Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/vifm-0.10.1/tests/column_view/general.c
Examining data/vifm-0.10.1/tests/column_view/align.c
Examining data/vifm-0.10.1/tests/column_view/test.h
Examining data/vifm-0.10.1/tests/column_view/callbacks.c
Examining data/vifm-0.10.1/tests/column_view/cropping.c
Examining data/vifm-0.10.1/tests/column_view/width.c
Examining data/vifm-0.10.1/tests/column_view/utf8.c
Examining data/vifm-0.10.1/tests/column_view/suite.c
Examining data/vifm-0.10.1/tests/autocmds/remove.c
Examining data/vifm-0.10.1/tests/autocmds/basic.c
Examining data/vifm-0.10.1/tests/autocmds/suite.c
Examining data/vifm-0.10.1/tests/autocmds/list.c
Examining data/vifm-0.10.1/tests/fileops/cpmv_files.c
Examining data/vifm-0.10.1/tests/fileops/rename_files.c
Examining data/vifm-0.10.1/tests/fileops/chmod.c
Examining data/vifm-0.10.1/tests/fileops/put_files.c
Examining data/vifm-0.10.1/tests/fileops/utils.c
Examining data/vifm-0.10.1/tests/fileops/clone_files.c
Examining data/vifm-0.10.1/tests/fileops/gen_clone_name.c
Examining data/vifm-0.10.1/tests/fileops/make_files.c
Examining data/vifm-0.10.1/tests/fileops/size.c
Examining data/vifm-0.10.1/tests/fileops/delete.c
Examining data/vifm-0.10.1/tests/fileops/chown.c
Examining data/vifm-0.10.1/tests/fileops/utils.h
Examining data/vifm-0.10.1/tests/fileops/restore_files.c
Examining data/vifm-0.10.1/tests/fileops/make_dirs.c
Examining data/vifm-0.10.1/tests/fileops/generic.c
Examining data/vifm-0.10.1/tests/fileops/suite.c
Examining data/vifm-0.10.1/tests/bmarks/remove.c
Examining data/vifm-0.10.1/tests/bmarks/find.c
Examining data/vifm-0.10.1/tests/bmarks/complete.c
Examining data/vifm-0.10.1/tests/bmarks/utils.c
Examining data/vifm-0.10.1/tests/bmarks/update.c
Examining data/vifm-0.10.1/tests/bmarks/set.c
Examining data/vifm-0.10.1/tests/bmarks/utils.h
Examining data/vifm-0.10.1/tests/bmarks/is_older.c
Examining data/vifm-0.10.1/tests/bmarks/clear.c
Examining data/vifm-0.10.1/tests/bmarks/suite.c
Examining data/vifm-0.10.1/tests/bmarks/list.c
Examining data/vifm-0.10.1/tests/ior/chgrp.c
Examining data/vifm-0.10.1/tests/ior/cp.c
Examining data/vifm-0.10.1/tests/ior/rm.c
Examining data/vifm-0.10.1/tests/ior/chmod.c
Examining data/vifm-0.10.1/tests/ior/mv-confirm.c
Examining data/vifm-0.10.1/tests/ior/utils.c
Examining data/vifm-0.10.1/tests/ior/error.c
Examining data/vifm-0.10.1/tests/ior/mv.c
Examining data/vifm-0.10.1/tests/ior/chown.c
Examining data/vifm-0.10.1/tests/ior/utils.h
Examining data/vifm-0.10.1/tests/ior/suite.c
Examining data/vifm-0.10.1/tests/ioeta/lifetime.c
Examining data/vifm-0.10.1/tests/ioeta/update.c
Examining data/vifm-0.10.1/tests/ioeta/calculate.c
Examining data/vifm-0.10.1/tests/ioeta/suite.c
Examining data/vifm-0.10.1/tests/viewcolumns_parser/alignment.c
Examining data/vifm-0.10.1/tests/viewcolumns_parser/syntax.c
Examining data/vifm-0.10.1/tests/viewcolumns_parser/test.h
Examining data/vifm-0.10.1/tests/viewcolumns_parser/cropping.c
Examining data/vifm-0.10.1/tests/viewcolumns_parser/sizes.c
Examining data/vifm-0.10.1/tests/viewcolumns_parser/suite.c
Examining data/vifm-0.10.1/tests/abbrevs/addition.c
Examining data/vifm-0.10.1/tests/abbrevs/expansion.c
Examining data/vifm-0.10.1/tests/abbrevs/deletion.c
Examining data/vifm-0.10.1/tests/abbrevs/iter.c
Examining data/vifm-0.10.1/tests/abbrevs/completion.c
Examining data/vifm-0.10.1/tests/abbrevs/suite.c
Examining data/vifm-0.10.1/tests/utils/is_dir.c
Examining data/vifm-0.10.1/tests/utils/read_file_lines.c
Examining data/vifm-0.10.1/tests/utils/get_command_name.c
Examining data/vifm-0.10.1/tests/utils/unescape.c
Examining data/vifm-0.10.1/tests/utils/should_wait_for_program.c
Examining data/vifm-0.10.1/tests/utils/str_to_case.c
Examining data/vifm-0.10.1/tests/utils/read_line.c
Examining data/vifm-0.10.1/tests/utils/split_ext.c
Examining data/vifm-0.10.1/tests/utils/get_first_wchar.c
Examining data/vifm-0.10.1/tests/utils/get_line.c
Examining data/vifm-0.10.1/tests/utils/extract_part.c
Examining data/vifm-0.10.1/tests/utils/string_escape.c
Examining data/vifm-0.10.1/tests/utils/expand_envvars.c
Examining data/vifm-0.10.1/tests/utils/to_wide.c
Examining data/vifm-0.10.1/tests/utils/matcher.c
Examining data/vifm-0.10.1/tests/utils/filemon.c
Examining data/vifm-0.10.1/tests/utils/get_ext.c
Examining data/vifm-0.10.1/tests/utils/matchers.c
Examining data/vifm-0.10.1/tests/utils/file_streams.c
Examining data/vifm-0.10.1/tests/utils/strprepend.c
Examining data/vifm-0.10.1/tests/utils/cut_extension.c
Examining data/vifm-0.10.1/tests/utils/break_in_two.c
Examining data/vifm-0.10.1/tests/utils/fsddata.c
Examining data/vifm-0.10.1/tests/utils/functional.c
Examining data/vifm-0.10.1/tests/utils/utils.c
Examining data/vifm-0.10.1/tests/utils/split_and_get.c
Examining data/vifm-0.10.1/tests/utils/parse_file_spec.c
Examining data/vifm-0.10.1/tests/utils/path_exists.c
Examining data/vifm-0.10.1/tests/utils/minmax.c
Examining data/vifm-0.10.1/tests/utils/dynarray.c
Examining data/vifm-0.10.1/tests/utils/fsdata.c
Examining data/vifm-0.10.1/tests/utils/get_last_path_component.c
Examining data/vifm-0.10.1/tests/utils/friendly_size.c
Examining data/vifm-0.10.1/tests/utils/cut_suffix.c
Examining data/vifm-0.10.1/tests/utils/regexp.c
Examining data/vifm-0.10.1/tests/utils/canonical.c
Examining data/vifm-0.10.1/tests/utils/format_str.c
Examining data/vifm-0.10.1/tests/utils/rel_symlinks.c
Examining data/vifm-0.10.1/tests/utils/surrounded_with.c
Examining data/vifm-0.10.1/tests/utils/trie.c
Examining data/vifm-0.10.1/tests/utils/squash_double_commas.c
Examining data/vifm-0.10.1/tests/utils/path_starts_with.c
Examining data/vifm-0.10.1/tests/utils/utils.h
Examining data/vifm-0.10.1/tests/utils/split_and_get_dc.c
Examining data/vifm-0.10.1/tests/utils/process_cmd_output.c
Examining data/vifm-0.10.1/tests/utils/to_multibyte.c
Examining data/vifm-0.10.1/tests/utils/sstr.c
Examining data/vifm-0.10.1/tests/utils/fswatch.c
Examining data/vifm-0.10.1/tests/utils/remove_last_path_component.c
Examining data/vifm-0.10.1/tests/utils/utf8.c
Examining data/vifm-0.10.1/tests/utils/str_ellipsis.c
Examining data/vifm-0.10.1/tests/utils/suite.c
Examining data/vifm-0.10.1/tests/variables/options.c
Examining data/vifm-0.10.1/tests/variables/unlet.c
Examining data/vifm-0.10.1/tests/variables/envvars.c
Examining data/vifm-0.10.1/tests/variables/builtin.c
Examining data/vifm-0.10.1/tests/variables/format.c
Examining data/vifm-0.10.1/tests/variables/completion.c
Examining data/vifm-0.10.1/tests/variables/clear.c
Examining data/vifm-0.10.1/tests/variables/suite.c
Examining data/vifm-0.10.1/tests/fuzz/suite.c
Examining data/vifm-0.10.1/tests/text_buffer/append_linef.c
Examining data/vifm-0.10.1/tests/text_buffer/suite.c
Examining data/vifm-0.10.1/tests/filter/change.c
Examining data/vifm-0.10.1/tests/filter/lifetime.c
Examining data/vifm-0.10.1/tests/filter/assign.c
Examining data/vifm-0.10.1/tests/filter/append.c
Examining data/vifm-0.10.1/tests/filter/set.c
Examining data/vifm-0.10.1/tests/filter/matches.c
Examining data/vifm-0.10.1/tests/filter/clear.c
Examining data/vifm-0.10.1/tests/filter/suite.c
Examining data/vifm-0.10.1/tests/regs_shmem_app/regcmd.c
Examining data/vifm-0.10.1/tests/parsing/general.c
Examining data/vifm-0.10.1/tests/parsing/numbers.c
Examining data/vifm-0.10.1/tests/parsing/and_or.c
Examining data/vifm-0.10.1/tests/parsing/envvar.c
Examining data/vifm-0.10.1/tests/parsing/double_quotes.c
Examining data/vifm-0.10.1/tests/parsing/plus_minus.c
Examining data/vifm-0.10.1/tests/parsing/grouping.c
Examining data/vifm-0.10.1/tests/parsing/functions.c
Examining data/vifm-0.10.1/tests/parsing/single_quoted.c
Examining data/vifm-0.10.1/tests/parsing/ampersand.c
Examining data/vifm-0.10.1/tests/parsing/compares.c
Examining data/vifm-0.10.1/tests/parsing/asserts.h
Examining data/vifm-0.10.1/tests/parsing/unary.c
Examining data/vifm-0.10.1/tests/parsing/laziness.c
Examining data/vifm-0.10.1/tests/parsing/variables.c
Examining data/vifm-0.10.1/tests/parsing/suite.c
Examining data/vifm-0.10.1/tests/options/charset.c
Examining data/vifm-0.10.1/tests/options/strlist.c
Examining data/vifm-0.10.1/tests/options/str.c
Examining data/vifm-0.10.1/tests/options/reset.c
Examining data/vifm-0.10.1/tests/options/hat.c
Examining data/vifm-0.10.1/tests/options/quotes.c
Examining data/vifm-0.10.1/tests/options/local.c
Examining data/vifm-0.10.1/tests/options/input.c
Examining data/vifm-0.10.1/tests/options/set.c
