tlf-1.4.1/src/write_keyer.c:120:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "echo -n \"\n%s\" >> %s",
data/tlf-1.4.1/src/write_keyer.c:122:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
IGNORE(system(outstring));;
data/tlf-1.4.1/src/writecabrillo.c:325:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dst, field);
data/tlf-1.4.1/src/writecabrillo.c:341:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dst, field);
data/tlf-1.4.1/src/writecabrillo.c:413:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s", to_mode[qso->mode]);
data/tlf-1.4.1/src/writecabrillo.c:426:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, call);
data/tlf-1.4.1/src/writecabrillo.c:474:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, number);
data/tlf-1.4.1/src/writecabrillo.c:490:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, call);
data/tlf-1.4.1/src/writecabrillo.c:493:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, qso->call);
data/tlf-1.4.1/src/writecabrillo.c:504:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, qso->call);
data/tlf-1.4.1/src/writecabrillo.c:507:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, call);
data/tlf-1.4.1/src/writecabrillo.c:512:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s %-13s %4s", qso->qtc_qtime, qso->qtc_qcall, qso->qtc_qserial);
data/tlf-1.4.1/src/writecabrillo.c:563:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cabrillo_tmp_name, call);
data/tlf-1.4.1/src/writecabrillo.c:746:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(adif_tmp_name, whichcontest);
data/tlf-1.4.1/src/writecabrillo.c:757:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(standardexchange, exchange);
data/tlf-1.4.1/src/writecabrillo.c:781:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(adif_tmp_call, g_strstrip(adif_tmp_call));
data/tlf-1.4.1/src/writecabrillo.c:784:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, resultat);
data/tlf-1.4.1/src/writecabrillo.c:786:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, adif_tmp_call);
data/tlf-1.4.1/src/writecabrillo.c:817:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, freq_buf);
data/tlf-1.4.1/src/writecabrillo.c:887:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, adif_tmp_str);
data/tlf-1.4.1/src/writecabrillo.c:900:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, resultat);
data/tlf-1.4.1/src/writecabrillo.c:902:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, g_strstrip(standardexchange));
data/tlf-1.4.1/src/writecabrillo.c:907:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(adif_tmp_rr, g_strstrip(adif_tmp_rr));
data/tlf-1.4.1/src/writecabrillo.c:911:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, resultat);
data/tlf-1.4.1/src/writecabrillo.c:917:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(adif_rcvd_num, g_strstrip(adif_rcvd_num));
data/tlf-1.4.1/src/writecabrillo.c:921:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, resultat);
data/tlf-1.4.1/src/writecabrillo.c:924:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, adif_rcvd_num);
data/tlf-1.4.1/test/data.c:449:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mvprintw_history[i], mvprintw_history[i - 1]);
data/tlf-1.4.1/test/data.c:455:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(mvprintw_history[0] + 6, 100 - 6, fmt, args);
data/tlf-1.4.1/test/test_addcall.c:83:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, TOP_SRCDIR);
data/tlf-1.4.1/test/test_addcall.c:177:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:194:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:203:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_HA);
data/tlf-1.4.1/test/test_addcall.c:318:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:327:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:334:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:344:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:353:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:355:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_HA);
data/tlf-1.4.1/test/test_addcall.c:365:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:375:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:382:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:392:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:401:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:403:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_HA);
data/tlf-1.4.1/test/test_addcall.c:423:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:433:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_PY);
data/tlf-1.4.1/test/test_addcall.c:436:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:443:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:446:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_PY);
data/tlf-1.4.1/test/test_addcall.c:453:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addcall.c:456:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_DL);
data/tlf-1.4.1/test/test_addmult.c:36:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(multsfile, testfile);
data/tlf-1.4.1/test/test_addmult.c:324:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline);
data/tlf-1.4.1/test/test_addmult.c:339:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_2);
data/tlf-1.4.1/test/test_addmult.c:348:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lan_logline, logline_2);
data/tlf-1.4.1/test/test_cabrillo.c:35:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatfile, TOP_SRCDIR);
data/tlf-1.4.1/test/test_cabrillo.c:139:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(formatfile1, TOP_SRCDIR);
data/tlf-1.4.1/test/test_clusterinfo.c:45:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nicebox_boxname, boxname);
data/tlf-1.4.1/test/test_clusterinfo.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p,
data/tlf-1.4.1/test/test_getctydata.c:28:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, TOP_SRCDIR);
data/tlf-1.4.1/test/test_readcalls.c:58:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, TOP_SRCDIR);
data/tlf-1.4.1/test/test_score.c:44:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
do{ strcpy(hiscall, call); \
data/tlf-1.4.1/test/test_score.c:109:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, TOP_SRCDIR);
data/tlf-1.4.1/test/test_score.c:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(continent, mycontinent);
data/tlf-1.4.1/test/test_score.c:154:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(continent, mycontinent);
data/tlf-1.4.1/test/test_searchlog.c:104:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (qsos[0], QSO1);
data/tlf-1.4.1/test/test_searchlog.c:105:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (qsos[1], QSO2);
data/tlf-1.4.1/test/test_searchlog.c:106:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (qsos[2], QSO3);
data/tlf-1.4.1/test/test_searchlog.c:107:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (qsos[3], QSO4);
data/tlf-1.4.1/test/test_searchlog.c:108:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (qsos[4], QSO5);
data/tlf-1.4.1/test/test_searchlog.c:109:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (qsos[5], QSO6);
data/tlf-1.4.1/test/test_sendbuf.c:45:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, input);
data/tlf-1.4.1/test/test_sendbuf.c:49:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(test_msg, "for input |%s|\ngot |%s|\nexp |%s|\n", input, buf,
data/tlf-1.4.1/test/test_sendbuf.c:65:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, input);
data/tlf-1.4.1/src/callinput.c:866:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *shell = getenv("SHELL");
data/tlf-1.4.1/src/main.c:524:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *term = getenv("TERM");
data/tlf-1.4.1/src/main.c:543:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ESCDELAY") == NULL) {
data/tlf-1.4.1/src/addcall.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lancopy[6];
data/tlf-1.4.1/src/addcall.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscall[20];
data/tlf-1.4.1/src/addcall.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[40];
data/tlf-1.4.1/src/addcall.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_and_time[16];
data/tlf-1.4.1/src/addcall.c:441:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lancopy, " ");
data/tlf-1.4.1/src/addmult.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssexchange[21];
data/tlf-1.4.1/src/addmult.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stripped_comment[21];
data/tlf-1.4.1/src/addmult.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char multi_call[20];
data/tlf-1.4.1/src/addmult.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_inputbuffer[186] = "";
data/tlf-1.4.1/src/addmult.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mults_location[_POSIX_PATH_MAX * 2]; // 512 chars. Larger?
data/tlf-1.4.1/src/addmult.c:339:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cfp = fopen(multsfile, "r")) == NULL) {
data/tlf-1.4.1/src/addmult.c:345:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cfp = fopen(mults_location, "r")) == NULL) {
data/tlf-1.4.1/src/addpfx.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[MAX_PFX_LEN + 1];
data/tlf-1.4.1/src/addspot.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spotline[160];
data/tlf-1.4.1/src/addspot.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spottime[6];
data/tlf-1.4.1/src/addspot.c:63:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(spotline, "\n\n");
data/tlf-1.4.1/src/addspot.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frequency[8];
data/tlf-1.4.1/src/audio.c:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/audio.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commands[80] = "";
data/tlf-1.4.1/src/audio.c:75:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(commands, "rec -r 8000 "); //G4KNO
data/tlf-1.4.1/src/audio.c:77:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(commands, " -q &"); //G4KNO
data/tlf-1.4.1/src/audio.c:92:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/audio.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commands[80] = "";
data/tlf-1.4.1/src/audio.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char playbackfile[40];
data/tlf-1.4.1/src/audio.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printname[7];
data/tlf-1.4.1/src/audio.c:236:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(commands, "play -d ");
data/tlf-1.4.1/src/audio.c:238:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(commands, " ~/tlf/soundlogs/");
data/tlf-1.4.1/src/audio.c:241:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(commands, ".au trim ");
data/tlf-1.4.1/src/audio.c:245:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(commands, "00.au");
data/tlf-1.4.1/src/audio.c:248:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(commands, ".au");
data/tlf-1.4.1/src/background_process.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char talkarray[5][62];
data/tlf-1.4.1/src/background_process.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsonrstr[5];
data/tlf-1.4.1/src/background_process.c:110:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prmessage[256];
data/tlf-1.4.1/src/background_process.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debugbuffer[160];
data/tlf-1.4.1/src/background_process.c:176:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("debuglog", "a")) == NULL) {
data/tlf-1.4.1/src/background_process.c:255:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(lan_message + 2);
data/tlf-1.4.1/src/background_process.c:269:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lantime = atoi(lan_message + 2);
data/tlf-1.4.1/src/background_process.c:323:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char simulator_tone[5];
data/tlf-1.4.1/src/background_process.c:324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tonestr[5];
data/tlf-1.4.1/src/background_process.c:325:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tonecpy[5];
data/tlf-1.4.1/src/background_process.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callcpy[80];
data/tlf-1.4.1/src/background_process.c:345:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "625");
data/tlf-1.4.1/src/background_process.c:349:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "800");
data/tlf-1.4.1/src/background_process.c:353:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "650");
data/tlf-1.4.1/src/background_process.c:357:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "750");
data/tlf-1.4.1/src/background_process.c:361:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "700");
data/tlf-1.4.1/src/background_process.c:365:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "725");
data/tlf-1.4.1/src/background_process.c:369:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "675");
data/tlf-1.4.1/src/background_process.c:373:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "775");
data/tlf-1.4.1/src/background_process.c:377:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "600");
data/tlf-1.4.1/src/background_process.c:381:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "640");
data/tlf-1.4.1/src/background_process.c:385:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(simulator_tone, "750");
data/tlf-1.4.1/src/bandmap.c:102:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(".bmdata.dat", "w")) == NULL) {
data/tlf-1.4.1/src/bandmap.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[50], *token;
data/tlf-1.4.1/src/bandmap.c:139:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(".bmdata.dat", "r")) != NULL && bmdata_parsed == 0) {
data/tlf-1.4.1/src/bandmap.c:371:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry -> cqzone = atoi(lastexch);
data/tlf-1.4.1/src/bandmap.c:1023:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "..");
data/tlf-1.4.1/src/bandmap.c:1035:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcall[15];
data/tlf-1.4.1/src/bandmap.c:1046:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tcall + strlen(tcall), " %c", qtcflag);
data/tlf-1.4.1/src/cabrillo_utils.c:124:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item->len = atoi(parts[1]);
data/tlf-1.4.1/src/cabrillo_utils.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[120]; // represents the final log, if require
data/tlf-1.4.1/src/cabrillo_utils.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char band[4]; // band, eg "160"
data/tlf-1.4.1/src/cabrillo_utils.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4]; // mode, eg "DIG"
data/tlf-1.4.1/src/cabrillo_utils.h:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[10]; // date of creation of QTC
data/tlf-1.4.1/src/cabrillo_utils.h:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[6]; // time of creation of QTC
data/tlf-1.4.1/src/cabrillo_utils.h:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[15]; // callsign
data/tlf-1.4.1/src/cabrillo_utils.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtchead[10]; // QTC serial and number as string
data/tlf-1.4.1/src/cabrillo_utils.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_time[5]; // QTC TIME field
data/tlf-1.4.1/src/cabrillo_utils.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_call[16]; // QTC CALL FIELD
data/tlf-1.4.1/src/cabrillo_utils.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcstr[30]; // QTC fields as concatenated
data/tlf-1.4.1/src/calledit.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call1[30], call2[10];
data/tlf-1.4.1/src/calledit.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call1[30], call2[10];
data/tlf-1.4.1/src/callinput.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char band[NBANDS][4];
data/tlf-1.4.1/src/callinput.c:120:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/callinput.c:124:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char talkarray[5][62];
data/tlf-1.4.1/src/callinput.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[15];
data/tlf-1.4.1/src/callinput.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instring[2] = { '\0', '\0' };
data/tlf-1.4.1/src/callinput.c:381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weightbuf[5] = "";
data/tlf-1.4.1/src/callinput.c:643:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(hiscall, " ?");
data/tlf-1.4.1/src/callinput.c:659:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(hiscall) < 1800) { /* no frequency */
data/tlf-1.4.1/src/callinput.c:1056:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(hiscall) < 1800) { /* no frequency */
data/tlf-1.4.1/src/callinput.c:1192:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char append[2];
data/tlf-1.4.1/src/callinput.c:1226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char playcommand[120];
data/tlf-1.4.1/src/callinput.c:1231:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(audiofile, O_RDONLY, 0664)) < 0) {
data/tlf-1.4.1/src/callinput.c:1272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outnibble[3];
data/tlf-1.4.1/src/callinput.c:1314:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outnibble, "%d", bandswitch);
data/tlf-1.4.1/src/changepars.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameterstring[20] = "";
data/tlf-1.4.1/src/changepars.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameters[52][19];
data/tlf-1.4.1/src/changepars.c:106:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[0], "SPOT");
data/tlf-1.4.1/src/changepars.c:107:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[1], "MAP");
data/tlf-1.4.1/src/changepars.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[2], "CLOFF");
data/tlf-1.4.1/src/changepars.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[3], "CLUSTER");
data/tlf-1.4.1/src/changepars.c:110:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[4], "SHORT");
data/tlf-1.4.1/src/changepars.c:111:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[5], "LONG");
data/tlf-1.4.1/src/changepars.c:112:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[6], "MESSAGE");
data/tlf-1.4.1/src/changepars.c:113:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[7], "LIST");
data/tlf-1.4.1/src/changepars.c:114:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[8], "CHECK");
data/tlf-1.4.1/src/changepars.c:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[9], "NOCHECK");
data/tlf-1.4.1/src/changepars.c:116:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[10], "TONE");
data/tlf-1.4.1/src/changepars.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[11], "EDIT");
data/tlf-1.4.1/src/changepars.c:118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[12], "VIEW");
data/tlf-1.4.1/src/changepars.c:119:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[13], "HELP");
data/tlf-1.4.1/src/changepars.c:120:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[14], "DEMODE");
data/tlf-1.4.1/src/changepars.c:121:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[15], "CONTEST");
data/tlf-1.4.1/src/changepars.c:122:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[16], "FILTER");
data/tlf-1.4.1/src/changepars.c:123:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[17], "SCORE");
data/tlf-1.4.1/src/changepars.c:124:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[18], "WRITE");
data/tlf-1.4.1/src/changepars.c:125:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[19], "EXIT");
data/tlf-1.4.1/src/changepars.c:126:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[20], "TXFILE");
data/tlf-1.4.1/src/changepars.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[21], "ZONES");
data/tlf-1.4.1/src/changepars.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[22], "CTY");
data/tlf-1.4.1/src/changepars.c:129:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[23], "MODE");
data/tlf-1.4.1/src/changepars.c:130:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[24], "SET");
data/tlf-1.4.1/src/changepars.c:131:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[25], "MULTI");
data/tlf-1.4.1/src/changepars.c:132:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[26], "PROP");
data/tlf-1.4.1/src/changepars.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[27], "RITCLEAR");
data/tlf-1.4.1/src/changepars.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[28], "TRXCONTROL");
data/tlf-1.4.1/src/changepars.c:135:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[29], "CFG");
data/tlf-1.4.1/src/changepars.c:137:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[30], "CW");
data/tlf-1.4.1/src/changepars.c:138:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[31], "SSBMODE");
data/tlf-1.4.1/src/changepars.c:139:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[32], "DIGIMODE");
data/tlf-1.4.1/src/changepars.c:140:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[33], "PACKET");
data/tlf-1.4.1/src/changepars.c:141:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[34], "SIMULATOR");
data/tlf-1.4.1/src/changepars.c:142:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[35], "INFO");
data/tlf-1.4.1/src/changepars.c:143:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[36], "FREQ");
data/tlf-1.4.1/src/changepars.c:144:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[37], "RECONNECT");
data/tlf-1.4.1/src/changepars.c:145:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[38], "QUIT");
data/tlf-1.4.1/src/changepars.c:146:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[39], "CQDELAY");
data/tlf-1.4.1/src/changepars.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[40], "ADIF");
data/tlf-1.4.1/src/changepars.c:148:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[41], "SYNC");
data/tlf-1.4.1/src/changepars.c:149:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[42], "RESCORE");
data/tlf-1.4.1/src/changepars.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[43], "SCVOLUME");
data/tlf-1.4.1/src/changepars.c:153:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[45], "DEBUG");
data/tlf-1.4.1/src/changepars.c:154:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[46], "MINITERM");
data/tlf-1.4.1/src/changepars.c:155:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[47], "RTTY");
data/tlf-1.4.1/src/changepars.c:156:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[48], "SOUND");
data/tlf-1.4.1/src/changepars.c:157:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[49], "CWMODE");
data/tlf-1.4.1/src/changepars.c:158:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[50], "CHARS");
data/tlf-1.4.1/src/changepars.c:159:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(parameters[51], "FLDIGI");
data/tlf-1.4.1/src/changepars.c:574:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volumebuffer = atoi(sc_volume);
data/tlf-1.4.1/src/changepars.c:611:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sc_volume, "%d", volumebuffer);
data/tlf-1.4.1/src/changepars.c:726:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bc_hostaddress[MAXNODES][16];
data/tlf-1.4.1/src/changepars.c:789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mprint[50];
data/tlf-1.4.1/src/changepars.c:795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chmult[6];
data/tlf-1.4.1/src/changepars.c:796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch2mult[6];
data/tlf-1.4.1/src/changepars.c:901:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[20] = "?AF\015";
data/tlf-1.4.1/src/changepars.c:902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputline[80] = "";
data/tlf-1.4.1/src/changepars.c:903:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char eom[2] = { '\015', '\0' };
data/tlf-1.4.1/src/changepars.c:919:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdSertnc = open("/dev/ttyS2", O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/changepars.c:927:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdSertnc = open("/dev/ttyS1", O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/changepars.c:934:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdSertnc = open(rigportname, O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/checklogfile.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/tlf-1.4.1/src/checklogfile.c:79:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infp = fopen(backupfile, "r")) == NULL) {
data/tlf-1.4.1/src/checklogfile.c:84:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfp = fopen(filename, "w")) == NULL) {
data/tlf-1.4.1/src/checklogfile.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[160];
data/tlf-1.4.1/src/checklogfile.c:125:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/tlf-1.4.1/src/checklogfile.c:136:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")) == NULL) {
data/tlf-1.4.1/src/checklogfile.c:162:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
band = atoi(buffer);
data/tlf-1.4.1/src/checklogfile.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuffer[800];
data/tlf-1.4.1/src/checklogfile.c:235:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "a")) == NULL) {
data/tlf-1.4.1/src/checklogfile.c:246:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(logfile, "r")) == NULL) {
data/tlf-1.4.1/src/checklogfile.c:250:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen("./cpyfile", "w")) == NULL) {
data/tlf-1.4.1/src/checkparameters.c:34:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(".paras", "r")) == NULL) {
data/tlf-1.4.1/src/checkqtclogfile.c:43:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_SENT_LOG, "r")) == NULL) {
data/tlf-1.4.1/src/checkqtclogfile.c:54:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_SENT_LOG, "w")) == NULL) {
data/tlf-1.4.1/src/checkqtclogfile.c:66:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_RECV_LOG, "r")) == NULL) {
data/tlf-1.4.1/src/checkqtclogfile.c:77:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_RECV_LOG, "w")) == NULL) {
data/tlf-1.4.1/src/clear_display.c:78:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char band[NBANDS][4];
data/tlf-1.4.1/src/clear_display.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[80];
data/tlf-1.4.1/src/clusterinfo.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bandmap[MAX_SPOTS];
data/tlf-1.4.1/src/clusterinfo.c:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char band[NBANDS][4];
data/tlf-1.4.1/src/clusterinfo.c:63:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spot_ptr[MAX_SPOTS][82];
data/tlf-1.4.1/src/clusterinfo.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuffer[160] = "";
data/tlf-1.4.1/src/clusterinfo.c:169:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *bandmap[MAX_SPOTS];
data/tlf-1.4.1/src/clusterinfo.c:174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spot_ptr[MAX_SPOTS][82];
data/tlf-1.4.1/src/clusterinfo.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisline[83];
data/tlf-1.4.1/src/clusterinfo.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spotcall[20];
data/tlf-1.4.1/src/clusterinfo.c:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spottime[6];
data/tlf-1.4.1/src/clusterinfo.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spotline[38];
data/tlf-1.4.1/src/clusterinfo.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callcopy[20];
data/tlf-1.4.1/src/clusterinfo.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker_out[60];
data/tlf-1.4.1/src/clusterinfo.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[sizeof("Magenta")];
data/tlf-1.4.1/src/clusterinfo.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xplanetmsg[160];
data/tlf-1.4.1/src/clusterinfo.c:237:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spotminutes = 60 * atoi(spottime) + atoi(spottime + 3);
data/tlf-1.4.1/src/clusterinfo.c:237:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spotminutes = 60 * atoi(spottime) + atoi(spottime + 3);
data/tlf-1.4.1/src/clusterinfo.c:271:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(markerfile, "w")) == NULL) {
data/tlf-1.4.1/src/clusterinfo.c:298:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(markerfile, "a")) == NULL) {