Examining data/vifm-0.10.1/tests/options/output.c
Examining data/vifm-0.10.1/tests/options/opt_completion.c
Examining data/vifm-0.10.1/tests/options/with_spaces.c
Examining data/vifm-0.10.1/tests/options/suite.c
Examining data/vifm-0.10.1/tests/colmgr/basic.c
Examining data/vifm-0.10.1/tests/colmgr/test.h
Examining data/vifm-0.10.1/tests/colmgr/suite.c
Examining data/vifm-0.10.1/tests/iop/chgrp.c
Examining data/vifm-0.10.1/tests/iop/mkfile.c
Examining data/vifm-0.10.1/tests/iop/chmod.c
Examining data/vifm-0.10.1/tests/iop/cp-confirm.c
Examining data/vifm-0.10.1/tests/iop/rmfile.c
Examining data/vifm-0.10.1/tests/iop/utils.c
Examining data/vifm-0.10.1/tests/iop/error.c
Examining data/vifm-0.10.1/tests/iop/mkdir.c
Examining data/vifm-0.10.1/tests/iop/rmdir.c
Examining data/vifm-0.10.1/tests/iop/chown.c
Examining data/vifm-0.10.1/tests/iop/utils.h
Examining data/vifm-0.10.1/tests/iop/ln.c
Examining data/vifm-0.10.1/tests/iop/suite.c
Examining data/vifm-0.10.1/tests/iop/cp.c
Examining data/vifm-0.10.1/tests/completion/groups_unite.c
Examining data/vifm-0.10.1/tests/completion/add_hook.c
Examining data/vifm-0.10.1/tests/completion/completion.c
Examining data/vifm-0.10.1/tests/completion/suite.c
Examining data/vifm-0.10.1/tests/ionotif/invoked.c
Examining data/vifm-0.10.1/tests/ionotif/suite.c
Examining data/vifm-0.10.1/tests/commands/user_cmds.c
Examining data/vifm-0.10.1/tests/commands/command_name.c
Examining data/vifm-0.10.1/tests/commands/dispatch_line.c
Examining data/vifm-0.10.1/tests/commands/last_argument.c
Examining data/vifm-0.10.1/tests/commands/ids.c
Examining data/vifm-0.10.1/tests/commands/builtin.c
Examining data/vifm-0.10.1/tests/commands/count.c
Examining data/vifm-0.10.1/tests/commands/input.c
Examining data/vifm-0.10.1/tests/commands/one_number_range.c
Examining data/vifm-0.10.1/tests/commands/suite.h
Examining data/vifm-0.10.1/tests/commands/cmds_completion.c
Examining data/vifm-0.10.1/tests/commands/suite.c
Examining data/vifm-0.10.1/tests/dhist/basic.c
Examining data/vifm-0.10.1/tests/dhist/suite.c
Examining data/vifm-0.10.1/tests/stubs.c
Examining data/vifm-0.10.1/tests/escape/esc_str_overhead.c
Examining data/vifm-0.10.1/tests/escape/esc_highlight_pattern.c
Examining data/vifm-0.10.1/tests/escape/esc_remove.c
Examining data/vifm-0.10.1/tests/escape/suite.c
Examining data/vifm-0.10.1/tests/keys/put_wait_points.c
Examining data/vifm-0.10.1/tests/keys/wait.c
Examining data/vifm-0.10.1/tests/keys/discard_not_full_cmds.c
Examining data/vifm-0.10.1/tests/keys/unmap.c
Examining data/vifm-0.10.1/tests/keys/silent.c
Examining data/vifm-0.10.1/tests/keys/pick_longest.c
Examining data/vifm-0.10.1/tests/keys/def_keys_and_user_mappings.c
Examining data/vifm-0.10.1/tests/keys/suggestions.c
Examining data/vifm-0.10.1/tests/keys/diff_motions.c
Examining data/vifm-0.10.1/tests/keys/num_in_the_middle.c
Examining data/vifm-0.10.1/tests/keys/builtin_keys.h
Examining data/vifm-0.10.1/tests/keys/longest.c
Examining data/vifm-0.10.1/tests/keys/same_multi_and_motion.c
Examining data/vifm-0.10.1/tests/keys/no_regs_long_key.c
Examining data/vifm-0.10.1/tests/keys/builtin_and_custom.c
Examining data/vifm-0.10.1/tests/keys/remap_users.c
Examining data/vifm-0.10.1/tests/keys/motions.c
Examining data/vifm-0.10.1/tests/keys/dont_exec_motions_only.c
Examining data/vifm-0.10.1/tests/keys/count.c
Examining data/vifm-0.10.1/tests/keys/builtin_keys.c
Examining data/vifm-0.10.1/tests/keys/selectors.c
Examining data/vifm-0.10.1/tests/keys/multi_keys.c
Examining data/vifm-0.10.1/tests/keys/multi_are_not_motions.c
Examining data/vifm-0.10.1/tests/keys/noremap.c
Examining data/vifm-0.10.1/tests/keys/rhs.c
Examining data/vifm-0.10.1/tests/keys/users_key_to_key.c
Examining data/vifm-0.10.1/tests/keys/listing.c
Examining data/vifm-0.10.1/tests/keys/remap_builtin.c
Examining data/vifm-0.10.1/tests/keys/long_motions_wait.c
Examining data/vifm-0.10.1/tests/keys/mapping_state.c
Examining data/vifm-0.10.1/tests/keys/suite.c
Examining data/vifm-0.10.1/tests/env/get_one_of_def.c
Examining data/vifm-0.10.1/tests/env/suite.c
Examining data/vifm-0.10.1/tests/misc/if_else.c
Examining data/vifm-0.10.1/tests/misc/navigation.c
Examining data/vifm-0.10.1/tests/misc/leave_invalid_dir.c
Examining data/vifm-0.10.1/tests/misc/commands.c
Examining data/vifm-0.10.1/tests/misc/eval_arglist.c
Examining data/vifm-0.10.1/tests/misc/viewport_positions.c
Examining data/vifm-0.10.1/tests/misc/diff.c
Examining data/vifm-0.10.1/tests/misc/viewport_scrolling.c
Examining data/vifm-0.10.1/tests/misc/options.c
Examining data/vifm-0.10.1/tests/misc/quickview.c
Examining data/vifm-0.10.1/tests/misc/dir_stack.c
Examining data/vifm-0.10.1/tests/misc/args.c
Examining data/vifm-0.10.1/tests/misc/expand_macros.c
Examining data/vifm-0.10.1/tests/misc/cmdline_editing.c
Examining data/vifm-0.10.1/tests/misc/fuse.c
Examining data/vifm-0.10.1/tests/misc/chase_links.c
Examining data/vifm-0.10.1/tests/misc/menus_cs.c
Examining data/vifm-0.10.1/tests/misc/registers_shared_memory.c
Examining data/vifm-0.10.1/tests/misc/flist_reload.c
Examining data/vifm-0.10.1/tests/misc/normal_cmd_cp.c
Examining data/vifm-0.10.1/tests/misc/esc_state_update.c
Examining data/vifm-0.10.1/tests/misc/external_command_exists.c
Examining data/vifm-0.10.1/tests/misc/vifminfo.c
Examining data/vifm-0.10.1/tests/misc/sort.c
Examining data/vifm-0.10.1/tests/misc/builtin_functions.c
Examining data/vifm-0.10.1/tests/misc/running.c
Examining data/vifm-0.10.1/tests/misc/expand_custom_macros.c
Examining data/vifm-0.10.1/tests/misc/sourcing.c
Examining data/vifm-0.10.1/tests/misc/flist_custom.c
Examining data/vifm-0.10.1/tests/misc/rename.c
Examining data/vifm-0.10.1/tests/misc/background.c
Examining data/vifm-0.10.1/tests/misc/cmdline_completion.c
Examining data/vifm-0.10.1/tests/misc/trash.c
Examining data/vifm-0.10.1/tests/misc/count_vars.c
Examining data/vifm-0.10.1/tests/misc/utils.c
Examining data/vifm-0.10.1/tests/misc/fname_modif.c
Examining data/vifm-0.10.1/tests/misc/cmdline_history.c
Examining data/vifm-0.10.1/tests/misc/change_window.c
Examining data/vifm-0.10.1/tests/misc/commands_selection.c
Examining data/vifm-0.10.1/tests/misc/extract_abbrev.c
Examining data/vifm-0.10.1/tests/misc/get_cmd_path.c
Examining data/vifm-0.10.1/tests/misc/find_last_command.c
Examining data/vifm-0.10.1/tests/misc/cancellation.c
Examining data/vifm-0.10.1/tests/misc/menus_dirhistory.c
Examining data/vifm-0.10.1/tests/misc/comments.c
Examining data/vifm-0.10.1/tests/misc/strchar2str.c
Examining data/vifm-0.10.1/tests/misc/viewport_movement.c
Examining data/vifm-0.10.1/tests/misc/menus_find.c
Examining data/vifm-0.10.1/tests/misc/flist_hist.c
Examining data/vifm-0.10.1/tests/misc/command_separation.c
Examining data/vifm-0.10.1/tests/misc/config.c
Examining data/vifm-0.10.1/tests/misc/view_dir.c
Examining data/vifm-0.10.1/tests/misc/menus.c
Examining data/vifm-0.10.1/tests/misc/search.c
Examining data/vifm-0.10.1/tests/misc/menus_undolist.c
Examining data/vifm-0.10.1/tests/misc/wstr_to_spec.c
Examining data/vifm-0.10.1/tests/misc/parse_apropos_line.c
Examining data/vifm-0.10.1/tests/misc/integration.c
Examining data/vifm-0.10.1/tests/misc/commands_cs.c
Examining data/vifm-0.10.1/tests/misc/options_classify.c
Examining data/vifm-0.10.1/tests/misc/commands_filter.c
Examining data/vifm-0.10.1/tests/misc/status.c
Examining data/vifm-0.10.1/tests/misc/append_selected_files.c
Examining data/vifm-0.10.1/tests/misc/compare.c
Examining data/vifm-0.10.1/tests/misc/tabs.c
Examining data/vifm-0.10.1/tests/misc/normal.c
Examining data/vifm-0.10.1/tests/misc/ui_view_schedule.c
Examining data/vifm-0.10.1/tests/misc/ops.c
Examining data/vifm-0.10.1/tests/misc/commands_tabs.c
Examining data/vifm-0.10.1/tests/misc/cabbrev.c
Examining data/vifm-0.10.1/tests/misc/dcache.c
Examining data/vifm-0.10.1/tests/misc/viewport_moving.c
Examining data/vifm-0.10.1/tests/misc/commands_sibl.c
Examining data/vifm-0.10.1/tests/misc/bmarks.c
Examining data/vifm-0.10.1/tests/misc/cmdline_emark.c
Examining data/vifm-0.10.1/tests/misc/ipc.c
Examining data/vifm-0.10.1/tests/misc/utils.h
Examining data/vifm-0.10.1/tests/misc/format_edit_selection_cmd.c
Examining data/vifm-0.10.1/tests/misc/autocmds.c
Examining data/vifm-0.10.1/tests/misc/cmdline_scope.c
Examining data/vifm-0.10.1/tests/misc/trim_right.c
Examining data/vifm-0.10.1/tests/misc/commands_filetype.c
Examining data/vifm-0.10.1/tests/misc/marks.c
Examining data/vifm-0.10.1/tests/misc/menus_bmarks.c
Examining data/vifm-0.10.1/tests/misc/file_magic.c
Examining data/vifm-0.10.1/tests/misc/expand_status_line_macros.c
Examining data/vifm-0.10.1/tests/misc/commands_highlight.c
Examining data/vifm-0.10.1/tests/misc/format_mount_command.c
Examining data/vifm-0.10.1/tests/misc/commands_sync.c
Examining data/vifm-0.10.1/tests/misc/commands_misc.c
Examining data/vifm-0.10.1/tests/misc/flist_tree.c
Examining data/vifm-0.10.1/tests/misc/registers.c
Examining data/vifm-0.10.1/tests/misc/flist_misc.c
Examining data/vifm-0.10.1/tests/misc/flist_custom_filtering.c
Examining data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c
Examining data/vifm-0.10.1/tests/misc/filtering.c
Examining data/vifm-0.10.1/tests/misc/menus_media.c
Examining data/vifm-0.10.1/tests/misc/suite.c
Examining data/vifm-0.10.1/tests/stic/stic.h
Examining data/vifm-0.10.1/tests/stic/stic.c
Examining data/vifm-0.10.1/tests/undo/undolist.c
Examining data/vifm-0.10.1/tests/undo/undo.c
Examining data/vifm-0.10.1/tests/undo/trash.c
Examining data/vifm-0.10.1/tests/undo/test.h
Examining data/vifm-0.10.1/tests/undo/last_cmd_group_empty.c
Examining data/vifm-0.10.1/tests/undo/undolevels.c
Examining data/vifm-0.10.1/tests/undo/suite.c
Examining data/vifm-0.10.1/tests/filetype/filetype.c
Examining data/vifm-0.10.1/tests/filetype/test.c
Examining data/vifm-0.10.1/tests/filetype/find_program.c
Examining data/vifm-0.10.1/tests/filetype/filextype.c
Examining data/vifm-0.10.1/tests/filetype/test.h
Examining data/vifm-0.10.1/tests/filetype/classes.c
Examining data/vifm-0.10.1/tests/filetype/viewers.c
Examining data/vifm-0.10.1/tests/filetype/description.c
Examining data/vifm-0.10.1/tests/filetype/regexps.c
Examining data/vifm-0.10.1/tests/filetype/suite.c
Examining data/vifm-0.10.1/src/int/term_title.c
Examining data/vifm-0.10.1/src/int/path_env.c
Examining data/vifm-0.10.1/src/int/path_env.h
Examining data/vifm-0.10.1/src/int/term_title.h
Examining data/vifm-0.10.1/src/int/desktop.c
Examining data/vifm-0.10.1/src/int/fuse.h
Examining data/vifm-0.10.1/src/int/desktop.h
Examining data/vifm-0.10.1/src/int/file_magic.h
Examining data/vifm-0.10.1/src/int/vim.h
Examining data/vifm-0.10.1/src/int/file_magic.c
Examining data/vifm-0.10.1/src/int/vim.c
Examining data/vifm-0.10.1/src/int/fuse.c
Examining data/vifm-0.10.1/src/fops_put.h
Examining data/vifm-0.10.1/src/search.h
Examining data/vifm-0.10.1/src/marks.h
Examining data/vifm-0.10.1/src/cmd_core.c
Examining data/vifm-0.10.1/src/viewcolumns_parser.h
Examining data/vifm-0.10.1/src/dir_stack.c
Examining data/vifm-0.10.1/src/args.c
Examining data/vifm-0.10.1/src/fops_misc.h
Examining data/vifm-0.10.1/src/macros.c
Examining data/vifm-0.10.1/src/args.h
Examining data/vifm-0.10.1/src/macros.h
Examining data/vifm-0.10.1/src/signals.h
Examining data/vifm-0.10.1/src/sort.c
Examining data/vifm-0.10.1/src/builtin_functions.c
Examining data/vifm-0.10.1/src/undo.c
Examining data/vifm-0.10.1/src/registers.h
Examining data/vifm-0.10.1/src/running.c
Examining data/vifm-0.10.1/src/win_helper.c
Examining data/vifm-0.10.1/src/ops.h
Examining data/vifm-0.10.1/src/utils/int_stack.h
Examining data/vifm-0.10.1/src/utils/utils_nix.c
Examining data/vifm-0.10.1/src/utils/env.h
Examining data/vifm-0.10.1/src/utils/fsddata.h
Examining data/vifm-0.10.1/src/utils/path.h
Examining data/vifm-0.10.1/src/utils/utils_nix.h
Examining data/vifm-0.10.1/src/utils/path.c
Examining data/vifm-0.10.1/src/utils/shmem_nix.c
Examining data/vifm-0.10.1/src/utils/gmux.h
Examining data/vifm-0.10.1/src/utils/windefs.h
Examining data/vifm-0.10.1/src/utils/str.h
Examining data/vifm-0.10.1/src/utils/macros.h
Examining data/vifm-0.10.1/src/utils/matcher.c
Examining data/vifm-0.10.1/src/utils/filemon.c
Examining data/vifm-0.10.1/src/utils/matchers.c
Examining data/vifm-0.10.1/src/utils/fsdata.h
Examining data/vifm-0.10.1/src/utils/log.c
Examining data/vifm-0.10.1/src/utils/file_streams.c
Examining data/vifm-0.10.1/src/utils/test_helpers.h
Examining data/vifm-0.10.1/src/utils/str.c
Examining data/vifm-0.10.1/src/utils/shmem_win.c
Examining data/vifm-0.10.1/src/utils/gmux_nix.c
Examining data/vifm-0.10.1/src/utils/cancellation.h
Examining data/vifm-0.10.1/src/utils/fsddata.c
Examining data/vifm-0.10.1/src/utils/int_stack.c
Examining data/vifm-0.10.1/src/utils/utils.c
Examining data/vifm-0.10.1/src/utils/fswatch_win.c
Examining data/vifm-0.10.1/src/utils/fswatch.h
Examining data/vifm-0.10.1/src/utils/cancellation.c
Examining data/vifm-0.10.1/src/utils/string_array.h
Examining data/vifm-0.10.1/src/utils/fswatch_nix.c
Examining data/vifm-0.10.1/src/utils/utils_int.h
Examining data/vifm-0.10.1/src/utils/fs.h
Examining data/vifm-0.10.1/src/utils/xxhash.c
Examining data/vifm-0.10.1/src/utils/env.c
Examining data/vifm-0.10.1/src/utils/dynarray.c
Examining data/vifm-0.10.1/src/utils/globs.c
Examining data/vifm-0.10.1/src/utils/dynarray.h
Examining data/vifm-0.10.1/src/utils/filter.c
Examining data/vifm-0.10.1/src/utils/fsdata.c
Examining data/vifm-0.10.1/src/utils/gmux_win.c
Examining data/vifm-0.10.1/src/utils/shmem.h
Examining data/vifm-0.10.1/src/utils/matchers.h
Examining data/vifm-0.10.1/src/utils/utils_win.h
Examining data/vifm-0.10.1/src/utils/regexp.h
Examining data/vifm-0.10.1/src/utils/regexp.c
Examining data/vifm-0.10.1/src/utils/filter.h
Examining data/vifm-0.10.1/src/utils/file_streams.h
Examining data/vifm-0.10.1/src/utils/trie.c
Examining data/vifm-0.10.1/src/utils/filemon.h
Examining data/vifm-0.10.1/src/utils/utf8.h
Examining data/vifm-0.10.1/src/utils/hist.c
Examining data/vifm-0.10.1/src/utils/trie.h
Examining data/vifm-0.10.1/src/utils/globs.h
Examining data/vifm-0.10.1/src/utils/utils.h
Examining data/vifm-0.10.1/src/utils/utils_win.c
Examining data/vifm-0.10.1/src/utils/string_array.c
Examining data/vifm-0.10.1/src/utils/log.h
Examining data/vifm-0.10.1/src/utils/hist.h
Examining data/vifm-0.10.1/src/utils/utf8.c
Examining data/vifm-0.10.1/src/utils/darray.h
Examining data/vifm-0.10.1/src/utils/matcher.h
Examining data/vifm-0.10.1/src/utils/private/fsdata.h
Examining data/vifm-0.10.1/src/utils/fs.c
Examining data/vifm-0.10.1/src/utils/xxhash.h
Examining data/vifm-0.10.1/src/filelist.h
Examining data/vifm-0.10.1/src/fops_cpmv.c
Examining data/vifm-0.10.1/src/background.c
Examining data/vifm-0.10.1/src/filename_modifiers.h
Examining data/vifm-0.10.1/src/ui/fileview.h
Examining data/vifm-0.10.1/src/ui/quickview.c
Examining data/vifm-0.10.1/src/ui/statusline.c
Examining data/vifm-0.10.1/src/ui/colors.h
Examining data/vifm-0.10.1/src/ui/statusbar.c
Examining data/vifm-0.10.1/src/ui/quickview.h
Examining data/vifm-0.10.1/src/ui/cancellation.h
Examining data/vifm-0.10.1/src/ui/column_view.c
Examining data/vifm-0.10.1/src/ui/cancellation.c
Examining data/vifm-0.10.1/src/ui/escape.h
Examining data/vifm-0.10.1/src/ui/statusline.h
Examining data/vifm-0.10.1/src/ui/fileview.c
Examining data/vifm-0.10.1/src/ui/color_manager.c
Examining data/vifm-0.10.1/src/ui/tabs.c
Examining data/vifm-0.10.1/src/ui/color_manager.h
Examining data/vifm-0.10.1/src/ui/column_view.h
Examining data/vifm-0.10.1/src/ui/tabs.h
Examining data/vifm-0.10.1/src/ui/statusbar.h
Examining data/vifm-0.10.1/src/ui/escape.c
Examining data/vifm-0.10.1/src/ui/color_scheme.h
Examining data/vifm-0.10.1/src/ui/private/statusline.h
Examining data/vifm-0.10.1/src/ui/color_scheme.c
Examining data/vifm-0.10.1/src/ui/ui.c
Examining data/vifm-0.10.1/src/ui/ui.h
Examining data/vifm-0.10.1/src/background.h
Examining data/vifm-0.10.1/src/menus/media_menu.c
Examining data/vifm-0.10.1/src/menus/trash_menu.c
Examining data/vifm-0.10.1/src/menus/bmarks_menu.c
Examining data/vifm-0.10.1/src/menus/grep_menu.c
Examining data/vifm-0.10.1/src/menus/map_menu.h
Examining data/vifm-0.10.1/src/menus/dirhistory_menu.h
Examining data/vifm-0.10.1/src/menus/history_menu.h
Examining data/vifm-0.10.1/src/menus/commands_menu.c
Examining data/vifm-0.10.1/src/menus/volumes_menu.c
Examining data/vifm-0.10.1/src/menus/jobs_menu.h
Examining data/vifm-0.10.1/src/menus/locate_menu.c
Examining data/vifm-0.10.1/src/menus/users_menu.h
Examining data/vifm-0.10.1/src/menus/registers_menu.c
Examining data/vifm-0.10.1/src/menus/undolist_menu.c
Examining data/vifm-0.10.1/src/menus/registers_menu.h
Examining data/vifm-0.10.1/src/menus/bmarks_menu.h
Examining data/vifm-0.10.1/src/menus/filetypes_menu.c
Examining data/vifm-0.10.1/src/menus/cabbrevs_menu.c
Examining data/vifm-0.10.1/src/menus/trashes_menu.h
Examining data/vifm-0.10.1/src/menus/all.h