data/tlf-1.4.1/src/clusterinfo.c:313:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Green");
data/tlf-1.4.1/src/clusterinfo.c:325:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Red");
data/tlf-1.4.1/src/clusterinfo.c:328:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Magenta");
data/tlf-1.4.1/src/clusterinfo.c:331:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Yellow");
data/tlf-1.4.1/src/clusterinfo.c:334:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Blue");
data/tlf-1.4.1/src/clusterinfo.c:337:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "White");
data/tlf-1.4.1/src/clusterinfo.c:340:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Green");
data/tlf-1.4.1/src/clusterinfo.c:343:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(color, "Cyan");
data/tlf-1.4.1/src/clusterinfo.c:365:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xplanetmsg, " -82 -120 ");
data/tlf-1.4.1/src/clusterinfo.c:373:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(xplanetmsg, "\" color=Cyan\n");
data/tlf-1.4.1/src/clusterinfo.c:375:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(markerfile, "a")) == NULL) {
data/tlf-1.4.1/src/clusterinfo.c:397:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spot_ptr[MAX_SPOTS][82];
data/tlf-1.4.1/src/clusterinfo.c:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calldupe[12];
data/tlf-1.4.1/src/cw_utils.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speedstr[50] = CW_SPEEDS;
data/tlf-1.4.1/src/cw_utils.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[3];
data/tlf-1.4.1/src/cw_utils.c:151:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(buff));
data/tlf-1.4.1/src/cw_utils.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwmessage[80];
data/tlf-1.4.1/src/deleteqso.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[100];
data/tlf-1.4.1/src/deleteqso.c:60:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((qtcfile = open(QTC_RECV_LOG, O_RDWR)) < 0) {
data/tlf-1.4.1/src/deleteqso.c:94:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((qtcfile = open(QTC_SENT_LOG, O_RDWR)) < 0) {
data/tlf-1.4.1/src/deleteqso.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[100];
data/tlf-1.4.1/src/deleteqso.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[15], bandmode[6];
data/tlf-1.4.1/src/deleteqso.c:147:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lfile = open(logfile, O_RDWR)) < 0) {
data/tlf-1.4.1/src/displayit.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term2buf[81] = "";
data/tlf-1.4.1/src/dxcc.c:124:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_prefix -> itu = atoi(loc + 1);
data/tlf-1.4.1/src/dxcc.c:131:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_prefix -> cq = atoi(loc + 1);
data/tlf-1.4.1/src/dxcc.c:191:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_dxcc -> cq = atoi(split[1]);
data/tlf-1.4.1/src/dxcc.c:192:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_dxcc -> itu = atoi(split[2]);
data/tlf-1.4.1/src/dxcc.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[181] = "";
data/tlf-1.4.1/src/dxcc.c:216:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(filename, "r")) == NULL)
data/tlf-1.4.1/src/edit_last.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ln[NR_COLS + 1];
data/tlf-1.4.1/src/edit_last.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ln[NR_COLS + 1];
data/tlf-1.4.1/src/edit_last.c:82:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "r+")) == NULL) {
data/tlf-1.4.1/src/edit_last.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char editbuffer[LOGLINELEN + 1];
data/tlf-1.4.1/src/fldigixmlrpc.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fldigi_url[50];
data/tlf-1.4.1/src/fldigixmlrpc.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thiscall[20] = "";
data/tlf-1.4.1/src/fldigixmlrpc.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcomment[20] = "";
data/tlf-1.4.1/src/fldigixmlrpc.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, result.byteval, linelen);
data/tlf-1.4.1/src/fldigixmlrpc.c:469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fldigi_mode[6] = "";
data/tlf-1.4.1/src/fldigixmlrpc.c:502:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "USB");
data/tlf-1.4.1/src/fldigixmlrpc.c:507:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "LSB");
data/tlf-1.4.1/src/fldigixmlrpc.c:512:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "RTTY");
data/tlf-1.4.1/src/fldigixmlrpc.c:517:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "RTTYR");
data/tlf-1.4.1/src/fldigixmlrpc.c:522:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "CW");
data/tlf-1.4.1/src/fldigixmlrpc.c:527:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "CWR");
data/tlf-1.4.1/src/fldigixmlrpc.c:532:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fldigi_mode, "CW");
data/tlf-1.4.1/src/fldigixmlrpc.c:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[20];
data/tlf-1.4.1/src/fldigixmlrpc.c:638:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[20];
data/tlf-1.4.1/src/freq_display.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuffer[8];
data/tlf-1.4.1/src/freq_display.c:45:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, "%7.1f", freq / 1000.0);
data/tlf-1.4.1/src/genqtclist.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstring[5];
data/tlf-1.4.1/src/genqtclist.c:122:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nr = atoi(tstring);
data/tlf-1.4.1/src/genqtclist.c:125:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstring, "%03d ", nr);
data/tlf-1.4.1/src/genqtclist.c:129:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tstring, "%d", nr);
data/tlf-1.4.1/src/genqtclist.c:132:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tstring, " ");
data/tlf-1.4.1/src/getctydata.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checkcall[17] = "";
data/tlf-1.4.1/src/getctydata.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strippedcall[17] = "";
data/tlf-1.4.1/src/getctydata.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checkbuffer[17] = "";
data/tlf-1.4.1/src/getctydata.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call1[17];
data/tlf-1.4.1/src/getctydata.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call2[17];
data/tlf-1.4.1/src/getctydata.c:239:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cqzone, "%02d", prefix_by_index(w) -> cq);
data/tlf-1.4.1/src/getctydata.c:240:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ituzone, "%02d", prefix_by_index(w) -> itu);
data/tlf-1.4.1/src/getexchange.c:72:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/getexchange.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instring[2];
data/tlf-1.4.1/src/getexchange.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commentbuf[40] = "";
data/tlf-1.4.1/src/getexchange.c:391:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comment, "00");
data/tlf-1.4.1/src/getexchange.c:409:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comment, "00");
data/tlf-1.4.1/src/getexchange.c:426:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(commentbuf, "00");
data/tlf-1.4.1/src/getexchange.c:448:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comment, "00");
data/tlf-1.4.1/src/getexchange.c:525:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmpattern[32] = " "; // global
data/tlf-1.4.1/src/getexchange.c:526:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssexchange[30] = "";
data/tlf-1.4.1/src/getexchange.c:527:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[8] = "";
data/tlf-1.4.1/src/getexchange.c:528:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callupdate[7];
data/tlf-1.4.1/src/getexchange.c:530:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_export[3] = " ";
data/tlf-1.4.1/src/getexchange.c:531:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_fix[3] = "";
data/tlf-1.4.1/src/getexchange.c:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[5] = " ";
data/tlf-1.4.1/src/getexchange.c:554:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check[3] = " ";
data/tlf-1.4.1/src/getexchange.c:555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksection[30];
data/tlf-1.4.1/src/getexchange.c:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[4] = "";
data/tlf-1.4.1/src/getexchange.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serpats[8][8] = {
data/tlf-1.4.1/src/getexchange.c:578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char precpats[8][4] = {
data/tlf-1.4.1/src/getexchange.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checkpats[6][5] = {
data/tlf-1.4.1/src/getexchange.c:596:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secpats[10][6] = {
data/tlf-1.4.1/src/getexchange.c:608:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callpats[5][9] = {
data/tlf-1.4.1/src/getexchange.c:615:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zonepats[6][6] = {
data/tlf-1.4.1/src/getexchange.c:623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sectionpats[9][6] = {
data/tlf-1.4.1/src/getexchange.c:638:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmpattern, "u ");
data/tlf-1.4.1/src/getexchange.c:672:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(comment);
data/tlf-1.4.1/src/getexchange.c:681:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((hr > 1) && (atoi(comment + hr - 1) != 0)) {
data/tlf-1.4.1/src/getexchange.c:682:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zone, "%02d", atoi(comment + hr - 1));
data/tlf-1.4.1/src/getexchange.c:682:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(zone, "%02d", atoi(comment + hr - 1));
data/tlf-1.4.1/src/getexchange.c:736:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(comment);
data/tlf-1.4.1/src/getexchange.c:747:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(comment + hr - 1));
data/tlf-1.4.1/src/getexchange.c:750:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(serial, sizeof(serial), "%4d", atoi(comment + hr - 1));
data/tlf-1.4.1/src/getexchange.c:751:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(check, sizeof(check), "%2d", atoi(comment + hr + 2));
data/tlf-1.4.1/src/getexchange.c:868:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/tlf-1.4.1/src/getexchange.c:899:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(comment);
data/tlf-1.4.1/src/getexchange.c:902:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(serial, sizeof(serial), "%4d", atoi(comment));
data/tlf-1.4.1/src/getexchange.c:910:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(comment + hr - 1));
data/tlf-1.4.1/src/getexchange.c:914:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(comment + hr - 1));
data/tlf-1.4.1/src/getexchange.c:916:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(comment + hr + 2));
data/tlf-1.4.1/src/getexchange.c:1069:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpat[80];
data/tlf-1.4.1/src/getexchange.c:1120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment2[27];
data/tlf-1.4.1/src/getmessages.c:55:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mycqzone, "%02d", mydx -> cq);
data/tlf-1.4.1/src/getpx.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pxbuffer[16] = "";
data/tlf-1.4.1/src/getsummary.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/tlf-1.4.1/src/getwwv.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastwwv[100] = "";
data/tlf-1.4.1/src/getwwv.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastwwv_raw[100] = "";
data/tlf-1.4.1/src/getwwv.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmt[10] = "";
data/tlf-1.4.1/src/getwwv.c:61:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gmt, "%02d GMT", atoi(p + 1));
data/tlf-1.4.1/src/getwwv.c:61:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(gmt, "%02d GMT", atoi(p + 1));
data/tlf-1.4.1/src/getwwv.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstr[10] = "";
data/tlf-1.4.1/src/getwwv.c:69:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rstr, "R=%.0f", ssn_r);
data/tlf-1.4.1/src/getwwv.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfistr[20] = "";
data/tlf-1.4.1/src/getwwv.c:77:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sfistr, "SFI=%.0f", sfi);
data/tlf-1.4.1/src/globalvars.h:7:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsos[MAX_QSOS][LOGLINELEN + 1];
data/tlf-1.4.1/src/globalvars.h:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hiscall[20];
data/tlf-1.4.1/src/globalvars.h:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char myqra[7];
data/tlf-1.4.1/src/globalvars.h:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char logline_edit[5][LOGLINELEN + 1];
data/tlf-1.4.1/src/globalvars.h:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char band[NBANDS][4];
data/tlf-1.4.1/src/initial_exchange.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuffer[91];
data/tlf-1.4.1/src/initial_exchange.c:64:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL) {
data/tlf-1.4.1/src/initial_exchange.c:84:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/tlf-1.4.1/src/initial_exchange.c:87:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Line %d: too long", linectr);
data/tlf-1.4.1/src/initial_exchange.c:96:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/tlf-1.4.1/src/initial_exchange.c:99:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Line %d: no comma found", linectr);
data/tlf-1.4.1/src/initial_exchange.c:121:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/tlf-1.4.1/src/initial_exchange.c:125:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Line %d: 0 or more than one token before comma",
data/tlf-1.4.1/src/initial_exchange.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[MAX_CALL_LENGTH + 1]; /**< call of the station */
data/tlf-1.4.1/src/initial_exchange.h:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange [MAX_IE_LENGTH + 1]; /**< initial exchange field */
data/tlf-1.4.1/src/keyer.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyerstring[KEYER_LINE_WIDTH + 1] = "";
data/tlf-1.4.1/src/keyer.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weightbuf[15];
data/tlf-1.4.1/src/keyer.c:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char txcontrolstring[2] = { 20, '\0' }; // ^t
data/tlf-1.4.1/src/keyer.c:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char rxcontrolstring[2] = { CTRL_R, '\0' }; // ^r
data/tlf-1.4.1/src/keyer.c:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char crcontrolstring[2] = { RETURN, '\0' }; // cr
data/tlf-1.4.1/src/keyer.c:74:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ctl_c_controlstring[2] = { BACKSLASH, '\0' }; // '\'
data/tlf-1.4.1/src/keyer.c:221:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weight = atoi(weightbuf);
data/tlf-1.4.1/src/lancode.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lan_recv_message[256];
data/tlf-1.4.1/src/lancode.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lan_message[256];
data/tlf-1.4.1/src/lancode.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lan_logline[256];
data/tlf-1.4.1/src/lancode.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lanbuffer[255];
data/tlf-1.4.1/src/lancode.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bc_hostaddress[MAXNODES][16];
data/tlf-1.4.1/src/lancode.c:59:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bc_hostservice[MAXNODES][16] = {
data/tlf-1.4.1/src/lancode.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuffer[256];
data/tlf-1.4.1/src/lancode.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_lan_service[16] = "6788";
data/tlf-1.4.1/src/lancode.c:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char talkarray[5][62];
data/tlf-1.4.1/src/lancode.c:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastqsonr[5];
data/tlf-1.4.1/src/lancode.c:100:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(service);
data/tlf-1.4.1/src/lancode.c:103:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(default_lan_service);
data/tlf-1.4.1/src/lancode.c:112:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_lan_service, "%d", lan_port);
data/tlf-1.4.1/src/lancode.c:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuffer[102];
data/tlf-1.4.1/src/lancode.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char talkline[61] = "";
data/tlf-1.4.1/src/lancode.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuffer[8];
data/tlf-1.4.1/src/lancode.c:371:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, "%7.1f", freq / 1000.0);
data/tlf-1.4.1/src/lancode.c:376:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 160.0");
data/tlf-1.4.1/src/lancode.c:380:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 80.0");
data/tlf-1.4.1/src/lancode.c:384:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 40.0");
data/tlf-1.4.1/src/lancode.c:388:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 30.0");
data/tlf-1.4.1/src/lancode.c:392:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 20.0");
data/tlf-1.4.1/src/lancode.c:396:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 17.0");
data/tlf-1.4.1/src/lancode.c:400:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 15.0");
data/tlf-1.4.1/src/lancode.c:404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 12.0");
data/tlf-1.4.1/src/lancode.c:408:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " 10.0");
data/tlf-1.4.1/src/lancode.c:412:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuffer, " ");
data/tlf-1.4.1/src/lancode.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuffer[14];
data/tlf-1.4.1/src/lancode.c:432:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timebuffer, "%ld", now);
data/tlf-1.4.1/src/last10.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[LOGLINELEN + 1];
data/tlf-1.4.1/src/last10.c:46:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thisband = atoi(band[bandinx]);
data/tlf-1.4.1/src/last10.c:51:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (thisband == (atoi(qsos[counter]))) {
data/tlf-1.4.1/src/last10.c:65:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minsbefore = atoi(input + 17 + 3);
data/tlf-1.4.1/src/last10.c:67:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minsbefore += (atoi(input + 17) * 60);
data/tlf-1.4.1/src/listmessages.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printbuffer[160];
data/tlf-1.4.1/src/log_to_disk.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char last_rst[4];
data/tlf-1.4.1/src/log_to_disk.c:58:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsonrstr[5];
data/tlf-1.4.1/src/log_utils.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char band[4];
data/tlf-1.4.1/src/log_utils.c:52:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nr = atoi(band);
data/tlf-1.4.1/src/log_utils.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[3];
data/tlf-1.4.1/src/log_utils.c:78:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(tmpbuf);
data/tlf-1.4.1/src/logit.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/logview.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comstr[40] = "";
data/tlf-1.4.1/src/logview.c:40:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(comstr, "less +G ");
data/tlf-1.4.1/src/main.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pr_hostaddress[48] = "131.155.192.179";
data/tlf-1.4.1/src/main.c:125:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc_volume[4] = "";
data/tlf-1.4.1/src/main.c:130:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char countrylist[255][6];
data/tlf-1.4.1/src/main.c:133:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char continent_multiplier_list[7][3]; // SA, NA, EU, AF, AS and OC
data/tlf-1.4.1/src/main.c:162:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myqra[7] = "";
data/tlf-1.4.1/src/main.c:179:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char multsfile[80] = ""; /* name of file with a list of allowed
data/tlf-1.4.1/src/main.c:181:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange_list[40] = "";
data/tlf-1.4.1/src/main.c:187:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char his_rst[4] = "599";
data/tlf-1.4.1/src/main.c:188:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_rst[4] = "599";
data/tlf-1.4.1/src/main.c:189:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_rst[4] = "599"; /* Report for last QSO */
data/tlf-1.4.1/src/main.c:205:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange[40];
data/tlf-1.4.1/src/main.c:206:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whichcontest[40] = "qso";
data/tlf-1.4.1/src/main.c:208:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[20];
data/tlf-1.4.1/src/main.c:209:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[120] = "general.log";
data/tlf-1.4.1/src/main.c:211:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char synclogfile[120];
data/tlf-1.4.1/src/main.c:212:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char markerfile[120] = "";
data/tlf-1.4.1/src/main.c:223:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[25][80] = /**< Array of CW messages
data/tlf-1.4.1/src/main.c:251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *digi_message[sizeof(message) / sizeof(message[0])];
data/tlf-1.4.1/src/main.c:253:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_message[14][80] = /**< Array of file names for voice keyer messages
data/tlf-1.4.1/src/main.c:258:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_recv_msgs[12][80] = {"QTC?\n", "QRV\n", "R\n", "", "TIME?\n", "CALL?\n", "NR?\n", "AGN\n", "", "QSL ALL\n", "", ""}; // QTC receive windowS Fx messages
data/tlf-1.4.1/src/main.c:259:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_send_msgs[12][80] = {"QRV?\n", "QTC sr/nr\n", "", "", "TIME\n", "CALL\n", "NR\n", "", "", "", "", ""}; // QTC send window Fx messages
data/tlf-1.4.1/src/main.c:260:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_phrecv_message[14][80] = { "", "", "", "", "", "", "", "", "", "", "", "" }; // voice keyer file names when receives QTC's
data/tlf-1.4.1/src/main.c:261:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_phsend_message[14][80] = { "", "", "", "", "", "", "", "", "", "", "", "" }; // voice keyer file names when send QTC's
data/tlf-1.4.1/src/main.c:263:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcrec_record_command[2][50] = {"rec -q 8000", "-q &"};
data/tlf-1.4.1/src/main.c:264:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcrec_record_command_shutdown[50] = "pkill -SIGINT -n rec";
data/tlf-1.4.1/src/main.c:265:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_cap_calls[40] = "";
data/tlf-1.4.1/src/main.c:269:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscall[20]; /**< call of other station */
data/tlf-1.4.1/src/main.c:270:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscall_sent[20] = ""; /**< part which was sent during early
data/tlf-1.4.1/src/main.c:278:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastcall[20];
data/tlf-1.4.1/src/main.c:279:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsonrstr[5] = "0001";
data/tlf-1.4.1/src/main.c:280:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char band[NBANDS][4] =
data/tlf-1.4.1/src/main.c:282:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[80];
data/tlf-1.4.1/src/main.c:283:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cqzone[3] = "";
data/tlf-1.4.1/src/main.c:284:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycqzone[3] = "";
data/tlf-1.4.1/src/main.c:285:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ituzone[3] = "";
data/tlf-1.4.1/src/main.c:286:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char continent[3] = "";
data/tlf-1.4.1/src/main.c:287:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycontinent[3] = "";
data/tlf-1.4.1/src/main.c:288:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pxstr[11] = "";
data/tlf-1.4.1/src/main.c:303:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char para_word[80] = "LODNCFS:3C\n"; /* longcw, cluster, search, DE,
data/tlf-1.4.1/src/main.c:305:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastmsg[1000] = "";
data/tlf-1.4.1/src/main.c:306:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc_device[40] = "/dev/dsp";
data/tlf-1.4.1/src/main.c:312:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyer_device[10] = ""; // ttyS0, ttyS1, lp0-2 for net_keyer
data/tlf-1.4.1/src/main.c:315:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char controllerport[80] = "/dev/ttyS0"; // for GMFSK or MFJ-1278
data/tlf-1.4.1/src/main.c:316:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rttyoutput[120]; // where to GMFSK digimode output
data/tlf-1.4.1/src/main.c:321:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weightbuf[4];
data/tlf-1.4.1/src/main.c:322:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tonestr[5] = "600";
data/tlf-1.4.1/src/main.c:329:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modem_mode[8];
data/tlf-1.4.1/src/main.c:333:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spot_ptr[MAX_SPOTS][82]; /* Array of cluster spot lines */
data/tlf-1.4.1/src/main.c:338:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tncportname[40];
data/tlf-1.4.1/src/main.c:339:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rigconf[80];
data/tlf-1.4.1/src/main.c:341:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clusterlogin[80] = "";
data/tlf-1.4.1/src/main.c:361:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fldigi_url[50] = "http://localhost:7362/RPC2";
data/tlf-1.4.1/src/main.c:368:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tonecpy[5];
data/tlf-1.4.1/src/main.c:369:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char simulator_tone[5];
data/tlf-1.4.1/src/main.c:372:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsos[MAX_QSOS][LOGLINELEN + 1];
data/tlf-1.4.1/src/main.c:422:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline_edit[5][LOGLINELEN + 1];
data/tlf-1.4.1/src/main.c:424:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal1[88] = "";
data/tlf-1.4.1/src/main.c:425:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal2[88] = "";
data/tlf-1.4.1/src/main.c:426:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal3[88] = "";
data/tlf-1.4.1/src/main.c:427:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal4[88] = "";
data/tlf-1.4.1/src/main.c:428:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termbuf[88] = "";
data/tlf-1.4.1/src/main.c:436:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscountry[40];
data/tlf-1.4.1/src/main.c:442:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itustr[3];
data/tlf-1.4.1/src/main.c:780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyerbuff[3];
data/tlf-1.4.1/src/main.c:793:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(weightbuf, "%d", weight);
data/tlf-1.4.1/src/main.c:805:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyerbuff, "%d", txdelay);
data/tlf-1.4.1/src/main.c:848:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(".paras", "r")) == NULL) {
data/tlf-1.4.1/src/main.c:895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char welcome[80];
data/tlf-1.4.1/src/main.c:941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstring[100] = "";
data/tlf-1.4.1/src/makelogline.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freq_buff[10];
data/tlf-1.4.1/src/makelogline.c:89:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logline4 + 76, "%2d", points);
data/tlf-1.4.1/src/makelogline.c:129:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_buf[80];
data/tlf-1.4.1/src/makelogline.c:134:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, "CW ");
data/tlf-1.4.1/src/makelogline.c:136:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, "SSB");
data/tlf-1.4.1/src/makelogline.c:138:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, "DIG");
data/tlf-1.4.1/src/makelogline.c:153:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char khz[5];
data/tlf-1.4.1/src/makelogline.c:154:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(khz, " %3d", ((unsigned int)(freq / 1000.0)) % 1000); // show freq.