Examining data/vifm-0.10.1/src/menus/dirstack_menu.c
Examining data/vifm-0.10.1/src/menus/menus.c
Examining data/vifm-0.10.1/src/menus/vifm_menu.c
Examining data/vifm-0.10.1/src/menus/cabbrevs_menu.h
Examining data/vifm-0.10.1/src/menus/find_menu.h
Examining data/vifm-0.10.1/src/menus/marks_menu.c
Examining data/vifm-0.10.1/src/menus/filetypes_menu.h
Examining data/vifm-0.10.1/src/menus/undolist_menu.h
Examining data/vifm-0.10.1/src/menus/users_menu.c
Examining data/vifm-0.10.1/src/menus/colorscheme_menu.c
Examining data/vifm-0.10.1/src/menus/grep_menu.h
Examining data/vifm-0.10.1/src/menus/jobs_menu.c
Examining data/vifm-0.10.1/src/menus/trash_menu.h
Examining data/vifm-0.10.1/src/menus/locate_menu.h
Examining data/vifm-0.10.1/src/menus/media_menu.h
Examining data/vifm-0.10.1/src/menus/volumes_menu.h
Examining data/vifm-0.10.1/src/menus/find_menu.c
Examining data/vifm-0.10.1/src/menus/colorscheme_menu.h
Examining data/vifm-0.10.1/src/menus/marks_menu.h
Examining data/vifm-0.10.1/src/menus/apropos_menu.h
Examining data/vifm-0.10.1/src/menus/menus.h
Examining data/vifm-0.10.1/src/menus/vifm_menu.h
Examining data/vifm-0.10.1/src/menus/apropos_menu.c
Examining data/vifm-0.10.1/src/menus/commands_menu.h
Examining data/vifm-0.10.1/src/menus/map_menu.c
Examining data/vifm-0.10.1/src/menus/dirstack_menu.h
Examining data/vifm-0.10.1/src/menus/history_menu.c
Examining data/vifm-0.10.1/src/menus/trashes_menu.c
Examining data/vifm-0.10.1/src/menus/dirhistory_menu.c
Examining data/vifm-0.10.1/src/types.h
Examining data/vifm-0.10.1/src/cmd_handlers.c
Examining data/vifm-0.10.1/src/flist_sel.h
Examining data/vifm-0.10.1/src/fops_common.c
Examining data/vifm-0.10.1/src/flist_pos.c
Examining data/vifm-0.10.1/src/opt_handlers.c
Examining data/vifm-0.10.1/src/flist_hist.c
Examining data/vifm-0.10.1/src/running.h
Examining data/vifm-0.10.1/src/undo.h
Examining data/vifm-0.10.1/src/cmd_completion.h
Examining data/vifm-0.10.1/src/fops_rename.c
Examining data/vifm-0.10.1/src/compare.h
Examining data/vifm-0.10.1/src/search.c
Examining data/vifm-0.10.1/src/filelist.c
Examining data/vifm-0.10.1/src/cfg/config.c
Examining data/vifm-0.10.1/src/cfg/info.c
Examining data/vifm-0.10.1/src/cfg/config.h
Examining data/vifm-0.10.1/src/cfg/info.h
Examining data/vifm-0.10.1/src/cfg/info_chars.h
Examining data/vifm-0.10.1/src/filename_modifiers.c
Examining data/vifm-0.10.1/src/builtin_functions.h
Examining data/vifm-0.10.1/src/fops_put.c
Examining data/vifm-0.10.1/src/opt_handlers.h
Examining data/vifm-0.10.1/src/status.c
Examining data/vifm-0.10.1/src/viewcolumns_parser.c
Examining data/vifm-0.10.1/src/vifm.h
Examining data/vifm-0.10.1/src/tags.h
Examining data/vifm-0.10.1/src/cmd_handlers.h
Examining data/vifm-0.10.1/src/compare.c
Examining data/vifm-0.10.1/src/bracket_notation.c
Examining data/vifm-0.10.1/src/filtering.h
Examining data/vifm-0.10.1/src/event_loop.c
Examining data/vifm-0.10.1/src/flist_sel.c
Examining data/vifm-0.10.1/src/bracket_notation.h
Examining data/vifm-0.10.1/src/ops.c
Examining data/vifm-0.10.1/src/fops_rename.h
Examining data/vifm-0.10.1/src/dir_stack.h
Examining data/vifm-0.10.1/src/cmd_completion.c
Examining data/vifm-0.10.1/src/types.c
Examining data/vifm-0.10.1/src/fops_cpmv.h
Examining data/vifm-0.10.1/src/bmarks.c
Examining data/vifm-0.10.1/src/fops_common.h
Examining data/vifm-0.10.1/src/event_loop.h
Examining data/vifm-0.10.1/src/ipc.c
Examining data/vifm-0.10.1/src/sort.h
Examining data/vifm-0.10.1/src/modes/cmdline.h
Examining data/vifm-0.10.1/src/modes/modes.h
Examining data/vifm-0.10.1/src/modes/cmdline.c
Examining data/vifm-0.10.1/src/modes/wk.h
Examining data/vifm-0.10.1/src/modes/more.h
Examining data/vifm-0.10.1/src/modes/visual.c
Examining data/vifm-0.10.1/src/modes/dialogs/attr_dialog.h
Examining data/vifm-0.10.1/src/modes/dialogs/sort_dialog.c
Examining data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.h
Examining data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c
Examining data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c
Examining data/vifm-0.10.1/src/modes/dialogs/sort_dialog.h
Examining data/vifm-0.10.1/src/modes/dialogs/change_dialog.c
Examining data/vifm-0.10.1/src/modes/dialogs/change_dialog.h
Examining data/vifm-0.10.1/src/modes/dialogs/msg_dialog.h
Examining data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.h
Examining data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c
Examining data/vifm-0.10.1/src/modes/menu.c
Examining data/vifm-0.10.1/src/modes/more.c
Examining data/vifm-0.10.1/src/modes/file_info.h
Examining data/vifm-0.10.1/src/modes/normal.c
Examining data/vifm-0.10.1/src/modes/normal.h
Examining data/vifm-0.10.1/src/modes/visual.h
Examining data/vifm-0.10.1/src/modes/view.h
Examining data/vifm-0.10.1/src/modes/menu.h
Examining data/vifm-0.10.1/src/modes/view.c
Examining data/vifm-0.10.1/src/modes/file_info.c
Examining data/vifm-0.10.1/src/modes/modes.c
Examining data/vifm-0.10.1/src/ipc.h
Examining data/vifm-0.10.1/src/fops_misc.c
Examining data/vifm-0.10.1/src/flist_hist.h
Examining data/vifm-0.10.1/src/tags.c
Examining data/vifm-0.10.1/src/cmd_core.h
Examining data/vifm-0.10.1/src/signals.c
Examining data/vifm-0.10.1/src/engine/variables.h
Examining data/vifm-0.10.1/src/engine/text_buffer.h
Examining data/vifm-0.10.1/src/engine/options.c
Examining data/vifm-0.10.1/src/engine/keys.h
Examining data/vifm-0.10.1/src/engine/mode.h
Examining data/vifm-0.10.1/src/engine/keys.c
Examining data/vifm-0.10.1/src/engine/abbrevs.h
Examining data/vifm-0.10.1/src/engine/functions.c
Examining data/vifm-0.10.1/src/engine/options.h
Examining data/vifm-0.10.1/src/engine/var.h
Examining data/vifm-0.10.1/src/engine/parsing.h
Examining data/vifm-0.10.1/src/engine/text_buffer.c
Examining data/vifm-0.10.1/src/engine/var.c
Examining data/vifm-0.10.1/src/engine/mode.c
Examining data/vifm-0.10.1/src/engine/cmds.c
Examining data/vifm-0.10.1/src/engine/autocmds.h
Examining data/vifm-0.10.1/src/engine/functions.h
Examining data/vifm-0.10.1/src/engine/variables.c
Examining data/vifm-0.10.1/src/engine/abbrevs.c
Examining data/vifm-0.10.1/src/engine/autocmds.c
Examining data/vifm-0.10.1/src/engine/cmds.h
Examining data/vifm-0.10.1/src/engine/private/options.h
Examining data/vifm-0.10.1/src/engine/parsing.c
Examining data/vifm-0.10.1/src/engine/completion.c
Examining data/vifm-0.10.1/src/engine/completion.h
Examining data/vifm-0.10.1/src/io/ioeta.c
Examining data/vifm-0.10.1/src/io/iop.c
Examining data/vifm-0.10.1/src/io/iop.h
Examining data/vifm-0.10.1/src/io/ior.c
Examining data/vifm-0.10.1/src/io/ionotif.h
Examining data/vifm-0.10.1/src/io/ior.h
Examining data/vifm-0.10.1/src/io/ioeta.h
Examining data/vifm-0.10.1/src/io/ioc.h
Examining data/vifm-0.10.1/src/io/ioe.h
Examining data/vifm-0.10.1/src/io/private/ioeta.c
Examining data/vifm-0.10.1/src/io/private/traverser.h
Examining data/vifm-0.10.1/src/io/private/ionotif.h
Examining data/vifm-0.10.1/src/io/private/ioc.c
Examining data/vifm-0.10.1/src/io/private/ioeta.h
Examining data/vifm-0.10.1/src/io/private/ioc.h
Examining data/vifm-0.10.1/src/io/private/traverser.c
Examining data/vifm-0.10.1/src/io/private/ionotif.c
Examining data/vifm-0.10.1/src/io/private/ioe.h
Examining data/vifm-0.10.1/src/io/private/ioe.c
Examining data/vifm-0.10.1/src/io/ioe.c
Examining data/vifm-0.10.1/src/status.h
Examining data/vifm-0.10.1/src/marks.c
Examining data/vifm-0.10.1/src/flist_pos.h
Examining data/vifm-0.10.1/src/bmarks.h
Examining data/vifm-0.10.1/src/version.h
Examining data/vifm-0.10.1/src/vifm.c
Examining data/vifm-0.10.1/src/version.c
Examining data/vifm-0.10.1/src/compat/mntent.c
Examining data/vifm-0.10.1/src/compat/getopt_int.h
Examining data/vifm-0.10.1/src/compat/reallocarray.c
Examining data/vifm-0.10.1/src/compat/getopt.h
Examining data/vifm-0.10.1/src/compat/pthread.c
Examining data/vifm-0.10.1/src/compat/mntent.h
Examining data/vifm-0.10.1/src/compat/getopt.c
Examining data/vifm-0.10.1/src/compat/wcwidth.h
Examining data/vifm-0.10.1/src/compat/curses.h
Examining data/vifm-0.10.1/src/compat/wcwidth.c
Examining data/vifm-0.10.1/src/compat/dtype.h
Examining data/vifm-0.10.1/src/compat/curses.c
Examining data/vifm-0.10.1/src/compat/getopt1.c
Examining data/vifm-0.10.1/src/compat/reallocarray.h
Examining data/vifm-0.10.1/src/compat/os.h
Examining data/vifm-0.10.1/src/compat/dtype.c
Examining data/vifm-0.10.1/src/compat/pthread.h
Examining data/vifm-0.10.1/src/compat/fs_limits.h
Examining data/vifm-0.10.1/src/compat/os.c
Examining data/vifm-0.10.1/src/registers.c
Examining data/vifm-0.10.1/src/filtering.c
Examining data/vifm-0.10.1/src/filetype.c
Examining data/vifm-0.10.1/src/filetype.h
Examining data/vifm-0.10.1/src/trash.c
Examining data/vifm-0.10.1/src/trash.h
FINAL RESULTS:
data/vifm-0.10.1/src/compat/os.h:40:18: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define os_chmod chmod
data/vifm-0.10.1/src/fops_put.c:841:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void)chmod(dst, st.st_mode);
data/vifm-0.10.1/src/trash.c:250:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if(chmod(trash_dir, 0700) != 0)
data/vifm-0.10.1/src/utils/fs.c:339:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(filename, buf, buf_len - 1);
data/vifm-0.10.1/src/utils/fs.c:940:1: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
readlink(const char *path, char *buf, size_t len)
data/vifm-0.10.1/src/utils/fs.h:212:5: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int readlink(const char *path, char *buf, size_t len);
data/vifm-0.10.1/src/utils/utils_nix.c:1056:2: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(path, st->st_uid, st->st_gid);
data/vifm-0.10.1/tests/fileops/chmod.c:70:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/file", 0777));
data/vifm-0.10.1/tests/fileops/chmod.c:100:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir/file", 0777));
data/vifm-0.10.1/tests/fileops/chmod.c:134:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir/file", 0676));
data/vifm-0.10.1/tests/fileops/clone_files.c:162:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("can-not-read", 0000));
data/vifm-0.10.1/tests/fileops/cpmv_files.c:319:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("can-not-read", 0000));
data/vifm-0.10.1/tests/fileops/generic.c:210:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("first/nested1", 0700));
data/vifm-0.10.1/tests/fileops/rename_files.c:214:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("script", 0777));
data/vifm-0.10.1/tests/ionotif/invoked.c:148:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/moved-read", 0700));
data/vifm-0.10.1/tests/iop/cp.c:183:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/appending", 0700));
data/vifm-0.10.1/tests/iop/cp.c:201:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/appending", 0700));
data/vifm-0.10.1/tests/iop/cp.c:226:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/two-lines", 0700));
data/vifm-0.10.1/tests/iop/cp.c:265:22: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_int_equal(0, chmod(SANDBOX_PATH "/file", 0200));
data/vifm-0.10.1/tests/iop/cp.c:270:22: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_int_equal(0, chmod(SANDBOX_PATH "/file", 0600));
data/vifm-0.10.1/tests/iop/error.c:30:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/file", 0000));
data/vifm-0.10.1/tests/iop/error.c:91:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/src", 0200));
data/vifm-0.10.1/tests/iop/error.c:130:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0500));
data/vifm-0.10.1/tests/iop/error.c:151:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0700));
data/vifm-0.10.1/tests/ior/cp.c:302:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0700));
data/vifm-0.10.1/tests/ior/cp.c:456:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0500));
data/vifm-0.10.1/tests/ior/cp.c:473:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0700));
data/vifm-0.10.1/tests/ior/cp.c:474:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir-copy", 0700));
data/vifm-0.10.1/tests/ior/error.c:22:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0500));
data/vifm-0.10.1/tests/ior/error.c:42:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0700));
data/vifm-0.10.1/tests/ior/error.c:61:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir/file", 0000));
data/vifm-0.10.1/tests/ior/mv-confirm.c:78:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/src", 0500));
data/vifm-0.10.1/tests/ior/mv-confirm.c:98:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/src", 0700));
data/vifm-0.10.1/tests/ior/mv.c:169:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/read", 0700));
data/vifm-0.10.1/tests/ior/mv.c:202:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/read", 0700));
data/vifm-0.10.1/tests/ior/mv.c:366:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/ro", 0500));
data/vifm-0.10.1/tests/misc/cmdline_scope.c:78:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("script", 0777));
data/vifm-0.10.1/tests/misc/compare.c:338:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/utf8-bom", 0000));
data/vifm-0.10.1/tests/misc/diff.c:202:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH, 0000));
data/vifm-0.10.1/tests/misc/diff.c:204:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH, 0777));
data/vifm-0.10.1/tests/misc/flist_misc.c:435:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0666));
data/vifm-0.10.1/tests/misc/flist_misc.c:442:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/dir", 0777));
data/vifm-0.10.1/tests/misc/integration.c:224:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("script", 0777));
data/vifm-0.10.1/tests/misc/normal_cmd_cp.c:43:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod(SANDBOX_PATH "/empty", 0000));
data/vifm-0.10.1/tests/misc/rename.c:163:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
assert_success(chmod("script", 0777));
data/vifm-0.10.1/tests/misc/utils.c:219:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(path, 0755);
data/vifm-0.10.1/src/args.c:310:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, path);
data/vifm-0.10.1/src/background.c:643:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(sh, make_execv_array(sh, sh_flag, cmd));
data/vifm-0.10.1/src/bracket_notation.c:562:4: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(p, pair->key);
data/vifm-0.10.1/src/bracket_notation.c:581:2: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(str_lowered, str);
data/vifm-0.10.1/src/cfg/config.c:497:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(vifmrc, sizeof(vifmrc), "%s/" VIFMRC, exe_dir);
data/vifm-0.10.1/src/cfg/config.c:518:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(vifmrc, sizeof(vifmrc), "%s/" VIFMRC, vifm);
data/vifm-0.10.1/src/cfg/config.c:550:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cfg.trash_dir, sizeof(cfg.trash_dir), trash_dir_fmt, trash_base);
data/vifm-0.10.1/src/cfg/config.c:551:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cfg.log_file, sizeof(cfg.log_file), "%s/" LOG, base);
data/vifm-0.10.1/src/cfg/config.c:587:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rc_file, sizeof(rc_file), "%s/" VIFMRC, cfg.config_dir);
data/vifm-0.10.1/src/cfg/config.c:609:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(src, sizeof(src), "%s/" VIFM_HELP, get_installed_data_dir());
data/vifm-0.10.1/src/cfg/config.c:610:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dst, sizeof(dst), "%s/" VIFM_HELP, cfg.config_dir);
data/vifm-0.10.1/src/cfg/config.c:625:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(scripts, sizeof(scripts), "%s/" SCRIPTS_DIR, cfg.config_dir);
data/vifm-0.10.1/src/cfg/config.c:662:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(src, sizeof(src), "%s/" SAMPLE_VIFMRC, get_installed_data_dir());
data/vifm-0.10.1/src/cfg/config.c:663:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dst, sizeof(dst), "%s/" VIFMRC, cfg.config_dir);
data/vifm-0.10.1/src/cfg/config.c:865:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(with_forward_slashes, new_value);
data/vifm-0.10.1/src/cmd_completion.c:950:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, ++temp);
data/vifm-0.10.1/src/cmd_completion.c:1000:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, dirname);
data/vifm-0.10.1/src/cmd_core.c:798:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdline_copy, cmdline);
data/vifm-0.10.1/src/cmd_handlers.c:3348:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf(lines + len, "%s%s", (len == 0) ? "": "\n", msg);
data/vifm-0.10.1/src/cmd_handlers.c:4320:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, cmd_info->argv[1]);
data/vifm-0.10.1/src/compat/os.c:268:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resolved_path, t + offset);
data/vifm-0.10.1/src/compat/os.h:38:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define os_access access
data/vifm-0.10.1/src/compat/os.h:50:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define os_system system