data/tlf-1.4.1/src/makelogline.c:170:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, " ");
data/tlf-1.4.1/src/makelogline.c:178:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, "--- --- "); /* instead of RST */
data/tlf-1.4.1/src/makelogline.c:189:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, " ");
data/tlf-1.4.1/src/makelogline.c:191:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(logline4, " ");
data/tlf-1.4.1/src/makelogline.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grid[7] = "";
data/tlf-1.4.1/src/makelogline.c:254:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sr_nr = atoi(comment);
data/tlf-1.4.1/src/messagechange.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printbuf[80];
data/tlf-1.4.1/src/muf.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line[3] = {condx, NULL, NULL};
data/tlf-1.4.1/src/muf.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country[40];
data/tlf-1.4.1/src/muf.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[25];
data/tlf-1.4.1/src/netkeyer.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netkeyer_hostaddress[16] = "127.0.0.1";
data/tlf-1.4.1/src/netkeyer.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE] = "";
data/tlf-1.4.1/src/note.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80] = "";
data/tlf-1.4.1/src/note.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[LOGLINELEN + 1] = "";
data/tlf-1.4.1/src/note.c:58:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer2, "; Node %c, %d : ", thisnode, atoi(qsonrstr) - 1);
data/tlf-1.4.1/src/note.c:58:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(buffer2, "; Node %c, %d : ", thisnode, atoi(qsonrstr) - 1);
data/tlf-1.4.1/src/note.c:60:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer2, "; ");
data/tlf-1.4.1/src/note.c:68:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "a")) == NULL) {
data/tlf-1.4.1/src/parse_logcfg.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defltconf[80];
data/tlf-1.4.1/src/parse_logcfg.c:113:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(defltconf, "/logcfg.dat");
data/tlf-1.4.1/src/parse_logcfg.c:118:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(config_file, "r")) == NULL) {
data/tlf-1.4.1/src/parse_logcfg.c:119:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(defltconf, "r")) == NULL) {
data/tlf-1.4.1/src/parse_logcfg.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[160];
data/tlf-1.4.1/src/parse_logcfg.c:162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bands_strings[NBANDS][4] = {"160", "80", "60", "40", "30", "20", "17", "15", "12", "10"};
data/tlf-1.4.1/src/parse_logcfg.c:192:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/parse_logcfg.c:232:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char exchange_list[40];
data/tlf-1.4.1/src/parse_logcfg.c:236:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bc_hostaddress[MAXNODES][16];
data/tlf-1.4.1/src/parse_logcfg.c:237:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char bc_hostservice[MAXNODES][16];
data/tlf-1.4.1/src/parse_logcfg.c:262:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char keyer_device[10];
data/tlf-1.4.1/src/parse_logcfg.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_temp[11];
data/tlf-1.4.1/src/parse_logcfg.c:290:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char continent_multiplier_list[7][3];
data/tlf-1.4.1/src/parse_logcfg.c:296:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sc_device[40];
data/tlf-1.4.1/src/parse_logcfg.c:297:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char controllerport[80]; // port for multi-mode controller
data/tlf-1.4.1/src/parse_logcfg.c:304:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char myqra[7];
data/tlf-1.4.1/src/parse_logcfg.c:314:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fldigi_url[50];
data/tlf-1.4.1/src/parse_logcfg.c:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststring[80];
data/tlf-1.4.1/src/parse_logcfg.c:593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[40];
data/tlf-1.4.1/src/parse_logcfg.c:819:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
livetime = atoi(bm_fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:854:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SetCWSpeed(atoi(buff));
data/tlf-1.4.1/src/parse_logcfg.c:862:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tone = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:864:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tonestr, "%d", tone);
data/tlf-1.4.1/src/parse_logcfg.c:872:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weight = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:883:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
txdelay = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:892:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wwv_set_r(atoi(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:897:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wwv_set_sfi(atoi(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:959:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portnum = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:970:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tncport = atoi(buff) + 1;
data/tlf-1.4.1/src/parse_logcfg.c:987:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rignumber = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:997:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serial_rate = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:1004:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tnc_serial_rate = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:1018:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
netkeyer_port = atoi(fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1079:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeoffset = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:1147:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char country_list_raw[50] = ""; /* use only first
data/tlf-1.4.1/src/parse_logcfg.c:1150:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_buffer[255] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1151:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1168:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(temp_buffer, "r")) != NULL) {
data/tlf-1.4.1/src/parse_logcfg.c:1217:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
countrylist_points = atoi(c_temp);
data/tlf-1.4.1/src/parse_logcfg.c:1232:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
my_country_points = atoi(c_temp);
data/tlf-1.4.1/src/parse_logcfg.c:1240:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
my_cont_points = atoi(c_temp);
data/tlf-1.4.1/src/parse_logcfg.c:1248:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dx_cont_points = atoi(c_temp);
data/tlf-1.4.1/src/parse_logcfg.c:1285:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cqdelay = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:1355:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssbpoints = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:1361:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cwpoints = atoi(buff);
data/tlf-1.4.1/src/parse_logcfg.c:1372:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
volume = atoi(fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1374:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sc_volume, "%d", volume);
data/tlf-1.4.1/src/parse_logcfg.c:1376:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sc_volume, "70");
data/tlf-1.4.1/src/parse_logcfg.c:1409:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cw_bandwidth = atoi(fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:1437:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modem_mode, "RTTY");
data/tlf-1.4.1/src/parse_logcfg.c:1533:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cont_multiplier_list[50] = ""; /* use only first
data/tlf-1.4.1/src/parse_logcfg.c:1536:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_buffer[255] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1537:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1545:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(temp_buffer, "r")) != NULL) {
data/tlf-1.4.1/src/parse_logcfg.c:1591:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
continentlist_points = atoi(c_temp);
data/tlf-1.4.1/src/parse_logcfg.c:1603:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bwp_params_list[50] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1618:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bandweight_points[bandindex] = atoi(tk_ptr);
data/tlf-1.4.1/src/parse_logcfg.c:1628:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bwm_params_list[50] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1643:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bandweight_multis[bandindex] = atoi(tk_ptr);
data/tlf-1.4.1/src/parse_logcfg.c:1660:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pfxnummulti_str[50] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1661:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parsepfx[15] = "";
data/tlf-1.4.1/src/parse_logcfg.c:1845:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minisec = atoi(g_strchomp(fields[1]));
data/tlf-1.4.1/src/parse_logcfg.c:1980:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lan_port = atoi(fields[1]);
data/tlf-1.4.1/src/parse_logcfg.c:2013:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuffer[128];
data/tlf-1.4.1/src/parse_logcfg.c:2022:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuffer[192];
data/tlf-1.4.1/src/parse_logcfg.c:2031:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuffer[192];
data/tlf-1.4.1/src/parse_logcfg.c:2040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuffer[192];
data/tlf-1.4.1/src/qsonr_to_str.c:32:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsonrstr[5];
data/tlf-1.4.1/src/qsonr_to_str.c:35:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsonrstr, "????");
data/tlf-1.4.1/src/qsonr_to_str.c:38:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qsonrstr, "%04d", qsonum);
data/tlf-1.4.1/src/qtc_log.c:52:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "CW ");
data/tlf-1.4.1/src/qtc_log.c:54:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "PH ");
data/tlf-1.4.1/src/qtc_log.c:56:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "DIG");
data/tlf-1.4.1/src/qtc_log.c:74:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtc_line.qtc_serial = atoi(qtcreclist.qtclines[i].serial);
data/tlf-1.4.1/src/qtc_log.c:128:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "CW ");
data/tlf-1.4.1/src/qtc_log.c:130:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "PH ");
data/tlf-1.4.1/src/qtc_log.c:132:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "DIG");
data/tlf-1.4.1/src/qtc_log.c:152:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.qtc_time, "----");
data/tlf-1.4.1/src/qtc_log.c:160:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.qtc_call, "-------------");
data/tlf-1.4.1/src/qtc_log.c:166:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtc_line.qtc_serial = atoi(tempstrp);
data/tlf-1.4.1/src/qtc_log.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[15];
data/tlf-1.4.1/src/qtc_log.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temps[15];
data/tlf-1.4.1/src/qtc_log.c:208:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "a")) == NULL) {
data/tlf-1.4.1/src/qtc_log.c:220:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempi = atoi(temps);
data/tlf-1.4.1/src/qtc_log.c:227:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempi = atoi(temps) - 1;
data/tlf-1.4.1/src/qtc_log.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtclogline[120];
data/tlf-1.4.1/src/qtc_log.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[2] = " ";
data/tlf-1.4.1/src/qtcutil.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[20];
data/tlf-1.4.1/src/qtcutil.c:60:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_META_LOG, "w")) == NULL) {
data/tlf-1.4.1/src/qtcutil.c:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void qtc_inc(char callsign[15], int direction) {
data/tlf-1.4.1/src/qtcutil.c:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void qtc_dec(char callsign[15], int direction) {
data/tlf-1.4.1/src/qtcutil.c:133:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct t_qtc_store_obj *qtc_get(char callsign[15]) {
data/tlf-1.4.1/src/qtcutil.c:149:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void parse_qtcline(char *logline, char callsign[15], int direction) {
data/tlf-1.4.1/src/qtcutil.c:149:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void parse_qtcline(char *logline, char callsign[15], int direction) {
data/tlf-1.4.1/src/qtcutil.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[15], msg[18];
data/tlf-1.4.1/src/qtcutil.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flag[2] = "";
data/tlf-1.4.1/src/qtcutil.h:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void qtc_inc(char callsign[15], int direction);
data/tlf-1.4.1/src/qtcutil.h:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void qtc_dec(char callsign[15], int direction);
data/tlf-1.4.1/src/qtcutil.h:34:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct t_qtc_store_obj *qtc_get(char callsign[15]);
data/tlf-1.4.1/src/qtcutil.h:36:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void parse_qtcline(char *logline, char callsign[15], int direction);
data/tlf-1.4.1/src/qtcutil.h:36:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void parse_qtcline(char *logline, char callsign[15], int direction);
data/tlf-1.4.1/src/qtcvars.h:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc[25]; // QTC line by concatenated fields
data/tlf-1.4.1/src/qtcvars.h:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char senttime[16]; // sent time: YY-Mon-dd HH:MM\0
data/tlf-1.4.1/src/qtcvars.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[QTC_CALL_SIZE]; // current callsign; helps to detect if QSO has dropped
data/tlf-1.4.1/src/qtcvars.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[5]; // time of qso
data/tlf-1.4.1/src/qtcvars.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[QTC_CALL_SIZE]; // callsign
data/tlf-1.4.1/src/qtcvars.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[5]; // qso serial
data/tlf-1.4.1/src/qtcvars.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char receivedtime[16]; // received time: YY-Mon-dd HH:MM\0
data/tlf-1.4.1/src/qtcvars.h:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[QTC_CALL_SIZE];
data/tlf-1.4.1/src/qtcvars.h:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content[50];
data/tlf-1.4.1/src/qtcvars.h:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtcrec_record_command[2][50]; // command to start recording
data/tlf-1.4.1/src/qtcvars.h:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtcrec_record_command_shutdown[50]; // coomand to stop recording
data/tlf-1.4.1/src/qtcvars.h:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtc_recv_msgs[12][80];
data/tlf-1.4.1/src/qtcvars.h:108:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtc_send_msgs[12][80];
data/tlf-1.4.1/src/qtcvars.h:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtc_phrecv_message[14][80];
data/tlf-1.4.1/src/qtcvars.h:111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtc_phsend_message[14][80];
data/tlf-1.4.1/src/qtcvars.h:113:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qtc_cap_calls[40];
data/tlf-1.4.1/src/qtcwin.c:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prevqtccall[15] = "";
data/tlf-1.4.1/src/qtcwin.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help_rec_msgs[7][26] = {
data/tlf-1.4.1/src/qtcwin.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help_send_msgs[7][26] = {
data/tlf-1.4.1/src/qtcwin.c:144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtchead[32];
data/tlf-1.4.1/src/qtcwin.c:185:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qtchead, "HELP");
data/tlf-1.4.1/src/qtcwin.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reccommand[100] = "";
data/tlf-1.4.1/src/qtcwin.c:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempc[40];
data/tlf-1.4.1/src/qtcwin.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reccommand[100] = "";
data/tlf-1.4.1/src/qtcwin.c:279:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reccommand, "pkill -SIGINT -n ");
data/tlf-1.4.1/src/qtcwin.c:380:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qtchead, "QTC receive");
data/tlf-1.4.1/src/qtcwin.c:406:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qtchead, "QTC send");
data/tlf-1.4.1/src/qtcwin.c:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempc[40];
data/tlf-1.4.1/src/qtcwin.c:742:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmess[300], timec[40];
data/tlf-1.4.1/src/qtcwin.c:870:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmess[60];
data/tlf-1.4.1/src/qtcwin.c:1167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldval[20], filled[20];
data/tlf-1.4.1/src/qtcwin.c:1180:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%4d", qtcreclist.serial);
data/tlf-1.4.1/src/qtcwin.c:1184:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", *qtccount);
data/tlf-1.4.1/src/qtcwin.c:1232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldval[16];
data/tlf-1.4.1/src/qtcwin.c:1247:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", (qtcreclist.serial) * 10);
data/tlf-1.4.1/src/qtcwin.c:1253:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtcreclist.serial = atoi(fieldval);
data/tlf-1.4.1/src/qtcwin.c:1257:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", (*qtccount) * 10);
data/tlf-1.4.1/src/qtcwin.c:1262:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(fieldval) <= pos[2][2] && atoi(fieldval) <= 10) {
data/tlf-1.4.1/src/qtcwin.c:1265:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (*qtccount != atoi(fieldval)) {
data/tlf-1.4.1/src/qtcwin.c:1266:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((atoi(fieldval) + (qtc_temp_obj->total)) >= 10) {
data/tlf-1.4.1/src/qtcwin.c:1267:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", (10 - (qtc_temp_obj->total)));
data/tlf-1.4.1/src/qtcwin.c:1269:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*qtccount = genqtclist(qtccallsign, atoi(fieldval));
data/tlf-1.4.1/src/qtcwin.c:1275:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((atoi(fieldval) + (qtc_temp_obj->total)) >= 10) {
data/tlf-1.4.1/src/qtcwin.c:1276:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", (10 - (qtc_temp_obj->total)));
data/tlf-1.4.1/src/qtcwin.c:1278:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*qtccount = atoi(fieldval);
data/tlf-1.4.1/src/qtcwin.c:1341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldval[16];
data/tlf-1.4.1/src/qtcwin.c:1356:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", qtcreclist.serial);
data/tlf-1.4.1/src/qtcwin.c:1360:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtcreclist.serial = atoi(fieldval);
data/tlf-1.4.1/src/qtcwin.c:1364:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fieldval, "%d", *qtccount);
data/tlf-1.4.1/src/qtcwin.c:1368:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*qtccount = atoi(fieldval);
data/tlf-1.4.1/src/qtcwin.c:1505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[80];
data/tlf-1.4.1/src/qtcwin.c:1568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lline[40], *token, *wtoken, ttoken[50], tokens[5][15] = {"", "", "", "", ""}; // 5 members, cause possible callsign will AB/CD1EF/P, which will use 3
data/tlf-1.4.1/src/qtcwin.c:1570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[6] = "";
data/tlf-1.4.1/src/qtcwin.c:1624:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sep, "/;-: ");
data/tlf-1.4.1/src/qtcwin.c:1680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currline[50];
data/tlf-1.4.1/src/qtcwin.c:1696:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boxhead[38];
data/tlf-1.4.1/src/qtcwin.c:1698:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currline[50] = "", firstline[50] = "";
data/tlf-1.4.1/src/qtcwin.c:1713:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(boxhead, "HELP");
data/tlf-1.4.1/src/qtcwin.c:1725:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(boxhead, "RTTY");
data/tlf-1.4.1/src/qtcwin.c:1869:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcdirstring[3][10] = {"", "Received", "Sent"};
data/tlf-1.4.1/src/readcabrillo.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsos[MAX_QSOS][LOGLINELEN +
data/tlf-1.4.1/src/readcabrillo.c:80:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qsonrstr, "%04d", cablinecnt);
data/tlf-1.4.1/src/readcabrillo.c:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qtc_last_qtc_rcall[15] = "";
data/tlf-1.4.1/src/readcabrillo.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thiscall[15] = "", ttime[5] = "";
data/tlf-1.4.1/src/readcabrillo.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[80], *tempstrp, timestr[3];
data/tlf-1.4.1/src/readcabrillo.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcrcall[15], qtcscall[15];
data/tlf-1.4.1/src/readcabrillo.c:267:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "CW ");
data/tlf-1.4.1/src/readcabrillo.c:270:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "PH ");
data/tlf-1.4.1/src/readcabrillo.c:273:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qtc_line.mode, "DIG");
data/tlf-1.4.1/src/readcabrillo.c:284:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_ptr_cabrillo.tm_hour = atoi(timestr);
data/tlf-1.4.1/src/readcabrillo.c:288:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_ptr_cabrillo.tm_min = atoi(timestr);
data/tlf-1.4.1/src/readcabrillo.c:289:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qtc_line.time, "%02d:%02d", time_ptr_cabrillo.tm_hour,
data/tlf-1.4.1/src/readcabrillo.c:328:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtc_line.qtchead_serial = atoi(tempstrp);
data/tlf-1.4.1/src/readcabrillo.c:332:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtc_line.qtchead_count = atoi(tempstrp);
data/tlf-1.4.1/src/readcabrillo.c:352:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtc_line.qtc_serial = atoi(tempstrp);
data/tlf-1.4.1/src/readcabrillo.c:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_logfile[24];
data/tlf-1.4.1/src/readcabrillo.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_logfile[80], temp_logfile[80];
data/tlf-1.4.1/src/readcabrillo.c:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline[MAX_CABRILLO_LEN];
data/tlf-1.4.1/src/readcabrillo.c:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_qsonrstr[5];
data/tlf-1.4.1/src/readcabrillo.c:439:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(input_logfile, ".cbr");
data/tlf-1.4.1/src/readcabrillo.c:441:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output_logfile, "IMPORT_");
data/tlf-1.4.1/src/readcabrillo.c:445:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen(output_logfile, "w")) == NULL) {
data/tlf-1.4.1/src/readcabrillo.c:457:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp1 = fopen(input_logfile, "r")) == NULL) {
data/tlf-1.4.1/src/readcabrillo.c:470:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpqtc = fopen(qtcsend_logfile_import, "w");
data/tlf-1.4.1/src/readcabrillo.c:475:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpqtc = fopen(qtcrecv_logfile_import, "w");
data/tlf-1.4.1/src/readcalls.c:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuffer[LOGLINELEN + 1];
data/tlf-1.4.1/src/readcalls.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[20];
data/tlf-1.4.1/src/readcalls.c:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checkcall[20];
data/tlf-1.4.1/src/readcalls.c:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char presentcall[20]; // copy of call..
data/tlf-1.4.1/src/readcalls.c:238:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "r")) == NULL) {
data/tlf-1.4.1/src/readcalls.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wgetcmd[120] = "wget ftp://"; //user:password@hst/dir/file
data/tlf-1.4.1/src/readcalls.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_buf[60];
data/tlf-1.4.1/src/readcalls.c:507:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wgetcmd, " -O log1 -o wgetlogfile");
data/tlf-1.4.1/src/readqtccalls.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuffer[160];
data/tlf-1.4.1/src/readqtccalls.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temps[30], callsign[15];
data/tlf-1.4.1/src/readqtccalls.c:60:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_SENT_LOG, "r")) == NULL) {
data/tlf-1.4.1/src/readqtccalls.c:71:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempi = atoi(temps);
data/tlf-1.4.1/src/readqtccalls.c:78:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempi = atoi(temps) - 1;
data/tlf-1.4.1/src/readqtccalls.c:109:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_RECV_LOG, "r")) == NULL) {
data/tlf-1.4.1/src/readqtccalls.c:130:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(qtc_cap_calls, "r")) == NULL) {
data/tlf-1.4.1/src/readqtccalls.c:147:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(QTC_META_LOG, "r")) == NULL) {
data/tlf-1.4.1/src/rtty.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ry_term[5][50] = { "", "", "", "", "" };
data/tlf-1.4.1/src/rtty.c:54:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdcont = open(controllerport, O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/rtty.c:97:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ry_fp = fopen("RTTYlog", "a")) == NULL) {
data/tlf-1.4.1/src/rtty.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[40];
data/tlf-1.4.1/src/rules.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contest_conf[80] = ""; /* contest_conf needs room
data/tlf-1.4.1/src/rules.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basic_contest_conf[75] = PACKAGE_DATA_DIR;
data/tlf-1.4.1/src/rules.c:57:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(whichcontest, "qso");
data/tlf-1.4.1/src/rules.c:67:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(contest_conf, "rules/");
data/tlf-1.4.1/src/rules.c:71:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(basic_contest_conf, "/rules/");
data/tlf-1.4.1/src/rules.c:74:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(contest_conf, "r")) != NULL) {
data/tlf-1.4.1/src/rules.c:81:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fp = fopen(basic_contest_conf, "r")) != NULL) {
data/tlf-1.4.1/src/rules.c:91:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(whichcontest, "qso"); /* default use general qso mode...
data/tlf-1.4.1/src/rules.c:94:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logfile, "qso.log");
data/tlf-1.4.1/src/score.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char continent_multiplier_list[7][3];
data/tlf-1.4.1/src/score.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpcall[15];
data/tlf-1.4.1/src/score.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[10];
data/tlf-1.4.1/src/score.c:306:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char myqra[7];
data/tlf-1.4.1/src/score.c:374:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zone = atoi(comment);
data/tlf-1.4.1/src/score.c:450:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(line + 75);
data/tlf-1.4.1/src/scroll_log.c:51:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm = atoi(qsonrstr);
data/tlf-1.4.1/src/scroll_log.c:54:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(logline3 + 23) > mm) {
data/tlf-1.4.1/src/scroll_log.c:56:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm = atoi(qsonrstr);
data/tlf-1.4.1/src/scroll_log.c:60:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(logline2 + 23) > mm) {
data/tlf-1.4.1/src/scroll_log.c:62:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm = atoi(qsonrstr);
data/tlf-1.4.1/src/scroll_log.c:66:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(logline1 + 23) > mm) {
data/tlf-1.4.1/src/scroll_log.c:68:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mm = atoi(qsonrstr);
data/tlf-1.4.1/src/scroll_log.c:76:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(qsonrstr) <= highqsonr) {
data/tlf-1.4.1/src/scroll_log.c:80:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qsonum = atoi(qsonrstr);
data/tlf-1.4.1/src/scroll_log.c:87:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qsonum = atoi(qsonrstr);
data/tlf-1.4.1/src/scroll_log.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputbuffer[800];
data/tlf-1.4.1/src/scroll_log.c:103:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "r")) == NULL) {
data/tlf-1.4.1/src/searchlog.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchresult[MAX_CALLS][82];
data/tlf-1.4.1/src/searchlog.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[MAX_CALLS][82];
data/tlf-1.4.1/src/searchlog.c:56:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcflags[6] = {' ', ' ', ' ', ' ', ' ', ' '};
data/tlf-1.4.1/src/searchlog.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printres[14] = "";
data/tlf-1.4.1/src/searchlog.c:303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suggested_call[LOGLINELEN + 1] = "";
data/tlf-1.4.1/src/searchlog.c:388:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsos[MAX_QSOS][LOGLINELEN + 1];
data/tlf-1.4.1/src/searchlog.c:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_inputbuffer[LOGLINELEN + 1] = "";
data/tlf-1.4.1/src/searchlog.c:439:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char band[NBANDS][4];
data/tlf-1.4.1/src/searchlog.c:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_inputbuffer[LOGLINELEN + 1] = "";
data/tlf-1.4.1/src/searchlog.c:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtccall[15]; // temp str for qtc search
data/tlf-1.4.1/src/searchlog.c:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zonebuffer[3];
data/tlf-1.4.1/src/searchlog.c:805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callmaster_location[80];
data/tlf-1.4.1/src/searchlog.c:806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_inputbuffer[186] = "";
data/tlf-1.4.1/src/searchlog.c:814:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cfp = fopen(callmaster_location, "r")) == NULL) {
data/tlf-1.4.1/src/searchlog.c:820:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cfp = fopen(callmaster_location, "r")) == NULL) {
data/tlf-1.4.1/src/searchlog.c:873:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mprint[50];
data/tlf-1.4.1/src/sendbuf.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/sendbuf.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/tlf-1.4.1/src/sendbuf.c:147:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, n);
data/tlf-1.4.1/src/sendbuf.c:170:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char call[20];
data/tlf-1.4.1/src/sendbuf.c:171:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hiscall[20];
data/tlf-1.4.1/src/sendbuf.c:174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char qsonrstr[5];
data/tlf-1.4.1/src/sendbuf.c:183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char comstr[BUFSIZE] = "";
data/tlf-1.4.1/src/sendbuf.c:184:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qsonroutput[5] = "";
data/tlf-1.4.1/src/sendbuf.c:185:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rst_out[4] = "";
data/tlf-1.4.1/src/sendbuf.c:257:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char printlinebuffer[82] = "";
data/tlf-1.4.1/src/sendspcall.c:56:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "DE ");
data/tlf-1.4.1/src/sendspcall.c:63:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "{ "); /* => ctrl-t */
data/tlf-1.4.1/src/sendspcall.c:67:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " DE ");
data/tlf-1.4.1/src/sendspcall.c:79:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " DE ");
data/tlf-1.4.1/src/sendspcall.c:96:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ph_message[14][80];
data/tlf-1.4.1/src/set_tone.c:68:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(tonestr) != 0) {
data/tlf-1.4.1/src/setparameters.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callcpy[15] = "";
data/tlf-1.4.1/src/setparameters.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbuffer[20];
data/tlf-1.4.1/src/showinfo.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pxstr[16];
data/tlf-1.4.1/src/showinfo.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char countrystr[26];
data/tlf-1.4.1/src/showinfo.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zonestr[3];
data/tlf-1.4.1/src/showinfo.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contstr[3];
data/tlf-1.4.1/src/showinfo.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuff[80];
data/tlf-1.4.1/src/showinfo.c:96:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(itustr, "%02d", dx->itu); /* itu zone */
data/tlf-1.4.1/src/showpxmap.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prefix[5];
data/tlf-1.4.1/src/showpxmap.c:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zonecmp[3] = "";
data/tlf-1.4.1/src/showpxmap.c:73:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "EU");
data/tlf-1.4.1/src/showpxmap.c:75:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "AS");
data/tlf-1.4.1/src/showpxmap.c:77:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "AF");
data/tlf-1.4.1/src/showpxmap.c:79:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "NA");
data/tlf-1.4.1/src/showpxmap.c:81:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "SA");
data/tlf-1.4.1/src/showpxmap.c:83:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "OC");
data/tlf-1.4.1/src/showpxmap.c:85:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(zonecmp, "EU");
data/tlf-1.4.1/src/sockserv.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tofd, fmfd, sizeof(fd_set));
data/tlf-1.4.1/src/sockserv.c:189:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sockserv_error[80];
data/tlf-1.4.1/src/sockserv.c:403:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sockbuf[ifds].buf, len);
data/tlf-1.4.1/src/sockserv.c:420:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char a[4];
data/tlf-1.4.1/src/sockserv.c:439:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a[i] = atoi(s);
data/tlf-1.4.1/src/sockserv.c:458:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&haddr, hp->h_addr, hp->h_length);
data/tlf-1.4.1/src/speedupndown.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[3];
data/tlf-1.4.1/src/speedupndown.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4];
data/tlf-1.4.1/src/speedupndown.c:125:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", weight);
data/tlf-1.4.1/src/splitscreen.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuffer[82];
data/tlf-1.4.1/src/splitscreen.c:91:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tln_input_buffer[2 * BUFFERSIZE];
data/tlf-1.4.1/src/splitscreen.c:96:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spot_ptr[MAX_SPOTS][82];
data/tlf-1.4.1/src/splitscreen.c:116:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("clusterlog", "a")) == NULL) {
data/tlf-1.4.1/src/splitscreen.c:377:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry_text[BUFFERSIZE];
data/tlf-1.4.1/src/splitscreen.c:590:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char talkarray[5][62];
data/tlf-1.4.1/src/splitscreen.c:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lan_out[256];
data/tlf-1.4.1/src/splitscreen.c:593:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char convers_calls[50][6];
data/tlf-1.4.1/src/splitscreen.c:595:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char spotline[160];
data/tlf-1.4.1/src/splitscreen.c:597:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dxtext[160];
data/tlf-1.4.1/src/splitscreen.c:598:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char spottime[40];
data/tlf-1.4.1/src/splitscreen.c:666:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(spotline, "DX de ");
data/tlf-1.4.1/src/splitscreen.c:668:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(spotline, ": ");
data/tlf-1.4.1/src/splitscreen.c:673:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spotline + 16, "%5.1f ", khz);
data/tlf-1.4.1/src/splitscreen.c:676:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spotline + 17, "%5.1f ", khz);
data/tlf-1.4.1/src/splitscreen.c:679:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spotline + 18, "%5.1f ", khz);
data/tlf-1.4.1/src/splitscreen.c:682:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spotline + 19, "%5.1f ", khz);
data/tlf-1.4.1/src/splitscreen.c:696:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(spotline, " <<\n");
data/tlf-1.4.1/src/splitscreen.c:755:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spot_ptr[MAX_SPOTS][82];
data/tlf-1.4.1/src/splitscreen.c:830:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdSertnc = open(tncportname, O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/splitscreen.c:839:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/ttyS0", O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/splitscreen.c:848:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/ttyS1", O_RDWR | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/splitscreen.c:920:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fdFIFO = open("clfile", O_RDONLY | O_NONBLOCK)) < 0) {
data/tlf-1.4.1/src/splitscreen.c:1005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFFERSIZE];
data/tlf-1.4.1/src/splitscreen.c:1170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFFERSIZE];
data/tlf-1.4.1/src/splitscreen.c:1236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_CMD_LEN + 2] = "";
data/tlf-1.4.1/src/store_qso.c:36:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(logfile, "a")) == NULL) {
data/tlf-1.4.1/src/time_update.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[40];
data/tlf-1.4.1/src/time_update.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[11];
data/tlf-1.4.1/src/tlf.h:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[20]; /**< call of the station */
data/tlf-1.4.1/src/tlf.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange[12]; /**< the last exchange */
data/tlf-1.4.1/src/tlf.h:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12]; /**< Multiplier */
data/tlf-1.4.1/src/trx_memory.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscall[20];
data/tlf-1.4.1/src/trx_memory.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_hiscall[sizeof(trxmem.hiscall)];
data/tlf-1.4.1/src/write_keyer.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wkeyerbuffer[400] = "";
data/tlf-1.4.1/src/write_keyer.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstring[420] =
data/tlf-1.4.1/src/write_keyer.c:103:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((bfp = fopen(controllerport, "a")) == NULL) {
data/tlf-1.4.1/src/writecabrillo.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[160];
data/tlf-1.4.1/src/writecabrillo.c:83:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->band = atoi(tmp);
data/tlf-1.4.1/src/writecabrillo.c:109:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->qso_nr = atoi(strtok_r(NULL, " \t", &sp));
data/tlf-1.4.1/src/writecabrillo.c:115:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->rst_s = atoi(strtok_r(NULL, " \t", &sp));
data/tlf-1.4.1/src/writecabrillo.c:116:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->rst_r = atoi(strtok_r(NULL, " \t", &sp));
data/tlf-1.4.1/src/writecabrillo.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/tlf-1.4.1/src/writecabrillo.c:182:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->band = atoi(tmp);
data/tlf-1.4.1/src/writecabrillo.c:193:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->qso_nr = atoi(strtok_r(NULL, " \t", &sp));
data/tlf-1.4.1/src/writecabrillo.c:224:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->qtc_serial = atoi(strtok_r(NULL, " \t", &sp));
data/tlf-1.4.1/src/writecabrillo.c:225:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr->qtc_number = atoi(strtok_r(NULL, " \t", &sp));
data/tlf-1.4.1/src/writecabrillo.c:323:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field + len - l, src, l);
data/tlf-1.4.1/src/writecabrillo.c:339:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, src, l);
data/tlf-1.4.1/src/writecabrillo.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/tlf-1.4.1/src/writecabrillo.c:393:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "QSO:"); /* start the line */
data/tlf-1.4.1/src/writecabrillo.c:401:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "QTC:"); /* start the line */
data/tlf-1.4.1/src/writecabrillo.c:409:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", (int)(freq / 1000.0));
data/tlf-1.4.1/src/writecabrillo.c:417:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%4d-%02d-%02d",
data/tlf-1.4.1/src/writecabrillo.c:422:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%02d%02d", qso->hour, qso->min);
data/tlf-1.4.1/src/writecabrillo.c:433:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", qso->rst_s);
data/tlf-1.4.1/src/writecabrillo.c:437:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", qso->rst_r);
data/tlf-1.4.1/src/writecabrillo.c:472:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[6];
data/tlf-1.4.1/src/writecabrillo.c:473:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%04d", qso->qso_nr);
data/tlf-1.4.1/src/writecabrillo.c:485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%1d", qso->tx);
data/tlf-1.4.1/src/writecabrillo.c:499:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%*d/%d", 3, qso->qtc_serial, qso->qtc_number);
data/tlf-1.4.1/src/writecabrillo.c:532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cabrillo_tmp_name[80];
data/tlf-1.4.1/src/writecabrillo.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4000] = "";
data/tlf-1.4.1/src/writecabrillo.c:565:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cabrillo_tmp_name, ".cbr");
data/tlf-1.4.1/src/writecabrillo.c:567:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp1 = fopen(logfile, "r")) == NULL) {
data/tlf-1.4.1/src/writecabrillo.c:575:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpqtcrec = fopen(QTC_RECV_LOG, "r");
data/tlf-1.4.1/src/writecabrillo.c:585:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpqtcsent = fopen(QTC_SENT_LOG, "r");
data/tlf-1.4.1/src/writecabrillo.c:596:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen(cabrillo_tmp_name, "w")) == NULL) {
data/tlf-1.4.1/src/writecabrillo.c:689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[100];
data/tlf-1.4.1/src/writecabrillo.c:725:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[181] = "";
data/tlf-1.4.1/src/writecabrillo.c:726:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[181] = "";
data/tlf-1.4.1/src/writecabrillo.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char standardexchange[70] = "";
data/tlf-1.4.1/src/writecabrillo.c:728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adif_tmp_name[40] = "";
data/tlf-1.4.1/src/writecabrillo.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adif_tmp_call[13] = "";
data/tlf-1.4.1/src/writecabrillo.c:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adif_tmp_str[2] = "";
data/tlf-1.4.1/src/writecabrillo.c:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adif_year_check[3] = "";
data/tlf-1.4.1/src/writecabrillo.c:732:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adif_rcvd_num[16] = "";
data/tlf-1.4.1/src/writecabrillo.c:733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resultat[16];
data/tlf-1.4.1/src/writecabrillo.c:734:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adif_tmp_rr[5] = "";
data/tlf-1.4.1/src/writecabrillo.c:735:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freq_buf[16];
data/tlf-1.4.1/src/writecabrillo.c:741:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp1 = fopen(logfile, "r")) == NULL) {
data/tlf-1.4.1/src/writecabrillo.c:747:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(adif_tmp_name, ".adi");
data/tlf-1.4.1/src/writecabrillo.c:749:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen(adif_tmp_name, "w")) == NULL) {
data/tlf-1.4.1/src/writecabrillo.c:779:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<CALL:");
data/tlf-1.4.1/src/writecabrillo.c:790:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:4>160M");
data/tlf-1.4.1/src/writecabrillo.c:792:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>80M");
data/tlf-1.4.1/src/writecabrillo.c:794:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>40M");
data/tlf-1.4.1/src/writecabrillo.c:796:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>30M");
data/tlf-1.4.1/src/writecabrillo.c:798:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>20M");
data/tlf-1.4.1/src/writecabrillo.c:800:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>15M");
data/tlf-1.4.1/src/writecabrillo.c:802:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>17M");
data/tlf-1.4.1/src/writecabrillo.c:804:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>12M");
data/tlf-1.4.1/src/writecabrillo.c:806:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<BAND:3>10M");
data/tlf-1.4.1/src/writecabrillo.c:814:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(freq_buf, "<FREQ:%d>%.4f",
data/tlf-1.4.1/src/writecabrillo.c:822:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<MODE:2>CW");
data/tlf-1.4.1/src/writecabrillo.c:824:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<MODE:3>SSB");
data/tlf-1.4.1/src/writecabrillo.c:826:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<MODE:4>RTTY");
data/tlf-1.4.1/src/writecabrillo.c:829:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<MODE:4>DIGI");
data/tlf-1.4.1/src/writecabrillo.c:835:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(adif_year_check) <= 70)
data/tlf-1.4.1/src/writecabrillo.c:836:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<QSO_DATE:8>20");
data/tlf-1.4.1/src/writecabrillo.c:838:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<QSO_DATE:8>19");
data/tlf-1.4.1/src/writecabrillo.c:845:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "01");
data/tlf-1.4.1/src/writecabrillo.c:847:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "02");
data/tlf-1.4.1/src/writecabrillo.c:849:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "03");
data/tlf-1.4.1/src/writecabrillo.c:851:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "04");
data/tlf-1.4.1/src/writecabrillo.c:853:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "05");
data/tlf-1.4.1/src/writecabrillo.c:855:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "06");
data/tlf-1.4.1/src/writecabrillo.c:857:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "07");
data/tlf-1.4.1/src/writecabrillo.c:859:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "08");
data/tlf-1.4.1/src/writecabrillo.c:861:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "09");
data/tlf-1.4.1/src/writecabrillo.c:863:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "10");
data/tlf-1.4.1/src/writecabrillo.c:865:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "11");
data/tlf-1.4.1/src/writecabrillo.c:867:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "12");
data/tlf-1.4.1/src/writecabrillo.c:873:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<TIME_ON:4>");
data/tlf-1.4.1/src/writecabrillo.c:884:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<RST_SENT:");
data/tlf-1.4.1/src/writecabrillo.c:892:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<STX:");
data/tlf-1.4.1/src/writecabrillo.c:895:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "4>");
data/tlf-1.4.1/src/writecabrillo.c:908:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<RST_RCVD:");
data/tlf-1.4.1/src/writecabrillo.c:920:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<SRX:");
data/tlf-1.4.1/src/writecabrillo.c:927:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "<eor>\n"); //end of ADIF row
data/tlf-1.4.1/src/writeparas.c:64:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(".paras", "w")) == NULL) {
data/tlf-1.4.1/test/data.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastqsonr[5];