data/vifm-0.10.1/src/engine/cmds.c:845:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, cmds[i].name);
data/vifm-0.10.1/src/engine/cmds.c:1449:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
content_len += sprintf(content + content_len, "\n%-*s %s", 10, cur->name,
data/vifm-0.10.1/src/engine/keys.c:793:3: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(buf, rhs);
data/vifm-0.10.1/src/engine/keys.c:794:3: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(buf, left_keys);
data/vifm-0.10.1/src/engine/keys.c:1334:2: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(item, prefix);
data/vifm-0.10.1/src/engine/keys.c:1363:2: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(item, prefix);
data/vifm-0.10.1/src/engine/options.c:1064:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, value_str);
data/vifm-0.10.1/src/engine/options.c:1182:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new, value);
data/vifm-0.10.1/src/engine/text_buffer.c:120:33: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
needed_size = (tb->len != 0) + vsnprintf(tb->data, 0, format, ap);
data/vifm-0.10.1/src/engine/text_buffer.c:129:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
tb->len += vsnprintf(tb->data + tb->len, tb->capacity - tb->len, format, aq);
data/vifm-0.10.1/src/engine/variables.c:493:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(record->val, val);
data/vifm-0.10.1/src/filelist.c:3018:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), "/%s", arg + 1);
data/vifm-0.10.1/src/fops_common.c:661:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s %d/%d", text, ready + 1, total);
data/vifm-0.10.1/src/fops_rename.c:567:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(result + (b - fname), sizeof(result) - (b - fname), format, i + k,
data/vifm-0.10.1/src/int/file_magic.c:185:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((pipe = popen(command, "r")) == NULL)
data/vifm-0.10.1/src/int/fuse.c:112:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mount_point, runner->mount_point);
data/vifm-0.10.1/src/int/fuse.c:236:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, errors_file);
data/vifm-0.10.1/src/int/fuse.c:676:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(no_slash, mount_point);
data/vifm-0.10.1/src/int/path_env.c:90:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(scripts_dir, sizeof(scripts_dir), "%s/" SCRIPTS_DIR, cfg.config_dir);
data/vifm-0.10.1/src/int/path_env.c:145:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_path, "%s:%s", path, old_path);
data/vifm-0.10.1/src/int/path_env.c:147:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_path, "%s;%s", path, old_path);
data/vifm-0.10.1/src/int/vim.c:386:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buf_size, "%s/" LIST_FILE, cfg.config_dir);
data/vifm-0.10.1/src/macros.c:608:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t + len, str);
data/vifm-0.10.1/src/menus/filetypes_menu.c:140:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(descr, sizeof(descr), format, prog.description);
data/vifm-0.10.1/src/menus/jobs_menu.c:73:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(info_buf, sizeof(info_buf), "%" PRINTF_ULL,
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:273:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, pa);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:464:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, pa);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:710:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, linebuf);
data/vifm-0.10.1/src/modes/file_info.c:285:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((pipe = popen(command, "r")) == NULL)
data/vifm-0.10.1/src/modes/menu.c:837:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
vim_stdin = popen(cmd, "w");
data/vifm-0.10.1/src/opt_handlers.c:1627:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valid_val, (cfg.case_ignore & CO_PATH_COMPL) ? "p" : "P");
data/vifm-0.10.1/src/opt_handlers.c:1631:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(valid_val, (cfg.case_ignore & CO_GOTO_FILE) ? "g" : "G");
data/vifm-0.10.1/src/opt_handlers.c:1746:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name_dec->prefix, token);
data/vifm-0.10.1/src/opt_handlers.c:1747:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name_dec->suffix, suffix);
data/vifm-0.10.1/src/opt_handlers.c:1761:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type_decs[type][DECORATION_PREFIX], token);
data/vifm-0.10.1/src/opt_handlers.c:1762:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(type_decs[type][DECORATION_SUFFIX], suffix);
data/vifm-0.10.1/src/running.c:633:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spec, prog_spec);
data/vifm-0.10.1/src/running.c:1288:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len += sprintf(lines + len, "%s%s", (len == 0) ? "": "\n", buf);
data/vifm-0.10.1/src/ui/column_view.c:287:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_column, col_buffer);
data/vifm-0.10.1/src/ui/column_view.c:317:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prev_col_buf, col_buffer);
data/vifm-0.10.1/src/ui/escape.c:264:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(next, line +
data/vifm-0.10.1/src/ui/escape.c:606:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name);
data/vifm-0.10.1/src/ui/fileview.c:1145:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(print_buf, buf);
data/vifm-0.10.1/src/ui/fileview.c:1177:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(num_str, sizeof(num_str), format, cdt->number_width - 1, num);
data/vifm-0.10.1/src/ui/statusbar.c:153:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, ap);
data/vifm-0.10.1/src/ui/statusbar.c:288:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer + left, curr_stats.ellipsis);
data/vifm-0.10.1/src/ui/statusbar.c:289:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer + left, msg + right);
data/vifm-0.10.1/src/ui/tabs.c:213:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->curr_dir, path == NULL ? flist_get_dir(src) : path);
data/vifm-0.10.1/src/utils/env.c:188:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=%s", name, value);
data/vifm-0.10.1/src/utils/file_streams.c:55:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + len, part_buf);
data/vifm-0.10.1/src/utils/fs.c:101:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path_to_selfref, path);
data/vifm-0.10.1/src/utils/globs.c:52:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
final_regex_len += sprintf(final_regex + final_regex_len, "%s(%s)",
data/vifm-0.10.1/src/utils/log.c:149:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(log, msg, ap);
data/vifm-0.10.1/src/utils/macros.h:44:51: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _gnuc_printf(m, n) __attribute__ ((format(printf, (m), (n))));
data/vifm-0.10.1/src/utils/path.c:618:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, env_get("SYSTEMDRIVE"));
data/vifm-0.10.1/src/utils/str.c:452:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return strcat(str, buf);
data/vifm-0.10.1/src/utils/str.c:497:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new + *len, suffix);
data/vifm-0.10.1/src/utils/str.c:634:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, break_point + separator_len);
data/vifm-0.10.1/src/utils/str.c:649:11: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
result = vswprintf(str, format, ap);
data/vifm-0.10.1/src/utils/str.c:651:11: [4] (format) vswprintf:
Potential format string problem (CWE-134). Make format string constant.
result = vswprintf(str, len, format, ap);
data/vifm-0.10.1/src/utils/str.c:747:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(NULL, 0, format, ap);
data/vifm-0.10.1/src/utils/str.c:752:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)vsprintf(result_buf, format, aq);
data/vifm-0.10.1/src/utils/str.c:1102:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(haystack_us, haystack);
data/vifm-0.10.1/src/utils/str.c:1103:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(needle_us, needle);
data/vifm-0.10.1/src/utils/utils.c:92:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("cls");
data/vifm-0.10.1/src/utils/utils.c:666:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, path_buf);
data/vifm-0.10.1/src/utils/utils.c:685:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path_buf, spec);