data/tlf-1.4.1/test/data.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pr_hostaddress[48] = "111.222.111.222";
data/tlf-1.4.1/test/data.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rttyoutput[120];
data/tlf-1.4.1/test/data.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc_volume[4] = "";
data/tlf-1.4.1/test/data.c:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char countrylist[255][6];
data/tlf-1.4.1/test/data.c:84:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char continent_multiplier_list[7][3]; // SA, NA, EU, AF, AS and OC
data/tlf-1.4.1/test/data.c:114:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myqra[7] = "";
data/tlf-1.4.1/test/data.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char multsfile[80] = ""; /* name of file with a list of allowed
data/tlf-1.4.1/test/data.c:133:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange_list[40] = "";
data/tlf-1.4.1/test/data.c:140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char his_rst[4] = "599";
data/tlf-1.4.1/test/data.c:141:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char my_rst[4] = "599";
data/tlf-1.4.1/test/data.c:142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_rst[4] = "599"; /* Report for last QSO */
data/tlf-1.4.1/test/data.c:155:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exchange[40];
data/tlf-1.4.1/test/data.c:156:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whichcontest[40] = "qso";
data/tlf-1.4.1/test/data.c:158:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[20];
data/tlf-1.4.1/test/data.c:159:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[120] = "general.log";
data/tlf-1.4.1/test/data.c:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char synclogfile[120];
data/tlf-1.4.1/test/data.c:162:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char markerfile[120] = "";
data/tlf-1.4.1/test/data.c:165:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sp_return[80] = " \n";
data/tlf-1.4.1/test/data.c:166:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cq_return[80] = " \n";
data/tlf-1.4.1/test/data.c:167:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[25][80] = /**< Array of CW/DigiMode messages
data/tlf-1.4.1/test/data.c:195:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *digi_message[sizeof(message) / sizeof(message[0])];
data/tlf-1.4.1/test/data.c:197:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ph_message[14][80] = /**< Array of file names for voice keyer messages
data/tlf-1.4.1/test/data.c:202:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_recv_msgs[12][80] = {"QTC?\n", "QRV\n", "R\n", "", "TIME?\n", "CALL?\n", "NR?\n", "AGN\n", "", "QSL ALL\n", "", ""}; // QTC receive windowS Fx messages
data/tlf-1.4.1/test/data.c:203:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_send_msgs[12][80] = {"QRV?\n", "QTC sr/nr\n", "", "", "TIME\n", "CALL\n", "NR\n", "", "", "", "", ""}; // QTC send window Fx messages
data/tlf-1.4.1/test/data.c:204:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_phrecv_message[14][80] = { "", "", "", "", "", "", "", "", "", "", "", "" }; // voice keyer file names when receives QTC's
data/tlf-1.4.1/test/data.c:205:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_phsend_message[14][80] = { "", "", "", "", "", "", "", "", "", "", "", "" }; // voice keyer file names when send QTC's
data/tlf-1.4.1/test/data.c:207:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcrec_record_command[2][50] = {"rec -q 8000", "-q &"};
data/tlf-1.4.1/test/data.c:208:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtcrec_record_command_shutdown[50] = "pkill -SIGINT -n rec";
data/tlf-1.4.1/test/data.c:209:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtc_cap_calls[40] = "";
data/tlf-1.4.1/test/data.c:216:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscall[20]; /**< call of other station */
data/tlf-1.4.1/test/data.c:217:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscall_sent[20] = ""; /**< part which was sent during early
data/tlf-1.4.1/test/data.c:225:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastcall[20];
data/tlf-1.4.1/test/data.c:226:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsonrstr[5] = "0001";
data/tlf-1.4.1/test/data.c:227:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char band[NBANDS][4] =
data/tlf-1.4.1/test/data.c:229:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[80];
data/tlf-1.4.1/test/data.c:230:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[20] = "Log ";
data/tlf-1.4.1/test/data.c:231:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cqzone[3] = "";
data/tlf-1.4.1/test/data.c:232:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycqzone[3] = "";
data/tlf-1.4.1/test/data.c:233:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ituzone[3] = "";
data/tlf-1.4.1/test/data.c:234:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char continent[3] = "";
data/tlf-1.4.1/test/data.c:235:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycontinent[3] = "";
data/tlf-1.4.1/test/data.c:236:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pxstr[11] = "";
data/tlf-1.4.1/test/data.c:252:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char para_word[80] =
data/tlf-1.4.1/test/data.c:254:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastmsg[1000] = "";
data/tlf-1.4.1/test/data.c:259:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc_device[40] = "/dev/dsp";
data/tlf-1.4.1/test/data.c:265:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weightbuf[4];
data/tlf-1.4.1/test/data.c:266:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tonestr[5] = "600";
data/tlf-1.4.1/test/data.c:268:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wkeyerbuffer[400];
data/tlf-1.4.1/test/data.c:270:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyer_device[10] = ""; // ttyS0, ttyS1, lp0-2
data/tlf-1.4.1/test/data.c:274:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char controllerport[80] = "/dev/ttyS0";
data/tlf-1.4.1/test/data.c:276:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modem_mode[8];
data/tlf-1.4.1/test/data.c:280:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spot_ptr[MAX_SPOTS][82]; /* Array of cluster spot lines */
data/tlf-1.4.1/test/data.c:286:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tncportname[40];
data/tlf-1.4.1/test/data.c:287:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rigconf[80];
data/tlf-1.4.1/test/data.c:290:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clusterlogin[80] = "";
data/tlf-1.4.1/test/data.c:309:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rigportname[40];
data/tlf-1.4.1/test/data.c:319:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tonecpy[5];
data/tlf-1.4.1/test/data.c:320:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char simulator_tone[5];
data/tlf-1.4.1/test/data.c:323:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsos[MAX_QSOS][LOGLINELEN + 1];
data/tlf-1.4.1/test/data.c:334:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mults[MAX_MULTS][12];
data/tlf-1.4.1/test/data.c:348:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_fix[3] = "";
data/tlf-1.4.1/test/data.c:358:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_export[3] = " ";
data/tlf-1.4.1/test/data.c:374:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerline[81] =
data/tlf-1.4.1/test/data.c:379:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logline_edit[5][LOGLINELEN + 1];
data/tlf-1.4.1/test/data.c:381:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal1[88] = "";
data/tlf-1.4.1/test/data.c:382:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal2[88] = "";
data/tlf-1.4.1/test/data.c:383:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal3[88] = "";
data/tlf-1.4.1/test/data.c:384:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terminal4[88] = "";
data/tlf-1.4.1/test/data.c:385:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termbuf[88] = "";
data/tlf-1.4.1/test/data.c:393:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscountry[40];
data/tlf-1.4.1/test/data.c:400:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itustr[3];
data/tlf-1.4.1/test/data.c:414:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssexchange[30] = ""; // defined in getexchange.c
data/tlf-1.4.1/test/data.c:415:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[8] = ""; // defined in getexchange.c
data/tlf-1.4.1/test/data.c:416:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lan_logline[256]; // defined in lancode.c
data/tlf-1.4.1/test/data.c:437:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mvprintw_history[NLAST][LINESZ];
data/tlf-1.4.1/test/data.c:454:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mvprintw_history[0], "%02d|%02d|", y, x);
data/tlf-1.4.1/test/functions.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char showmsg_spy_buf[BUFSZ];
data/tlf-1.4.1/test/functions.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char showstring_spy1_buf[BUFSZ];
data/tlf-1.4.1/test/functions.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char showstring_spy2_buf[BUFSZ];
data/tlf-1.4.1/test/test.h:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char mvprintw_history[NLAST][LINESZ];
data/tlf-1.4.1/test/test_addcall.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char continent_multiplier_list[7][3];
data/tlf-1.4.1/test/test_addcall.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/tlf-1.4.1/test/test_addcall.c:60:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(countrylist[0], "DL");
data/tlf-1.4.1/test/test_addcall.c:61:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(countrylist[1], "CE");
data/tlf-1.4.1/test/test_addcall.c:66:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent_multiplier_list[0], "EU");
data/tlf-1.4.1/test/test_addcall.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent_multiplier_list[1], "NA");
data/tlf-1.4.1/test/test_addcall.c:84:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, "/share/cty.dat");
data/tlf-1.4.1/test/test_addcall.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:116:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "HA2BNL");
data/tlf-1.4.1/test/test_addcall.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:137:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "PY2BBB");
data/tlf-1.4.1/test/test_addcall.c:144:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "PY2BBB");
data/tlf-1.4.1/test/test_addcall.c:154:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:157:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "DL1AAA");
data/tlf-1.4.1/test/test_addcall.c:212:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "12345");
data/tlf-1.4.1/test/test_addcall.c:220:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:228:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:231:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:240:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:242:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ3CD");
data/tlf-1.4.1/test/test_addcall.c:250:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:252:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "DL1YZ");
data/tlf-1.4.1/test/test_addcall.c:262:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "12345");
data/tlf-1.4.1/test/test_addcall.c:271:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:272:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "15");
data/tlf-1.4.1/test/test_addcall.c:280:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:281:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "15");
data/tlf-1.4.1/test/test_addcall.c:284:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:293:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:294:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "15");
data/tlf-1.4.1/test/test_addcall.c:296:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ3CD");
data/tlf-1.4.1/test/test_addcall.c:304:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:305:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "15");
data/tlf-1.4.1/test/test_addcall.c:307:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "DL1YZ");
data/tlf-1.4.1/test/test_addcall.c:308:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "14");
data/tlf-1.4.1/test/test_addcall.c:336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_logline, " 15", 3); /* patch to 15m */
data/tlf-1.4.1/test/test_addcall.c:384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_logline, " 15", 3);
data/tlf-1.4.1/test/test_addcall.c:413:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_addcall.c:414:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "15");
data/tlf-1.4.1/test/test_addcall.c:424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_logline, " 30", 3);
data/tlf-1.4.1/test/test_addmult.c:27:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "w");
data/tlf-1.4.1/test/test_addmult.c:71:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(multis[0].name, "abc");
data/tlf-1.4.1/test/test_addmult.c:72:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(multis[1].name, "abd");
data/tlf-1.4.1/test/test_addmult.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/tlf-1.4.1/test/test_addmult.c:129:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(testfile, "r");
data/tlf-1.4.1/test/test_addmult.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(multsfile, "nonsense");
data/tlf-1.4.1/test/test_addmult.c:232:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "WAC ");
data/tlf-1.4.1/test/test_addmult.c:240:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "WAC ");
data/tlf-1.4.1/test/test_addmult.c:248:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, " ");
data/tlf-1.4.1/test/test_addmult.c:255:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(section, "JO60LX");
data/tlf-1.4.1/test/test_addmult.c:271:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "SCV");
data/tlf-1.4.1/test/test_addmult.c:273:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "97A23SCV");
data/tlf-1.4.1/test/test_addmult.c:275:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "KL");
data/tlf-1.4.1/test/test_addmult.c:277:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "SC");
data/tlf-1.4.1/test/test_addmult.c:287:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "ONE");
data/tlf-1.4.1/test/test_addmult.c:289:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "023");
data/tlf-1.4.1/test/test_addmult.c:291:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "NE");
data/tlf-1.4.1/test/test_addmult.c:293:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "SC");
data/tlf-1.4.1/test/test_addmult.c:302:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "ONE");
data/tlf-1.4.1/test/test_addmult.c:304:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "97A23SCV");
data/tlf-1.4.1/test/test_addmult.c:306:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "NE");
data/tlf-1.4.1/test/test_addmult.c:308:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ssexchange, "SC");
data/tlf-1.4.1/test/test_addmult.c:326:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_logline + 54, " 97 A 23 SCV", 12);
data/tlf-1.4.1/test/test_addmult.c:328:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_logline + 63, "KL ", 3);
data/tlf-1.4.1/test/test_addmult.c:330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lan_logline + 63, "SC ", 3);
data/tlf-1.4.1/test/test_cabrillo.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatfile[100];
data/tlf-1.4.1/test/test_cabrillo.c:36:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formatfile, "/share/cabrillo.fmt");
data/tlf-1.4.1/test/test_cabrillo.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatfile1[100];
data/tlf-1.4.1/test/test_cabrillo.c:140:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(formatfile1, "/share/cabrillo1.fmt");
data/tlf-1.4.1/test/test_cabrillo.c:221:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsonrstr, "1234");
data/tlf-1.4.1/test/test_checklogfile.c:24:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_WRONLY | O_APPEND );
data/tlf-1.4.1/test/test_checklogfile.c:51:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (logfile, "test.log");
data/tlf-1.4.1/test/test_checklogfile.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LOGLINELEN+5];
data/tlf-1.4.1/test/test_checklogfile.c:69:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "r");
data/tlf-1.4.1/test/test_clusterinfo.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char spot_ptr[MAX_SPOTS][82];
data/tlf-1.4.1/test/test_clusterinfo.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char call[20];
data/tlf-1.4.1/test/test_clusterinfo.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nicebox_boxname[100];
data/tlf-1.4.1/test/test_clusterinfo.c:81:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p,
data/tlf-1.4.1/test/test_clusterinfo.c:96:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p,
data/tlf-1.4.1/test/test_clusterinfo.c:102:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p,
data/tlf-1.4.1/test/test_clusterinfo.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(call, "N0CALL\n"); // !!! do not forget trailing \n
data/tlf-1.4.1/test/test_clusterinfo.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[7];
data/tlf-1.4.1/test/test_clusterinfo.c:150:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%02d|%02d|", y, x);
data/tlf-1.4.1/test/test_getctydata.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char countrylist[255][6];
data/tlf-1.4.1/test/test_getctydata.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/tlf-1.4.1/test/test_getctydata.c:29:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, "/share/cty.dat");
data/tlf-1.4.1/test/test_logutils.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 3, "ssb", 3);
data/tlf-1.4.1/test/test_logutils.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 3, "x y", 3);
data/tlf-1.4.1/test/test_readcalls.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char continent_multiplier_list[7][3];
data/tlf-1.4.1/test/test_readcalls.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/tlf-1.4.1/test/test_readcalls.c:59:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, "/share/cty.dat");
data/tlf-1.4.1/test/test_readcalls.c:62:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(countrylist[0], "DL");
data/tlf-1.4.1/test/test_readcalls.c:63:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(countrylist[1], "CE");
data/tlf-1.4.1/test/test_readcalls.c:66:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent_multiplier_list[0], "EU");
data/tlf-1.4.1/test/test_readcalls.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent_multiplier_list[1], "NA");
data/tlf-1.4.1/test/test_readcalls.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "EU");
data/tlf-1.4.1/test/test_readcalls.c:111:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "AF");
data/tlf-1.4.1/test/test_readcalls.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "EU");
data/tlf-1.4.1/test/test_readcalls.c:119:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "AF");
data/tlf-1.4.1/test/test_recallexchange.c:18:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "N0ONE");
data/tlf-1.4.1/test/test_recallexchange.c:21:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(worked[0].call, "DL1ABC");
data/tlf-1.4.1/test/test_recallexchange.c:22:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(worked[0].exchange, "51N13E");
data/tlf-1.4.1/test/test_recallexchange.c:38:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "Hi");
data/tlf-1.4.1/test/test_recallexchange.c:49:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "DL1ABC");
data/tlf-1.4.1/test/test_recallexchange.c:56:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "2E0AAA");
data/tlf-1.4.1/test/test_score.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char continent_multiplier_list[7][3];
data/tlf-1.4.1/test/test_score.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myqra, "jo60lx");
data/tlf-1.4.1/test/test_score.c:60:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mycontinent, "EU");
data/tlf-1.4.1/test/test_score.c:95:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mycontinent, "EU");
data/tlf-1.4.1/test/test_score.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[100];
data/tlf-1.4.1/test/test_score.c:110:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, "/share/cty.dat");
data/tlf-1.4.1/test/test_score.c:137:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "AF");
data/tlf-1.4.1/test/test_score.c:153:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mycontinent, "NA");
data/tlf-1.4.1/test/test_score.c:171:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "EU");
data/tlf-1.4.1/test/test_score.c:172:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mycontinent, "EU");
data/tlf-1.4.1/test/test_score.c:175:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "NA");
data/tlf-1.4.1/test/test_score.c:176:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mycontinent, "NA");
data/tlf-1.4.1/test/test_score.c:179:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent, "EU");
data/tlf-1.4.1/test/test_score.c:180:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mycontinent, "NA");
data/tlf-1.4.1/test/test_score.c:251:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(countrylist[0], "OE");
data/tlf-1.4.1/test/test_score.c:252:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(countrylist[1], "DL");
data/tlf-1.4.1/test/test_score.c:280:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_score.c:282:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "DL3XYZ");
data/tlf-1.4.1/test/test_score.c:286:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "LZ1AB");
data/tlf-1.4.1/test/test_score.c:288:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "DL3XYZ");
data/tlf-1.4.1/test/test_score.c:290:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "K3LA");
data/tlf-1.4.1/test/test_score.c:296:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent_multiplier_list[0], "EU");
data/tlf-1.4.1/test/test_score.c:297:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(continent_multiplier_list[1], "NA");
data/tlf-1.4.1/test/test_searchlog.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char searchresult[MAX_CALLS][82];
data/tlf-1.4.1/test/test_searchlog.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char result[MAX_CALLS][82];
data/tlf-1.4.1/test/test_searchlog.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[7];
data/tlf-1.4.1/test/test_searchlog.c:139:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%02d|%02d|", y, x);
data/tlf-1.4.1/test/test_searchlog.c:148:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "w");
data/tlf-1.4.1/test/test_searchlog.c:235:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hiscall, "UA");
data/tlf-1.4.1/test/test_searchlog.c:243:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hiscall, "UA");
data/tlf-1.4.1/test/test_searchlog.c:251:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hiscall, "UA");
data/tlf-1.4.1/test/test_searchlog.c:259:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hiscall, "UA");
data/tlf-1.4.1/test/test_searchlog.c:280:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "K4DE");
data/tlf-1.4.1/test/test_searchlog.c:288:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "UA");
data/tlf-1.4.1/test/test_searchlog.c:298:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "A1");
data/tlf-1.4.1/test/test_searchlog.c:308:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "A3");
data/tlf-1.4.1/test/test_searchlog.c:319:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "HG"); // not in log yet
data/tlf-1.4.1/test/test_searchlog.c:331:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "UA3JK"); // already in log
data/tlf-1.4.1/test/test_searchlog.c:345:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qsos[6 + i],
data/tlf-1.4.1/test/test_searchlog.c:353:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "UA");
data/tlf-1.4.1/test/test_searchlog.c:371:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zone_export, "15");
data/tlf-1.4.1/test/test_searchlog.c:372:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( hiscall, "OH2");
data/tlf-1.4.1/test/test_searchlog.c:379:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zone_fix, "14");