data/vifm-0.10.1/src/utils/utils_nix.c:289:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(get_execv_path(cfg.shell), make_execv_array(cfg.shell, sh_flag, cmd));
data/vifm-0.10.1/src/utils/utils_nix.c:796:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cmd, cmd_size, "%s %s/" VIFM_HELP, cfg_get_vicmd(&bg), escaped);
data/vifm-0.10.1/src/utils/utils_win.c:206:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), fmt, cfg.shell, sh_flag, cmd);
data/vifm-0.10.1/src/utils/utils_win.c:556:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("cls");
data/vifm-0.10.1/src/utils/utils_win.c:559:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("pause");
data/vifm-0.10.1/tests/fileops/chmod.c:78:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/fileops/chmod.c:110:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/fileops/chmod.c:144:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/fileops/chown.c:55:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/fileops/cpmv_files.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, saved_cwd);
data/vifm-0.10.1/tests/fileops/generic.c:264:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(file, F_OK) == 0;
data/vifm-0.10.1/tests/fileops/restore_files.c:62:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, trash_dir);
data/vifm-0.10.1/tests/fileops/size.c:32:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH);
data/vifm-0.10.1/tests/fileops/size.c:42:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/various-sizes");
data/vifm-0.10.1/tests/fileops/utils.c:47:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(path, F_OK));
data/vifm-0.10.1/tests/fileops/utils.c:77:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, SANDBOX_PATH);
data/vifm-0.10.1/tests/iop/ln.c:25:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(ORIG_FILE_PATH, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:27:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(ORIG_FILE_PATH, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:32:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:45:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:62:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:84:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:90:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:104:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:106:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:118:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:123:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:133:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(LINK_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:136:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(NEW_ORIG_FILE_NAME, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:142:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(path, F_OK));
data/vifm-0.10.1/tests/iop/ln.c:155:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(path, F_OK));
data/vifm-0.10.1/tests/iop/mkdir.c:47:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(path, F_OK));
data/vifm-0.10.1/tests/iop/mkdir.c:61:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(path, F_OK));
data/vifm-0.10.1/tests/iop/mkdir.c:77:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(NESTED_DIR_NAME, F_OK));
data/vifm-0.10.1/tests/iop/mkdir.c:92:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(NESTED_DIR_NAME, F_OK));
data/vifm-0.10.1/tests/iop/mkfile.c:12:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(FILE_NAME, F_OK));
data/vifm-0.10.1/tests/iop/mkfile.c:24:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(FILE_NAME, F_OK));
data/vifm-0.10.1/tests/iop/mkfile.c:39:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(FILE_NAME, F_OK));
data/vifm-0.10.1/tests/iop/mkfile.c:51:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(FILE_NAME, F_OK));
data/vifm-0.10.1/tests/iop/rmdir.c:30:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(DIRECTORY_NAME, F_OK));
data/vifm-0.10.1/tests/iop/rmdir.c:63:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(DIRECTORY_NAME, F_OK));
data/vifm-0.10.1/tests/iop/rmfile.c:28:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(FILE_NAME, F_OK));
data/vifm-0.10.1/tests/iop/rmfile.c:69:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access("link", F_OK));
data/vifm-0.10.1/tests/iop/rmfile.c:81:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access("link", F_OK));
data/vifm-0.10.1/tests/iop/rmfile.c:93:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(FILE_NAME, F_OK));
data/vifm-0.10.1/tests/ior/cp.c:89:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(SANDBOX_PATH "/non-empty-dir-copy/a-file", F_OK));
data/vifm-0.10.1/tests/ior/cp.c:127:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(SANDBOX_PATH "/non-empty-dir-copy/empty-nested-dir",
data/vifm-0.10.1/tests/ior/cp.c:167:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(SANDBOX_PATH "/non-empty-dir-copy/nested-dir/a-file",
data/vifm-0.10.1/tests/ior/cp.c:335:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(SANDBOX_PATH "/second/second-file", F_OK));
data/vifm-0.10.1/tests/ior/cp.c:336:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(SANDBOX_PATH "/second/first-file", F_OK));
data/vifm-0.10.1/tests/ior/rm.c:28:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(SANDBOX_PATH "/" FILE_NAME, F_OK));
data/vifm-0.10.1/tests/ior/rm.c:34:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(DIRECTORY_NAME, F_OK));
data/vifm-0.10.1/tests/ior/rm.c:46:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(DIRECTORY_NAME, F_OK));
data/vifm-0.10.1/tests/ior/rm.c:52:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(DIRECTORY_NAME, F_OK));
data/vifm-0.10.1/tests/ior/rm.c:65:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access(DIRECTORY_NAME, F_OK));
data/vifm-0.10.1/tests/ior/utils.c:68:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(file, F_OK));
data/vifm-0.10.1/tests/ior/utils.c:111:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(file, F_OK) == 0;
data/vifm-0.10.1/tests/keys/builtin_keys.c:15:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(...) do {} while(0)
data/vifm-0.10.1/tests/misc/builtin_functions.c:229:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/rename");
data/vifm-0.10.1/tests/misc/change_window.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, expected_cwd);
data/vifm-0.10.1/tests/misc/chase_links.c:142:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curr_view->curr_dir, pwd);
data/vifm-0.10.1/tests/misc/cmdline_completion.c:205:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access("\\ spaces\\ everywhere\\ ", F_OK) == 0)
data/vifm-0.10.1/tests/misc/cmdline_completion.c:211:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access("\\ spaces\\ everywhere", F_OK) == 0)
data/vifm-0.10.1/tests/misc/cmdline_completion.c:224:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access("ends-with-space\\ ", F_OK) == 0)
data/vifm-0.10.1/tests/misc/cmdline_completion.c:230:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access("ends-with-space", F_OK) == 0)
data/vifm-0.10.1/tests/misc/commands.c:218:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_failure(access("out", F_OK));
data/vifm-0.10.1/tests/misc/commands.c:220:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access("out", F_OK));
data/vifm-0.10.1/tests/misc/commands.c:228:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/commands_cs.c:106:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, saved_cwd);
data/vifm-0.10.1/tests/misc/commands_misc.c:101:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/commands_misc.c:114:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/commands_misc.c:130:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_misc.c:146:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, dst);
data/vifm-0.10.1/tests/misc/commands_misc.c:158:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_misc.c:172:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_misc.c:186:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/commands_misc.c:187:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/commands_misc.c:203:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_misc.c:204:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/commands_misc.c:239:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/commands_misc.c:664:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/commands_misc.c:688:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/commands_sibl.c:124:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_sibl.c:141:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_sibl.c:176:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_sibl.c:180:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_sibl.c:203:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_sibl.c:207:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, path);