data/tlf-1.4.1/test/test_searchlog.c:380:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zone_export, "15");
data/tlf-1.4.1/test/test_searchlog.c:381:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( hiscall, "OH2");
data/tlf-1.4.1/test/test_searchlog.c:388:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zone_export, "14");
data/tlf-1.4.1/test/test_searchlog.c:389:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( hiscall, "K4D");
data/tlf-1.4.1/test/test_searchlog.c:397:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zone_export, "14");
data/tlf-1.4.1/test/test_searchlog.c:398:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( hiscall, "SP9");
data/tlf-1.4.1/test/test_sendbuf.c:12:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_msg[1024];
data/tlf-1.4.1/test/test_sendbuf.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char call[20];
data/tlf-1.4.1/test/test_sendbuf.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char message[25][80];
data/tlf-1.4.1/test/test_sendbuf.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char wkeyerbuffer[400];
data/tlf-1.4.1/test/test_sendbuf.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sandbox[30 + 1];
data/tlf-1.4.1/test/test_sendbuf.c:59:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(test_msg, "wrong char at %d: 0x%02x", i, sandbox[i]);
data/tlf-1.4.1/test/test_sendbuf.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(call, "dl1jbe\n"); // !!! do not forget trailing \n
data/tlf-1.4.1/test/test_sendbuf.c:81:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hiscall, "lz1ab");
data/tlf-1.4.1/test/test_sendbuf.c:82:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(his_rst, "579");
data/tlf-1.4.1/test/test_sendbuf.c:84:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsonrstr, "0309");
data/tlf-1.4.1/test/test_sendbuf.c:85:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment, "Alex");
data/tlf-1.4.1/src/addcall.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) >= 1) { /* remember last exchange */
data/tlf-1.4.1/src/addcall.c:153:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pxnr = pxstr[strlen(pxstr) - 1] - 48;
data/tlf-1.4.1/src/addcall.c:320:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(date_and_time, lan_logline + 7, 15);
data/tlf-1.4.1/src/addcall.c:326:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) >= 1) {
data/tlf-1.4.1/src/addcall.c:350:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pxnr = pxstr[strlen(pxstr) - 1] - 48;
data/tlf-1.4.1/src/addcall.c:444:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lancopy, lan_logline + 68, 5);
data/tlf-1.4.1/src/addmult.c:76:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (get_matching_length(ssexchange, i) == strlen(ssexchange)) {
data/tlf-1.4.1/src/addmult.c:225:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(get_mult(n));
data/tlf-1.4.1/src/addmult.c:231:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp) >= len)
data/tlf-1.4.1/src/addmult.c:232:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmp);
data/tlf-1.4.1/src/addmult.c:334:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(multsfile) == 0) {
data/tlf-1.4.1/src/addmult.c:341:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(PACKAGE_DATA_DIR) + strlen(multsfile) + 1) <=
data/tlf-1.4.1/src/addmult.c:341:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(PACKAGE_DATA_DIR) + strlen(multsfile) + 1) <=
data/tlf-1.4.1/src/addspot.c:79:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) < 3) {
data/tlf-1.4.1/src/audio.c:239:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(playbackfile) > 6) {
data/tlf-1.4.1/src/audio.c:240:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(commands, playbackfile, 6);
data/tlf-1.4.1/src/audio.c:243:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(playbackfile) < 5) {
data/tlf-1.4.1/src/autocq.c:83:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(message_time * 100);
data/tlf-1.4.1/src/autocq.c:98:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); // 500 ms
data/tlf-1.4.1/src/background_process.c:126:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tlf-1.4.1/src/background_process.c:170:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lan_message[strlen(lan_message) - 1] = '\0';
data/tlf-1.4.1/src/background_process.c:183:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lan_message) > 2) {
data/tlf-1.4.1/src/background_process.c:185:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(debugbuffer, "\n");
data/tlf-1.4.1/src/background_process.c:223:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prmessage, lan_message + 2, 80);
data/tlf-1.4.1/src/background_process.c:231:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prmessage, lan_message + 2, 80);
data/tlf-1.4.1/src/background_process.c:243:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(talkarray[4], lan_message + 2, 60);
data/tlf-1.4.1/src/bandmap.c:1021:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string) > n) {
data/tlf-1.4.1/src/bandmap.c:1046:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(tcall + strlen(tcall), " %c", qtcflag);
data/tlf-1.4.1/src/calledit.c:49:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(hiscall);
data/tlf-1.4.1/src/calledit.c:53:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((i != ESCAPE) && (b <= strlen(hiscall))) {
data/tlf-1.4.1/src/calledit.c:99:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b < strlen(hiscall) - 1) {
data/tlf-1.4.1/src/calledit.c:107:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(hiscall);
data/tlf-1.4.1/src/calledit.c:125:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(hiscall);
data/tlf-1.4.1/src/calledit.c:157:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call1, hiscall, b);
data/tlf-1.4.1/src/calledit.c:158:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call2, hiscall + b, strlen(hiscall) - (b - 1));
data/tlf-1.4.1/src/calledit.c:158:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(call2, hiscall + b, strlen(hiscall) - (b - 1));
data/tlf-1.4.1/src/calledit.c:161:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) + 1 == 12)
data/tlf-1.4.1/src/calledit.c:167:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(call1) + strlen(call2)) < 12) {
data/tlf-1.4.1/src/calledit.c:167:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(call1) + strlen(call2)) < 12) {
data/tlf-1.4.1/src/calledit.c:170:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call1) >= 12)
data/tlf-1.4.1/src/calledit.c:176:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((b < strlen(hiscall) - 1) && (b <= 12))
data/tlf-1.4.1/src/calledit.c:230:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call1, hiscall, curposition);
data/tlf-1.4.1/src/calledit.c:234:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call2, hiscall + curposition,
data/tlf-1.4.1/src/calledit.c:235:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hiscall) - (curposition - 1));
data/tlf-1.4.1/src/calledit.c:239:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) + 1 == 13)
data/tlf-1.4.1/src/calledit.c:247:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(call1) + strlen(call2)) < 12) {
data/tlf-1.4.1/src/calledit.c:247:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(call1) + strlen(call2)) < 12) {
data/tlf-1.4.1/src/calledit.c:249:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call1) + strlen(hiscall) >= 12)
data/tlf-1.4.1/src/calledit.c:249:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call1) + strlen(hiscall) >= 12)
data/tlf-1.4.1/src/callinput.c:174:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(hiscall) <= 13) {
data/tlf-1.4.1/src/callinput.c:184:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tlf-1.4.1/src/callinput.c:201:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) >= 3) {
data/tlf-1.4.1/src/callinput.c:216:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grab.call) >= 3) {
data/tlf-1.4.1/src/callinput.c:217:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hiscall, grab.call, sizeof(hiscall));
data/tlf-1.4.1/src/callinput.c:249:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmove(stdscr, 12, 29 + strlen(hiscall));
data/tlf-1.4.1/src/callinput.c:311:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) > 2) {
data/tlf-1.4.1/src/callinput.c:392:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(800000);
data/tlf-1.4.1/src/callinput.c:455:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((change_rst == 1) && (strlen(hiscall) != 0)) { // change RST
data/tlf-1.4.1/src/callinput.c:479:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((change_rst == 1) && (strlen(hiscall) != 0)) {
data/tlf-1.4.1/src/callinput.c:502:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) > 2 && ctcomp == 1) {
data/tlf-1.4.1/src/callinput.c:516:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) < 3 || nob4 == 1)
data/tlf-1.4.1/src/callinput.c:645:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hiscall[strlen(hiscall) - 2] = '\0';
data/tlf-1.4.1/src/callinput.c:657:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hiscall[strlen(hiscall) - 1] = '\0';
data/tlf-1.4.1/src/callinput.c:789:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250000);
data/tlf-1.4.1/src/callinput.c:1041:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) < 13) {
data/tlf-1.4.1/src/callinput.c:1050:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) == cwstart && !plain_number(hiscall)) {
data/tlf-1.4.1/src/callinput.c:1073:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) >= 2 && !plain_number(hiscall)) {
data/tlf-1.4.1/src/callinput.c:1099:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++) {
data/tlf-1.4.1/src/callinput.c:1156:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tlf-1.4.1/src/callinput.c:1168:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmove(stdscr, 12, 29 + strlen(hiscall));
data/tlf-1.4.1/src/callinput.c:1190:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(hiscall);
data/tlf-1.4.1/src/callinput.c:1209:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hiscall_sent);
data/tlf-1.4.1/src/callinput.c:1248:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(txdelay * 1000);
data/tlf-1.4.1/src/callinput.c:1368:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
move(12, 29 + strlen(hiscall));
data/tlf-1.4.1/src/callinput.c:1379:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/tlf-1.4.1/src/changefreq.c:117:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/tlf-1.4.1/src/changepars.c:152:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(parameters[44], "");
data/tlf-1.4.1/src/changepars.c:167:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(400000);
data/tlf-1.4.1/src/changepars.c:549:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw(12, 29 + strlen(hiscall), "");
data/tlf-1.4.1/src/changepars.c:559:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(synclogfile) > 0)
data/tlf-1.4.1/src/changepars.c:577:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/tlf-1.4.1/src/changepars.c:751:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config_file) > 0)
data/tlf-1.4.1/src/changepars.c:912:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rigportname[strlen(rigportname) - 1] == '\n')
data/tlf-1.4.1/src/changepars.c:913:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rigportname[strlen(rigportname) - 1] = '\0'; // remove \n
data/tlf-1.4.1/src/changepars.c:1005:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw(7, 40, "Length = %d characters", strlen(line));
data/tlf-1.4.1/src/changepars.c:1008:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IGNORE(write(fdSertnc, line, strlen(line)));;
data/tlf-1.4.1/src/changepars.c:1012:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(30000);
data/tlf-1.4.1/src/changepars.c:1019:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fdSertnc, inputline, sizeof(inputline));
data/tlf-1.4.1/src/checklogfile.c:96:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill = g_strnfill((LOGLINELEN - 1) - strlen(buffer), ' ');
data/tlf-1.4.1/src/checklogfile.c:182:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen = strlen(buffer);
data/tlf-1.4.1/src/checklogfile.c:257:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inputbuffer) != LOGLINELEN) {
data/tlf-1.4.1/src/checklogfile.c:259:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = strlen(inputbuffer);
data/tlf-1.4.1/src/checklogfile.c:262:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(inputbuffer, " ");
data/tlf-1.4.1/src/clear_display.c:108:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw(6, (80 - strlen(whichcontest)) / 2 - 4, " == %s == ", whichcontest);
data/tlf-1.4.1/src/clusterinfo.c:149:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inputbuffer) > 14) {
data/tlf-1.4.1/src/clusterinfo.c:232:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spottime, thisline + 70, 4); // how old?
data/tlf-1.4.1/src/clusterinfo.c:285:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callcopy, bandmap[j] + 26, 16); // call
data/tlf-1.4.1/src/clusterinfo.c:366:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(xplanetmsg, "\"");
data/tlf-1.4.1/src/clusterinfo.c:369:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (zz = 0; zz < strlen(lastmsg); zz++)
data/tlf-1.4.1/src/clusterinfo.c:378:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xplanetmsg) > 20)
data/tlf-1.4.1/src/clusterinfo.c:407:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
calldupe[strlen(call) - 1] = '\0';
data/tlf-1.4.1/src/clusterinfo.c:434:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(spot_ptr[i]) > 20)) {
data/tlf-1.4.1/src/cw_utils.c:307:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cwmessage, message, 79);
data/tlf-1.4.1/src/cw_utils.c:310:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(cwmessage); i++) {
data/tlf-1.4.1/src/cw_utils.c:314:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(call); j++) {
data/tlf-1.4.1/src/deleteqso.c:74:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IGNORE(read(qtcfile, logline, 90));;
data/tlf-1.4.1/src/deleteqso.c:77:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(call, logline + QTCRECVCALLPOS, strlen(call)) == 0
data/tlf-1.4.1/src/deleteqso.c:111:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IGNORE(read(qtcfile, logline, 94));;
data/tlf-1.4.1/src/deleteqso.c:112:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strncmp(call, logline + QTCSENTCALLPOS, strlen(call)) == 0
data/tlf-1.4.1/src/deleteqso.c:158:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IGNORE(read(lfile, logline, LOGLINELEN - 1));;
data/tlf-1.4.1/src/edit_last.c:72:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buffer) == (LOGLINELEN - 1));
data/tlf-1.4.1/src/edit_last.c:79:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buffer) == (LOGLINELEN - 1));
data/tlf-1.4.1/src/edit_last.c:226:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((b < strlen(editbuffer) - 2) && (b < 80))
data/tlf-1.4.1/src/fldigixmlrpc.c:606:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempstr) >= 3) {
data/tlf-1.4.1/src/fldigixmlrpc.c:609:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hiscall[strlen(tempstr)] = '\0';
data/tlf-1.4.1/src/fldigixmlrpc.c:666:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tempstr) > 0 && comment[0] == '\0') {
data/tlf-1.4.1/src/fldigixmlrpc.c:668:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment[strlen(tempstr)] = '\0';
data/tlf-1.4.1/src/genqtclist.c:67:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(callsign) == 0 ||
data/tlf-1.4.1/src/genqtclist.c:68:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(qsos[s] + 29, callsign, strlen(callsign)) != 0) {
data/tlf-1.4.1/src/genqtclist.c:105:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtc, qsoline + 17, 2);
data/tlf-1.4.1/src/genqtclist.c:106:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtc + 2, qsoline + 20, 2);
data/tlf-1.4.1/src/getctydata.c:85:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(pfx->pfx);
data/tlf-1.4.1/src/getctydata.c:105:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(call) - 1; i > 0; i--) {
data/tlf-1.4.1/src/getctydata.c:132:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strippedcall + strlen(strippedcall) - 4))
data/tlf-1.4.1/src/getctydata.c:134:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strippedcall[strlen(strippedcall) - 4] = '\0';
data/tlf-1.4.1/src/getctydata.c:144:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (loc != strlen(checkcall)) { /* found a '/' */
data/tlf-1.4.1/src/getctydata.c:149:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call1, checkcall, loc); /* 1st part before '/' */
data/tlf-1.4.1/src/getctydata.c:153:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call2) < strlen(call1)
data/tlf-1.4.1/src/getctydata.c:153:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call2) < strlen(call1)
data/tlf-1.4.1/src/getctydata.c:154:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(call2) > 1) {
data/tlf-1.4.1/src/getctydata.c:164:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(checkbuffer, (checkcall + loc + 1),
data/tlf-1.4.1/src/getctydata.c:165:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(checkcall) + 1) - loc);
data/tlf-1.4.1/src/getctydata.c:167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(checkbuffer) == 1)
data/tlf-1.4.1/src/getctydata.c:172:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (loc != strlen(checkcall)) {
data/tlf-1.4.1/src/getctydata.c:180:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(checkbuffer) == 1) && isdigit(checkbuffer[0])) { /* /3 */
data/tlf-1.4.1/src/getctydata.c:184:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(checkbuffer) > 1)
data/tlf-1.4.1/src/getexchange.c:118:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastqsonr, qsonrstr, 5);
data/tlf-1.4.1/src/getexchange.c:132:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (*comment == '\0') && (strlen(hiscall) != 0)) {
data/tlf-1.4.1/src/getexchange.c:139:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(hiscall) != 0)) {
data/tlf-1.4.1/src/getexchange.c:151:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(comment);
data/tlf-1.4.1/src/getexchange.c:162:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tlf-1.4.1/src/getexchange.c:172:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmove(stdscr, 12, 54 + strlen(comment));
data/tlf-1.4.1/src/getexchange.c:204:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment[strlen(comment) - 1] = '\0';
data/tlf-1.4.1/src/getexchange.c:240:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ctcomp != 0) && (strlen(hiscall) > 2)) {
data/tlf-1.4.1/src/getexchange.c:388:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) == 1) {
data/tlf-1.4.1/src/getexchange.c:395:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) == 2) {
data/tlf-1.4.1/src/getexchange.c:398:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment, "0");
data/tlf-1.4.1/src/getexchange.c:406:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(comment) == 1) || (comment[1] == ' ')) {
data/tlf-1.4.1/src/getexchange.c:413:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(comment) == 2) || (comment[2] == ' ')) {
data/tlf-1.4.1/src/getexchange.c:416:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment, "0");
data/tlf-1.4.1/src/getexchange.c:434:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(commentbuf, "0");
data/tlf-1.4.1/src/getexchange.c:445:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) == 1) {
data/tlf-1.4.1/src/getexchange.c:452:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) == 2) {
data/tlf-1.4.1/src/getexchange.c:455:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment, "0");
data/tlf-1.4.1/src/getexchange.c:461:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((arrlss == 1) && (x != TAB) && (strlen(section) < 2)) {
data/tlf-1.4.1/src/getexchange.c:466:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& ((x != TAB) && (strlen(section) < 1))) {
data/tlf-1.4.1/src/getexchange.c:496:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) < 5) {
data/tlf-1.4.1/src/getexchange.c:640:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) > 0) {
data/tlf-1.4.1/src/getexchange.c:642:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(comment); i++) {
data/tlf-1.4.1/src/getexchange.c:683:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zone_fix, zone, 2);
data/tlf-1.4.1/src/getexchange.c:686:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zone_export, zone, 2);
data/tlf-1.4.1/src/getexchange.c:691:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) >= 2)
data/tlf-1.4.1/src/getexchange.c:704:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 4);
data/tlf-1.4.1/src/getexchange.c:708:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 5);
data/tlf-1.4.1/src/getexchange.c:712:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 6);
data/tlf-1.4.1/src/getexchange.c:716:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(callupdate) > 3) {
data/tlf-1.4.1/src/getexchange.c:800:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 4);
data/tlf-1.4.1/src/getexchange.c:804:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 5);
data/tlf-1.4.1/src/getexchange.c:808:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 6);
data/tlf-1.4.1/src/getexchange.c:812:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(callupdate) > 3) {
data/tlf-1.4.1/src/getexchange.c:856:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(multi) >= 1) &&
data/tlf-1.4.1/src/getexchange.c:878:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ssexchange, " ");
data/tlf-1.4.1/src/getexchange.c:880:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ssexchange, " ");
data/tlf-1.4.1/src/getexchange.c:882:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ssexchange, " ");
data/tlf-1.4.1/src/getexchange.c:930:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(checksection, comment + (hr), 3);
data/tlf-1.4.1/src/getexchange.c:931:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (checksection[strlen(checksection) - 1] == ' ') {
data/tlf-1.4.1/src/getexchange.c:932:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checksection[strlen(checksection) - 1] = '\0';
data/tlf-1.4.1/src/getexchange.c:937:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(checksection)) {
data/tlf-1.4.1/src/getexchange.c:951:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(checksection, comment, 3);
data/tlf-1.4.1/src/getexchange.c:976:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(checksection, comment, 3);
data/tlf-1.4.1/src/getexchange.c:980:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (get_matching_length(checksection, jj) == strlen(checksection)) {
data/tlf-1.4.1/src/getexchange.c:1011:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 4);
data/tlf-1.4.1/src/getexchange.c:1015:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 5);
data/tlf-1.4.1/src/getexchange.c:1019:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callupdate, comment + hr, 6);
data/tlf-1.4.1/src/getexchange.c:1024:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(callupdate) > 3) {
data/tlf-1.4.1/src/getexchange.c:1072:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cmpattern) - strlen(checkstring)) > 0) {
data/tlf-1.4.1/src/getexchange.c:1072:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cmpattern) - strlen(checkstring)) > 0) {
data/tlf-1.4.1/src/getexchange.c:1073:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (strlen(cmpattern) - strlen(checkstring)) - 1; i++) {
data/tlf-1.4.1/src/getexchange.c:1073:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (strlen(cmpattern) - strlen(checkstring)) - 1; i++) {
data/tlf-1.4.1/src/getexchange.c:1076:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(newpat, cmpattern + i, strlen(comment));
data/tlf-1.4.1/src/getexchange.c:1076:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(newpat, cmpattern + i, strlen(comment));
data/tlf-1.4.1/src/getexchange.c:1078:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(newpat, checkstring, strlen(checkstring)) == 0) {
data/tlf-1.4.1/src/getexchange.c:1082:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x > strlen(comment))
data/tlf-1.4.1/src/getexchange.c:1100:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(comment); i++) {
data/tlf-1.4.1/src/getexchange.c:1122:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(comment);
data/tlf-1.4.1/src/getexchange.c:1125:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((i != ESCAPE) && (b <= strlen(comment))) {
data/tlf-1.4.1/src/getexchange.c:1143:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b = strlen(comment);
data/tlf-1.4.1/src/getexchange.c:1155:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b < strlen(comment) - 1) {
data/tlf-1.4.1/src/getexchange.c:1164:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(comment);
data/tlf-1.4.1/src/getexchange.c:1177:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(comment);
data/tlf-1.4.1/src/getexchange.c:1194:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) <= 24) {
data/tlf-1.4.1/src/getexchange.c:1196:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(comment2, comment + b, strlen(comment) - (b - 1));
data/tlf-1.4.1/src/getexchange.c:1196:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(comment2, comment + b, strlen(comment) - (b - 1));
data/tlf-1.4.1/src/getpx.c:56:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(call); i++) {
data/tlf-1.4.1/src/getpx.c:70:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pxbuffer, checkcall, 2);
data/tlf-1.4.1/src/getpx.c:71:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pxbuffer, "0");
data/tlf-1.4.1/src/getpx.c:73:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(checkcall);
data/tlf-1.4.1/src/initial_exchange.c:82:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inputbuffer) > 80) {
data/tlf-1.4.1/src/initial_exchange.c:131:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->call, token, MAX_CALL_LENGTH);
data/tlf-1.4.1/src/initial_exchange.c:141:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->exchange, xchg, MAX_IE_LENGTH);
data/tlf-1.4.1/src/lancode.c:99:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(service) > 0) {
data/tlf-1.4.1/src/lancode.c:286:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(sendbuffer, message, 98);
data/tlf-1.4.1/src/lancode.c:289:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sendbuffer, "\n");
data/tlf-1.4.1/src/lancode.c:313:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sendbuffer, "\n");
data/tlf-1.4.1/src/lancode.c:321:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sendbuffer, "\n");
data/tlf-1.4.1/src/lancode.c:326:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sendbuffer, "\n");
data/tlf-1.4.1/src/lancode.c:331:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sendbuffer, "\n");
data/tlf-1.4.1/src/lancode.c:350:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(talkline, "\n");
data/tlf-1.4.1/src/lancode.c:433:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(timebuffer, " ");
data/tlf-1.4.1/src/last10.c:62:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(input, qsos[counter], LOGLINELEN + 1);
data/tlf-1.4.1/src/listmessages.c:47:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strlcpy(printbuffer, digi_message[i], strlen(digi_message[i]));
data/tlf-1.4.1/src/listmessages.c:49:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strlcpy(printbuffer, message[i], strlen(message[i]));
data/tlf-1.4.1/src/locator2longlat.c:77:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paircount = strlen(locator) / 2;
data/tlf-1.4.1/src/locator2longlat.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qra) < 4) {
data/tlf-1.4.1/src/log_to_disk.c:92:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lan_logline, lan_message + 2, 87);
data/tlf-1.4.1/src/logit.c:104:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (callreturn == '\n' && strlen(hiscall) >= 3) {
data/tlf-1.4.1/src/logit.c:149:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) == 0 && recall_exchange() == -1)
data/tlf-1.4.1/src/main.c:490:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) >= 120) {
data/tlf-1.4.1/src/main.c:659:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(multsfile) == 0) {
data/tlf-1.4.1/src/makelogline.c:77:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(logline4) == 54);
data/tlf-1.4.1/src/makelogline.c:81:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(logline4) == 77);
data/tlf-1.4.1/src/makelogline.c:101:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(logline4) == 87);
data/tlf-1.4.1/src/makelogline.c:168:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(logline4, " ");
data/tlf-1.4.1/src/makelogline.c:244:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, ssexchange, 22);
data/tlf-1.4.1/src/makelogline.c:249:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, comment, 22);
data/tlf-1.4.1/src/makelogline.c:260:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(grid, comment + i, 6);
data/tlf-1.4.1/src/makelogline.c:268:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, comment, 22);
data/tlf-1.4.1/src/makelogline.c:279:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (trxmode == DIGIMODE && cqww == 1 && strlen(comment) < 5) {
data/tlf-1.4.1/src/makelogline.c:285:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, comment, 22);
data/tlf-1.4.1/src/makelogline.c:287:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, comment, 22);
data/tlf-1.4.1/src/makelogline.c:305:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, pxstr, 5);
data/tlf-1.4.1/src/makelogline.c:317:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, dxcc_by_index(addcty) -> pfx + 1, 5);
data/tlf-1.4.1/src/makelogline.c:319:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, dxcc_by_index(addcty) -> pfx, 5);
data/tlf-1.4.1/src/makelogline.c:333:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) < 2) {
data/tlf-1.4.1/src/makelogline.c:334:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(logline4, "0");
data/tlf-1.4.1/src/makelogline.c:335:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, comment, 1);
data/tlf-1.4.1/src/makelogline.c:337:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, comment, 2);
data/tlf-1.4.1/src/makelogline.c:351:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, dxcc_by_index(addcty) -> pfx, 9);
data/tlf-1.4.1/src/makelogline.c:363:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, dxcc_by_index(addcty) -> pfx, 9);
data/tlf-1.4.1/src/makelogline.c:379:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, multis[shownewmult].name, 9);
data/tlf-1.4.1/src/makelogline.c:391:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, multis[shownewmult].name, 9);
data/tlf-1.4.1/src/makelogline.c:403:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, dxcc_by_index(addcty) -> pfx, 9);
data/tlf-1.4.1/src/makelogline.c:408:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, pxstr, 3);
data/tlf-1.4.1/src/makelogline.c:421:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, dxcc_by_index(addcty) -> pfx, 9);
data/tlf-1.4.1/src/makelogline.c:440:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(logline4);
data/tlf-1.4.1/src/makelogline.c:443:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(logline4, fillspaces, n - len);
data/tlf-1.4.1/src/muf.c:121:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
split_condx(strlen(condx), line);
data/tlf-1.4.1/src/muf.c:133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(lastwwv_raw);
data/tlf-1.4.1/src/muf.c:323:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(country, dx->countryname, 25);
data/tlf-1.4.1/src/netkeyer.c:172:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendto_rc = sendto(socket_descriptor, buf, strlen(buf),
data/tlf-1.4.1/src/note.c:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) >= 1) {
data/tlf-1.4.1/src/note.c:63:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer2, buffer, (LOGLINELEN - 1) - strlen(buffer2));
data/tlf-1.4.1/src/note.c:63:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buffer2, buffer, (LOGLINELEN - 1) - strlen(buffer2));
data/tlf-1.4.1/src/note.c:64:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(buffer2 + strlen(buffer2), ' ',
data/tlf-1.4.1/src/note.c:65:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(LOGLINELEN - 1) - strlen(buffer2)); /* fill spaces */
data/tlf-1.4.1/src/paccdx.c:72:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pxnr = pxstr[strlen(pxstr) - 1] - 48;
data/tlf-1.4.1/src/parse_logcfg.c:139:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((buffer[0] != '#') && (buffer[0] != ';') && (strlen(buffer) > 1)) {
data/tlf-1.4.1/src/parse_logcfg.c:669:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fields[1]) > 20) {
data/tlf-1.4.1/src/parse_logcfg.c:675:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fields[1]) == 0) {
data/tlf-1.4.1/src/parse_logcfg.c:688:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(call, "\n");
data/tlf-1.4.1/src/parse_logcfg.c:696:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(whichcontest) > 40) {
data/tlf-1.4.1/src/parse_logcfg.c:718:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fields[1] != NULL) && (strlen(fields[1]) >= 10)) {
data/tlf-1.4.1/src/parse_logcfg.c:853:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buff, fields[1], 2);
data/tlf-1.4.1/src/parse_logcfg.c:958:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buff, fields[1], 5);
data/tlf-1.4.1/src/parse_logcfg.c:967:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) > 2) {
data/tlf-1.4.1/src/parse_logcfg.c:968:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tncportname, buff, 39);
data/tlf-1.4.1/src/parse_logcfg.c:1078:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buff, fields[1], 3);
data/tlf-1.4.1/src/parse_logcfg.c:1155:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(country_list_raw) == 0) {/* only if first definition */
data/tlf-1.4.1/src/parse_logcfg.c:1177:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(whichcontest) - 1) == 0) {
data/tlf-1.4.1/src/parse_logcfg.c:1179:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(country_list_raw,
data/tlf-1.4.1/src/parse_logcfg.c:1180:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer + strlen(whichcontest) + 1,
data/tlf-1.4.1/src/parse_logcfg.c:1181:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buffer) - 1);
data/tlf-1.4.1/src/parse_logcfg.c:1188:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp_buffer) > 0)
data/tlf-1.4.1/src/parse_logcfg.c:1284:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, fields[1], 3);
data/tlf-1.4.1/src/parse_logcfg.c:1314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fields[1]) >= 80) {
data/tlf-1.4.1/src/parse_logcfg.c:1325:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fields[1]) >= 2 && isdigit(fields[1][0]) &&
data/tlf-1.4.1/src/parse_logcfg.c:1338:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fields[1]) >= 2 && isdigit(fields[1][0]) &&
data/tlf-1.4.1/src/parse_logcfg.c:1541:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cont_multiplier_list) == 0) { /* if first definition */
data/tlf-1.4.1/src/parse_logcfg.c:1554:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(whichcontest) - 1) == 0) {
data/tlf-1.4.1/src/parse_logcfg.c:1556:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cont_multiplier_list,
data/tlf-1.4.1/src/parse_logcfg.c:1557:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer + strlen(whichcontest) + 1,
data/tlf-1.4.1/src/parse_logcfg.c:1558:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buffer) - 1);
data/tlf-1.4.1/src/parse_logcfg.c:1565:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp_buffer) > 0)
data/tlf-1.4.1/src/parse_logcfg.c:1576:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(continent_multiplier_list[counter], tk_ptr, 2);
data/tlf-1.4.1/src/parse_logcfg.c:1606:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bwp_params_list) == 0) {
data/tlf-1.4.1/src/parse_logcfg.c:1631:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bwm_params_list) == 0) {
data/tlf-1.4.1/src/parse_logcfg.c:1674:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isdigit(tk_ptr[strlen(tk_ptr) - 1])) {
data/tlf-1.4.1/src/parse_logcfg.c:1737:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = 0; p < strlen(fields[1]); p++) {
data/tlf-1.4.1/src/parse_logcfg.c:1768:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(continent_multiplier_list[0]) == 0) {
data/tlf-1.4.1/src/parse_logcfg.c:1776:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(countrylist[0]) == 0) {
data/tlf-1.4.1/src/prevqso.c:41:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++) {
data/tlf-1.4.1/src/qtc_log.c:45:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtcreclist.qtclines[i].time) == 4 &&
data/tlf-1.4.1/src/qtc_log.c:46:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[i].callsign) > 0 &&
data/tlf-1.4.1/src/qtc_log.c:47:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[i].serial) > 0) { // all fields are filled
data/tlf-1.4.1/src/qtc_log.c:59:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtc_line.date, qtcreclist.qtclines[i].receivedtime, 9);
data/tlf-1.4.1/src/qtc_log.c:61:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtc_line.time, qtcreclist.qtclines[i].receivedtime + 10, 5);
data/tlf-1.4.1/src/qtc_log.c:73:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qtc_line.qtc_call[strlen(qtcreclist.qtclines[i].callsign)] = '\0';
data/tlf-1.4.1/src/qtc_log.c:135:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtc_line.date, qtclist.qtclines[i].senttime, 9);
data/tlf-1.4.1/src/qtc_log.c:137:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtc_line.time, qtclist.qtclines[i].senttime + 10, 5);
data/tlf-1.4.1/src/qtcutil.c:154:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callsign, logline + 30, 15);
data/tlf-1.4.1/src/qtcutil.c:157:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(callsign, logline + 35, 15);
data/tlf-1.4.1/src/qtcutil.c:195:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flag, tmp, 1);
data/tlf-1.4.1/src/qtcwin.c:261:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen((char *)qtcrec_record_command) > 0) {
data/tlf-1.4.1/src/qtcwin.c:278:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qtcrec_record == 1 && strlen((char *)qtcrec_record_command_shutdown) > 0) {
data/tlf-1.4.1/src/qtcwin.c:305:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(time) >= 2) {
data/tlf-1.4.1/src/qtcwin.c:308:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(time);
data/tlf-1.4.1/src/qtcwin.c:311:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qtcreclist.qtclines[i].time, time, len);
data/tlf-1.4.1/src/qtcwin.c:322:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(recline->time); i < 4; i++) {
data/tlf-1.4.1/src/qtcwin.c:328:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(recline->callsign); i < 3; i++) {
data/tlf-1.4.1/src/qtcwin.c:334:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(recline->serial); i < 1; i++) {
data/tlf-1.4.1/src/qtcwin.c:350:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.callsign) == 0) {
data/tlf-1.4.1/src/qtcwin.c:390:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtclist.callsign) == 0 || qtclist.count == 0) {
data/tlf-1.4.1/src/qtcwin.c:421:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) > 0) {
data/tlf-1.4.1/src/qtcwin.c:423:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(lastcall) > 0) {
data/tlf-1.4.1/src/qtcwin.c:451:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5000);
data/tlf-1.4.1/src/qtcwin.c:604:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[currqtc].time) == 4 &&
data/tlf-1.4.1/src/qtcwin.c:605:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[currqtc].callsign) > 0 &&
data/tlf-1.4.1/src/qtcwin.c:606:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[currqtc].serial) > 0)
data/tlf-1.4.1/src/qtcwin.c:719:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.callsign) > 0 &&
data/tlf-1.4.1/src/qtcwin.c:738:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qtc_send_msgs[1][strlen(qtc_send_msgs[1]) - 1] == 10) {
data/tlf-1.4.1/src/qtcwin.c:739:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qtc_send_msgs[1][strlen(qtc_send_msgs[1]) - 1] = '\0';
data/tlf-1.4.1/src/qtcwin.c:741:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(qtc_send_msgs[1]) - 5; // len("sr/nr") = 5
data/tlf-1.4.1/src/qtcwin.c:864:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (direction == SEND && strlen(qtc_send_msgs[x - KEY_F(1)]) > 0) {
data/tlf-1.4.1/src/qtcwin.c:865:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qtc_send_msgs[x - KEY_F(1)][strlen(qtc_send_msgs[x - KEY_F(
data/tlf-1.4.1/src/qtcwin.c:867:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qtc_send_msgs[x - KEY_F(1)][strlen(qtc_send_msgs[x - KEY_F(1)]) - 1] = 0;
data/tlf-1.4.1/src/qtcwin.c:869:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(qtc_send_msgs[x - KEY_F(1)]) - 5; // len("sr/nr") = 5
data/tlf-1.4.1/src/qtcwin.c:878:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmess, qtclist.qtclines[activefield - 3].qtc, 5);
data/tlf-1.4.1/src/qtcwin.c:883:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmess, qtclist.qtclines[activefield - 3].qtc + 5, 13);
data/tlf-1.4.1/src/qtcwin.c:891:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmess, qtclist.qtclines[activefield - 3].qtc + 20, 4);
data/tlf-1.4.1/src/qtcwin.c:1031:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtcreclist.callsign) > 0 &&
data/tlf-1.4.1/src/qtcwin.c:1122:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_strstrip(qtccallsign)) > 3) {
data/tlf-1.4.1/src/qtcwin.c:1131:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_strstrip(qtccallsign)) > 3) {
data/tlf-1.4.1/src/qtcwin.c:1207:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curfieldlen = strlen(fieldval);
data/tlf-1.4.1/src/qtcwin.c:1224:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wmove(qtcwin, winrow, (pos[posidx][1] + strlen(fieldval)) - curpos);
data/tlf-1.4.1/src/qtcwin.c:1239:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(qtccallsign) < pos[0][2] - 1) {
data/tlf-1.4.1/src/qtcwin.c:1240:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qtccallsign[strlen(qtccallsign) - curpos] = pressed;
data/tlf-1.4.1/src/qtcwin.c:1248:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fieldval[strlen(fieldval) - (1 + curpos)] = pressed;
data/tlf-1.4.1/src/qtcwin.c:1252:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fieldval) <= pos[1][2]) {
data/tlf-1.4.1/src/qtcwin.c:1258:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fieldval[strlen(fieldval) - (1 + curpos)] = pressed;
data/tlf-1.4.1/src/qtcwin.c:1262:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fieldval) <= pos[2][2] && atoi(fieldval) <= 10) {
data/tlf-1.4.1/src/qtcwin.c:1307:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| stridx == 1) && strlen(fieldval) < pos[posidx][2]) {
data/tlf-1.4.1/src/qtcwin.c:1309:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fieldval[strlen(fieldval) - curpos] = pressed;
data/tlf-1.4.1/src/qtcwin.c:1328:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stridx == 0 && strlen(fieldval) == pos[posidx][2]
data/tlf-1.4.1/src/qtcwin.c:1347:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtccallsign) > 0) {
data/tlf-1.4.1/src/qtcwin.c:1351:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qtccallsign[strlen(fieldval)] = '\0';
data/tlf-1.4.1/src/qtcwin.c:1357:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fieldval) > 0) {
data/tlf-1.4.1/src/qtcwin.c:1365:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fieldval) > 0) {
data/tlf-1.4.1/src/qtcwin.c:1388:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fieldval) > 0) {
data/tlf-1.4.1/src/qtcwin.c:1390:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fieldval[strlen(fieldval)] = '\0';
data/tlf-1.4.1/src/qtcwin.c:1410:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(fieldval) - (curpos + shift); i < strlen(fieldval); i++) {
data/tlf-1.4.1/src/qtcwin.c:1410:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(fieldval) - (curpos + shift); i < strlen(fieldval); i++) {
data/tlf-1.4.1/src/qtcwin.c:1425:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtcreclist.qtclines[idx].time) != 4) {
data/tlf-1.4.1/src/qtcwin.c:1428:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(qtcreclist.qtclines[idx].time); i++) {
data/tlf-1.4.1/src/qtcwin.c:1436:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtcreclist.qtclines[idx].callsign) < 3) {
data/tlf-1.4.1/src/qtcwin.c:1439:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(qtcreclist.qtclines[idx].callsign); i++) {
data/tlf-1.4.1/src/qtcwin.c:1446:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtcreclist.qtclines[idx].serial) == 0) {
data/tlf-1.4.1/src/qtcwin.c:1449:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(qtcreclist.qtclines[idx].serial); i++) {
data/tlf-1.4.1/src/qtcwin.c:1515:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[currqtc].time) == 4 &&
data/tlf-1.4.1/src/qtcwin.c:1516:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[currqtc].callsign) > 0 &&
data/tlf-1.4.1/src/qtcwin.c:1517:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(qtcreclist.qtclines[currqtc].serial) > 0
data/tlf-1.4.1/src/qtcwin.c:1541:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtc_recv_msgs[i]) > 0) {
data/tlf-1.4.1/src/qtcwin.c:1553:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtc_send_msgs[i]) > 0) {
data/tlf-1.4.1/src/qtcwin.c:1602:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(tokens[i]); j++) {
data/tlf-1.4.1/src/qtcwin.c:1611:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(tokens[i]); j++) {
data/tlf-1.4.1/src/qtcwin.c:1633:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tokens[1], "/");
data/tlf-1.4.1/src/qtcwin.c:1642:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(tokens[i]); j++) {
data/tlf-1.4.1/src/qtcwin.c:1650:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tokens[i]) > maxlength[i]) {
data/tlf-1.4.1/src/qtcwin.c:1657:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(tokens[i]); j++) {
data/tlf-1.4.1/src/qtcwin.c:1746:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/tlf-1.4.1/src/qtcwin.c:1772:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(currline, qtc_ry_lines[qtc_ry_currline].content, 38);
data/tlf-1.4.1/src/qtcwin.c:1934:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtccallsign) > 0 && strcmp(qtccallsign, prevqtccall) != 0) {
data/tlf-1.4.1/src/readcabrillo.c:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) > 0) {
data/tlf-1.4.1/src/readcabrillo.c:63:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment, " ");
data/tlf-1.4.1/src/readcabrillo.c:74:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(line, start, strlen(start)) == 0);
data/tlf-1.4.1/src/readcabrillo.c:132:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(thiscall, qsos[qtc_curr_call_nr] + 29, 14);
data/tlf-1.4.1/src/readcabrillo.c:134:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ttime, qsos[qtc_curr_call_nr] + 17, 2);
data/tlf-1.4.1/src/readcabrillo.c:135:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ttime + 2, qsos[qtc_curr_call_nr] + 20, 2);
data/tlf-1.4.1/src/readcalls.c:364:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pxnr = pxstr[strlen(pxstr) - 1] - 48;
data/tlf-1.4.1/src/readcalls.c:500:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(synclogfile) < 80)
data/tlf-1.4.1/src/readqtccalls.c:127:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtc_cap_calls) > 0) {
data/tlf-1.4.1/src/recall_exchange.c:49:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) == 0)
data/tlf-1.4.1/src/recall_exchange.c:53:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) != 0)
data/tlf-1.4.1/src/recall_exchange.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(hiscall);
data/tlf-1.4.1/src/recall_exchange.c:75:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) == 0 && main_ie_list != NULL) {
data/tlf-1.4.1/src/recall_exchange.c:84:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loc2 = loc + strlen(current_ie->call);
data/tlf-1.4.1/src/rtty.c:126:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qtc_ry_lines[qtc_ry_currline].content) > 0) {
data/tlf-1.4.1/src/rtty.c:239:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fdcont, line, 39);
data/tlf-1.4.1/src/rules.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(whichcontest) == 0) {
data/tlf-1.4.1/src/rules.c:61:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(whichcontest) >= 40) {
data/tlf-1.4.1/src/score.c:49:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(countrylist[i]) != 0) {
data/tlf-1.4.1/src/score.c:68:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) == 0) {
data/tlf-1.4.1/src/score.c:89:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!isdigit(prefix[strlen(prefix) - 1])) { /* last char '0'..'9' */
data/tlf-1.4.1/src/score.c:93:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix[strlen(prefix) - 1] = '\0'; /* strip trailing digit */
data/tlf-1.4.1/src/score.c:98:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!isdigit(prefix[strlen(prefix) - 1])) {
data/tlf-1.4.1/src/score.c:102:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix[strlen(prefix) - 1] = '\0'; /* last try */
data/tlf-1.4.1/src/score.c:111:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(continent_multiplier_list[i]) != 0) {
data/tlf-1.4.1/src/score.c:146:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (loc == hiscall + strlen(hiscall) - 2) {
data/tlf-1.4.1/src/score.c:431:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) > 3) {
data/tlf-1.4.1/src/score.c:461:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "NA", 3);
data/tlf-1.4.1/src/score.c:464:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "SA", 3);
data/tlf-1.4.1/src/score.c:467:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "EU", 3);
data/tlf-1.4.1/src/score.c:470:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "AS", 3);
data/tlf-1.4.1/src/score.c:473:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "AS", 3);
data/tlf-1.4.1/src/score.c:476:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "AF", 3);
data/tlf-1.4.1/src/score.c:479:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "EU", 3);
data/tlf-1.4.1/src/score.c:482:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(continent, "??", 3);
data/tlf-1.4.1/src/scroll_log.c:50:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qsonrstr, logline4 + 23, 4);
data/tlf-1.4.1/src/scroll_log.c:55:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qsonrstr, logline3 + 23, 4);
data/tlf-1.4.1/src/scroll_log.c:61:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qsonrstr, logline2 + 23, 4);
data/tlf-1.4.1/src/scroll_log.c:67:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qsonrstr, logline1 + 23, 4);
data/tlf-1.4.1/src/scroll_log.c:114:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inputbuffer) <= 10) /* log repair */
data/tlf-1.4.1/src/searchlog.c:146:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(dx->countryname);
data/tlf-1.4.1/src/searchlog.c:164:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(call);
data/tlf-1.4.1/src/searchlog.c:202:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int hislen = strlen(hiscall);
data/tlf-1.4.1/src/searchlog.c:242:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(searchresult[k]) <= 2) {
data/tlf-1.4.1/src/searchlog.c:250:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(printres, searchresult[k] + 29, 12);
data/tlf-1.4.1/src/searchlog.c:314:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(suggested_call) > strlen(hiscall)) {
data/tlf-1.4.1/src/searchlog.c:314:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(suggested_call) > strlen(hiscall)) {
data/tlf-1.4.1/src/searchlog.c:329:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result[index], searchresult[index] + 17, 5);
data/tlf-1.4.1/src/searchlog.c:331:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result[index], searchresult[index] + 22, 5);
data/tlf-1.4.1/src/searchlog.c:333:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result[index], searchresult[index] + 28, 12); /* call */
data/tlf-1.4.1/src/searchlog.c:334:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result[index], searchresult[index] + 52, 16); /* exch */
data/tlf-1.4.1/src/searchlog.c:394:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int qso_index = 0; strlen(qsos[qso_index]) > 4; qso_index++) {
data/tlf-1.4.1/src/searchlog.c:457:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(hiscall) >= 3 &&
data/tlf-1.4.1/src/searchlog.c:458:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(s_inputbuffer[12 + strlen(hiscall)] == ' '))) {
data/tlf-1.4.1/src/searchlog.c:513:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) == 2)
data/tlf-1.4.1/src/searchlog.c:523:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(result[i]) >= 24) {
data/tlf-1.4.1/src/searchlog.c:533:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(zone_fix) > 1) {
data/tlf-1.4.1/src/searchlog.c:642:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pxnr = pxstr[strlen(pxstr) - 1] - 48;
data/tlf-1.4.1/src/searchlog.c:677:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pxnr = pxstr[strlen(pxstr) - 1] - 48;
data/tlf-1.4.1/src/searchlog.c:749:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall) > 1 && searchflg == SEARCHWINDOW) {
data/tlf-1.4.1/src/searchlog.c:780:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/tlf-1.4.1/src/searchlog.c:817:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(callmaster_location, "/");
data/tlf-1.4.1/src/searchlog.c:835:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s_inputbuffer[0] == '#' || strlen(s_inputbuffer) < 3) {
data/tlf-1.4.1/src/searchlog.c:895:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(multis[j].name, mprint, strlen(mprint)) == 0) {
data/tlf-1.4.1/src/searchlog.c:907:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mprint) > 1)
data/tlf-1.4.1/src/sendbuf.c:69:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/tlf-1.4.1/src/sendbuf.c:74:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_what = strlen(what);
data/tlf-1.4.1/src/sendbuf.c:79:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_rep = strlen(rep);
data/tlf-1.4.1/src/sendbuf.c:92:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q, rep, len_overlap);
data/tlf-1.4.1/src/sendbuf.c:189:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comstr[strlen(call) - 1] = '\0'; // skip trailing \n
data/tlf-1.4.1/src/sendbuf.c:194:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = hiscall + strlen(hiscall_sent);
data/tlf-1.4.1/src/sendbuf.c:195:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hiscall_sent) != 0) {
data/tlf-1.4.1/src/sendbuf.c:235:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastqsonr, qsonrstr, 5);
data/tlf-1.4.1/src/sendbuf.c:266:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buffer) + strlen(termbuf)) < 80) {
data/tlf-1.4.1/src/sendbuf.c:266:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buffer) + strlen(termbuf)) < 80) {
data/tlf-1.4.1/src/sendbuf.c:278:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(printlinebuffer, backgrnd_str,
data/tlf-1.4.1/src/sendbuf.c:279:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
80 - strlen(printlinebuffer));
data/tlf-1.4.1/src/sendbuf.c:281:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = 40 - (int)strlen(printlinebuffer);
data/tlf-1.4.1/src/sendbuf.c:283:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(printlinebuffer, backgrnd_str, len);
data/tlf-1.4.1/src/sendbuf.c:285:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(printlinebuffer) > 45) {
data/tlf-1.4.1/src/sendbuf.c:306:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(buffer); i++)
data/tlf-1.4.1/src/sendbuf.c:309:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(buffer); i++)
data/tlf-1.4.1/src/sendbuf.c:312:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(buffer); i++)
data/tlf-1.4.1/src/sendbuf.c:323:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(buffer); i++)
data/tlf-1.4.1/src/sendbuf.c:347:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msg) != 0) {
data/tlf-1.4.1/src/sendqrg.c:96:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rigportname == NULL || strlen(rigportname) == 0) {
data/tlf-1.4.1/src/sendqrg.c:101:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rigportname[strlen(rigportname) - 1] = '\0'; // remove '\n'
data/tlf-1.4.1/src/sendqrg.c:102:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_rig->state.rigport.pathname, rigportname,
data/tlf-1.4.1/src/sendqrg.c:120:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_rig->state.pttport.pathname, ptt_file, FILPATHLEN);
data/tlf-1.4.1/src/sendqrg.c:122:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(my_rig->state.dcdport.pathname, dcd_file, FILPATHLEN);
data/tlf-1.4.1/src/sendqrg.c:187:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int rigconf_len = strlen(rigconf);
data/tlf-1.4.1/src/sendspcall.c:64:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "|"); /* => CR */
data/tlf-1.4.1/src/sendspcall.c:71:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/tlf-1.4.1/src/sendspcall.c:74:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "}"); /* => ctrl-r */
data/tlf-1.4.1/src/sendspcall.c:76:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "|"); /* => CR */
data/tlf-1.4.1/src/sendspcall.c:83:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/tlf-1.4.1/src/setparameters.c:128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logfile[strlen(logfile) - 1] = '\0';
data/tlf-1.4.1/src/setparameters.c:162:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(call, "\n");
data/tlf-1.4.1/src/showinfo.c:86:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cqzone) < 2) {
data/tlf-1.4.1/src/showinfo.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zonestr, cqzone, 2);
data/tlf-1.4.1/src/showinfo.c:95:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ituzone) < 2) {
data/tlf-1.4.1/src/showinfo.c:98:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(itustr, ituzone, 2);
data/tlf-1.4.1/src/showinfo.c:121:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(contstr, pfx->continent, 2); /* continent */
data/tlf-1.4.1/src/showinfo.c:123:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(contstr, dx->continent, 2); /* continent */
data/tlf-1.4.1/src/showpxmap.c:109:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix, dxcc_by_index(i)->pfx, 3);
data/tlf-1.4.1/src/sockserv.c:90:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/tlf-1.4.1/src/sockserv.c:107:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sockserv_error, "");
data/tlf-1.4.1/src/sockserv.c:136:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fmt);
data/tlf-1.4.1/src/sockserv.c:192:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sockserv_error, "");
data/tlf-1.4.1/src/sockserv.c:298:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sockserv_error, "");
data/tlf-1.4.1/src/sockserv.c:359:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(ifds, sockbuf[ifds].buf + sockbuf[ifds].fragment,
data/tlf-1.4.1/src/sockserv.c:398:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sockbuf[ifds].buf) + 1;
data/tlf-1.4.1/src/sockserv.c:433:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = s + strlen(s);
data/tlf-1.4.1/src/sockserv.c:462:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sockserv_error, "");
data/tlf-1.4.1/src/speedupndown.c:62:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/tlf-1.4.1/src/speedupndown.c:68:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/tlf-1.4.1/src/splitscreen.c:107:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = 0; len < strlen(s); len += 80) {
data/tlf-1.4.1/src/splitscreen.c:109:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spot_ptr[nr_of_spots], s + len, 82);
data/tlf-1.4.1/src/splitscreen.c:110:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spot_ptr[nr_of_spots]) > 5) {
data/tlf-1.4.1/src/splitscreen.c:112:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lastmsg, spot_ptr[nr_of_spots], 82);
data/tlf-1.4.1/src/splitscreen.c:119:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lastmsg) > 20) {
data/tlf-1.4.1/src/splitscreen.c:133:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(spot_ptr[idx - 10], spot_ptr[idx], 82);
data/tlf-1.4.1/src/splitscreen.c:399:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tln_input_buffer) > 0) {
data/tlf-1.4.1/src/splitscreen.c:603:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(tln_input_buffer);
data/tlf-1.4.1/src/splitscreen.c:620:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(convers_calls[cl], s, 5);
data/tlf-1.4.1/src/splitscreen.c:647:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, call, strlen(call) - 1) == 0
data/tlf-1.4.1/src/splitscreen.c:648:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(s) < 81 && strchr(s, '>') == NULL) {
data/tlf-1.4.1/src/splitscreen.c:652:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(s) + strlen(call) + 3) < 80) {
data/tlf-1.4.1/src/splitscreen.c:652:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(s) + strlen(call) + 3) < 80) {
data/tlf-1.4.1/src/splitscreen.c:653:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(dxtext, s + strlen(call) + 3);
data/tlf-1.4.1/src/splitscreen.c:654:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dxtext[strlen(dxtext) - 1] == '\n')
data/tlf-1.4.1/src/splitscreen.c:655:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dxtext[strlen(dxtext) - 1] = '\0'; // remove the newline
data/tlf-1.4.1/src/splitscreen.c:667:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(spotline, dxtext, spotpointer - dxtext);
data/tlf-1.4.1/src/splitscreen.c:702:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] == '\n')
data/tlf-1.4.1/src/splitscreen.c:703:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s) - 1] = '\0'; // remove the newline
data/tlf-1.4.1/src/splitscreen.c:705:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(talkarray[4], s + 8, 60);
data/tlf-1.4.1/src/splitscreen.c:707:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] != '\n')
data/tlf-1.4.1/src/splitscreen.c:708:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "\n"); // we need to restore newline here...
data/tlf-1.4.1/src/splitscreen.c:715:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(s); i++) {
data/tlf-1.4.1/src/splitscreen.c:721:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(tln_input_buffer) > 0)
data/tlf-1.4.1/src/splitscreen.c:724:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lan_out, tln_input_buffer, 78);
data/tlf-1.4.1/src/splitscreen.c:726:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lan_out, "\n");
data/tlf-1.4.1/src/splitscreen.c:727:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) == 0)
data/tlf-1.4.1/src/splitscreen.c:734:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(tln_input_buffer);
data/tlf-1.4.1/src/splitscreen.c:828:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tncportname) > 2) {
data/tlf-1.4.1/src/splitscreen.c:829:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tncportname[strlen(tncportname) - 1] = '\0'; // remove '\n'
data/tlf-1.4.1/src/splitscreen.c:1027:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sent_login == 0) && (strlen(clusterlogin) > 0)
data/tlf-1.4.1/src/splitscreen.c:1087:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fdSertnc, line, BUFFERSIZE - 1);
data/tlf-1.4.1/src/splitscreen.c:1098:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fdFIFO, line, BUFFERSIZE - 1);
data/tlf-1.4.1/src/splitscreen.c:1128:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, "\n");
data/tlf-1.4.1/src/splitscreen.c:1136:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = 13;
data/tlf-1.4.1/src/splitscreen.c:1137:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = '\0';
data/tlf-1.4.1/src/splitscreen.c:1138:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IGNORE(write(fdSertnc, line, strlen(line)));;
data/tlf-1.4.1/src/splitscreen.c:1195:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fdSertnc, line, BUFFERSIZE - 1);
data/tlf-1.4.1/src/splitscreen.c:1208:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fdFIFO, line, BUFFERSIZE - 1);
data/tlf-1.4.1/src/splitscreen.c:1246:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 0) {
data/tlf-1.4.1/src/splitscreen.c:1247:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, "\n");
data/tlf-1.4.1/src/splitscreen.c:1250:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\r';
data/tlf-1.4.1/src/splitscreen.c:1251:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = '\0'; /* not needed */
data/tlf-1.4.1/src/splitscreen.c:1253:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IGNORE(write(fdSertnc, line, strlen(line)));;
data/tlf-1.4.1/src/store_qso.c:43:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(loglineptr, "\n"); /* pa3fwm, 20040113: this looks suspicious,
data/tlf-1.4.1/src/time_update.c:77:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(time_buf, timestr, 8);
data/tlf-1.4.1/src/write_keyer.c:113:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rttyoutput) < 2) {
data/tlf-1.4.1/src/write_keyer.c:117:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tosend[strlen(tosend) - 1] == '\n') {
data/tlf-1.4.1/src/write_keyer.c:118:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tosend[strlen(tosend) - 1] = '\0';
data/tlf-1.4.1/src/writecabrillo.c:319:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dst, " ");
data/tlf-1.4.1/src/writecabrillo.c:321:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(src);
data/tlf-1.4.1/src/writecabrillo.c:335:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dst, " ");
data/tlf-1.4.1/src/writecabrillo.c:337:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(src);
data/tlf-1.4.1/src/writecabrillo.c:384:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/tlf-1.4.1/src/writecabrillo.c:398:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, ""); /* no QTC format description */
data/tlf-1.4.1/src/writecabrillo.c:468:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tmp, start, pos); /** \todo avoid buffer overflow */
data/tlf-1.4.1/src/writecabrillo.c:469:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (pos < strlen(start)) {
data/tlf-1.4.1/src/writecabrillo.c:479:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tmp, start, pos);
data/tlf-1.4.1/src/writecabrillo.c:520:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n"); /* closing nl */
data/tlf-1.4.1/src/writecabrillo.c:623:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 5) {
data/tlf-1.4.1/src/writecabrillo.c:641:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 5) {
data/tlf-1.4.1/src/writecabrillo.c:653:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 5) {
data/tlf-1.4.1/src/writecabrillo.c:707:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "<programversion:%ld>%s\n", strlen(VERSION), VERSION);
data/tlf-1.4.1/src/writecabrillo.c:756:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(exchange) > 0)
data/tlf-1.4.1/src/writecabrillo.c:761:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(standardexchange) == 0) && (exchange_serial != 1)) {
data/tlf-1.4.1/src/writecabrillo.c:780:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(adif_tmp_call, buf + 29, 12);
data/tlf-1.4.1/src/writecabrillo.c:783:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(adif_tmp_call));
data/tlf-1.4.1/src/writecabrillo.c:785:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ">");
data/tlf-1.4.1/src/writecabrillo.c:809:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 81) {
data/tlf-1.4.1/src/writecabrillo.c:834:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(adif_year_check, buf + 14, 2);
data/tlf-1.4.1/src/writecabrillo.c:841:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 14, 2);
data/tlf-1.4.1/src/writecabrillo.c:870:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 7, 2);
data/tlf-1.4.1/src/writecabrillo.c:874:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 17, 2);
data/tlf-1.4.1/src/writecabrillo.c:875:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 20, 2);
data/tlf-1.4.1/src/writecabrillo.c:888:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ">");
data/tlf-1.4.1/src/writecabrillo.c:889:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 44, adif_mode_dep);
data/tlf-1.4.1/src/writecabrillo.c:896:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 23, 4);
data/tlf-1.4.1/src/writecabrillo.c:899:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(standardexchange));
data/tlf-1.4.1/src/writecabrillo.c:901:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ">");
data/tlf-1.4.1/src/writecabrillo.c:906:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(adif_tmp_rr, buf + 49, 4);
data/tlf-1.4.1/src/writecabrillo.c:910:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(adif_tmp_rr));
data/tlf-1.4.1/src/writecabrillo.c:912:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ">");
data/tlf-1.4.1/src/writecabrillo.c:913:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf + 49, adif_mode_dep);
data/tlf-1.4.1/src/writecabrillo.c:916:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(adif_rcvd_num, buf + 54, 14);
data/tlf-1.4.1/src/writecabrillo.c:919:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(adif_rcvd_num));
data/tlf-1.4.1/src/writecabrillo.c:922:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ">");
data/tlf-1.4.1/src/writeparas.c:59:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call) <= 3) {
data/tlf-1.4.1/test/functions.c:44:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, BUFSZ - 1);
data/tlf-1.4.1/test/test_addcall.c:62:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(countrylist[2], "");
data/tlf-1.4.1/test/test_addcall.c:68:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(continent_multiplier_list[2], "");
data/tlf-1.4.1/test/test_addcall.c:263:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(comment, "0");
data/tlf-1.4.1/test/test_addmult.c:56:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(comment, "");
data/tlf-1.4.1/test/test_addmult.c:57:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(section, "");
data/tlf-1.4.1/test/test_addmult.c:59:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(multsfile, "");
data/tlf-1.4.1/test/test_checklogfile.c:25:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write (fd, msg, strlen(msg));
data/tlf-1.4.1/test/test_checklogfile.c:33:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write (fd, msg, strlen(msg));
data/tlf-1.4.1/test/test_checklogfile.c:72:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) != LOGLINELEN) {
data/tlf-1.4.1/test/test_getctydata.c:26:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(countrylist[0], "");
data/tlf-1.4.1/test/test_readcalls.c:64:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(countrylist[2], "");
data/tlf-1.4.1/test/test_readcalls.c:68:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(continent_multiplier_list[2], "");
data/tlf-1.4.1/test/test_recallexchange.c:19:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(comment, "");
data/tlf-1.4.1/test/test_recallexchange.c:32:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hiscall, "");
data/tlf-1.4.1/test/test_score.c:89:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(countrylist[0], "");
data/tlf-1.4.1/test/test_score.c:93:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(continent_multiplier_list[0], "");
data/tlf-1.4.1/test/test_score.c:253:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(countrylist[2], "W");
data/tlf-1.4.1/test/test_score.c:254:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(countrylist[3], "");
data/tlf-1.4.1/test/test_score.c:298:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(continent_multiplier_list[2], "");
data/tlf-1.4.1/test/test_searchlog.c:102:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (qsos[i], "");
data/tlf-1.4.1/test/test_searchlog.c:127:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(zone_export, "");
data/tlf-1.4.1/test/test_searchlog.c:128:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(zone_fix, "");
data/tlf-1.4.1/test/test_wwv.c:18:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert_int_equal(0, strlen(lastwwv));
data/tlf-1.4.1/test/test_wwv.c:61:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert_int_equal(70, strlen(lastwwv));
data/tlf-1.4.1/test/test_wwv.c:72:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert_int_equal(70, strlen(lastwwv));
ANALYSIS SUMMARY:
Hits = 2130
Lines analyzed = 40104 in approximately 1.21 seconds (33203 lines/second)
Physical Source Lines of Code (SLOC) = 26359
Hits@level = [0] 73 [1] 610 [2] 1123 [3] 3 [4] 394 [5] 0
Hits@level+ = [0+] 2203 [1+] 2130 [2+] 1520 [3+] 397 [4+] 394 [5+] 0
Hits/KSLOC@level+ = [0+] 83.5768 [1+] 80.8073 [2+] 57.6653 [3+] 15.0613 [4+] 14.9475 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.