data/vifm-0.10.1/tests/misc/commands_tabs.c:94:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/commands_tabs.c:128:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/commands_tabs.c:129:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/commands_tabs.c:389:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, cs);
data/vifm-0.10.1/tests/misc/commands_tabs.c:391:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, cs);
data/vifm-0.10.1/tests/misc/compare.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:72:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:84:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:97:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:98:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:147:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:148:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:170:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:171:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:190:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:191:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:208:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:228:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare");
data/vifm-0.10.1/tests/misc/compare.c:248:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:262:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:273:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH "/a");
data/vifm-0.10.1/tests/misc/compare.c:274:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, SANDBOX_PATH "/b");
data/vifm-0.10.1/tests/misc/compare.c:288:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH "/a");
data/vifm-0.10.1/tests/misc/compare.c:289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, SANDBOX_PATH "/b");
data/vifm-0.10.1/tests/misc/compare.c:307:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH "/does-not-exist");
data/vifm-0.10.1/tests/misc/compare.c:315:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/tree");
data/vifm-0.10.1/tests/misc/compare.c:328:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:340:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:357:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/read");
data/vifm-0.10.1/tests/misc/compare.c:396:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:397:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:419:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:420:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:464:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:465:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:486:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:487:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:515:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH "/a");
data/vifm-0.10.1/tests/misc/compare.c:516:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, SANDBOX_PATH "/b");
data/vifm-0.10.1/tests/misc/compare.c:539:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:553:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:554:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:571:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:572:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:590:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:591:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:606:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:607:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:627:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:628:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:670:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:671:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/read");
data/vifm-0.10.1/tests/misc/compare.c:689:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:690:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/read");
data/vifm-0.10.1/tests/misc/compare.c:714:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/tree");
data/vifm-0.10.1/tests/misc/compare.c:715:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/tree/dir5");
data/vifm-0.10.1/tests/misc/compare.c:723:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/compare.c:724:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:746:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/compare.c:775:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/compare.c:787:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare");
data/vifm-0.10.1/tests/misc/compare.c:788:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare");
data/vifm-0.10.1/tests/misc/diff.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/diff.c:61:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/diff.c:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/diff.c:74:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/diff.c:157:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/diff.c:158:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/expand_status_line_macros.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/flist_custom.c:750:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_path, flist_get_dir(&lwin));
data/vifm-0.10.1/tests/misc/flist_misc.c:190:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH "/compare/a");
data/vifm-0.10.1/tests/misc/flist_misc.c:191:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, TEST_DATA_PATH "/compare/b");
data/vifm-0.10.1/tests/misc/fuse.c:40:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, lwin.curr_dir);
data/vifm-0.10.1/tests/misc/menus_dirhistory.c:102:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/menus_find.c:67:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/menus_find.c:88:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/menus_find.c:98:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/menus_find.c:116:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/menus_media.c:174:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, SHEBANG_ECHO "\n\
data/vifm-0.10.1/tests/misc/menus_media.c:190:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, SHEBANG_ECHO "\n\
data/vifm-0.10.1/tests/misc/menus_media.c:256:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, SHEBANG_ECHO "\n\
data/vifm-0.10.1/tests/misc/menus_media.c:271:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, SHEBANG_ECHO "\n\
data/vifm-0.10.1/tests/misc/menus_media.c:418:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/menus_media.c:446:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, SHEBANG_ECHO "\n\
data/vifm-0.10.1/tests/misc/menus_media.c:453:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/menus_media.c:477:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/normal_cmd_cp.c:45:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, pre);
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:358:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp("/bin/sh", make_execv_array("/bin/sh", "-c", (char *)cmd));
data/vifm-0.10.1/tests/misc/search.c:180:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwin.curr_dir, lwin.curr_dir);
data/vifm-0.10.1/tests/misc/sort.c:80:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, SANDBOX_PATH);
data/vifm-0.10.1/tests/misc/sort.c:322:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH);
data/vifm-0.10.1/tests/misc/sort.c:358:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH);
data/vifm-0.10.1/tests/misc/sort.c:387:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH);
data/vifm-0.10.1/tests/misc/sort.c:442:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, TEST_DATA_PATH);
data/vifm-0.10.1/tests/misc/tabs.c:251:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, test_data);
data/vifm-0.10.1/tests/misc/tabs.c:295:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/tabs.c:321:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lwin.curr_dir, sandbox);
data/vifm-0.10.1/tests/misc/utils.c:218:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(path, F_OK));
data/vifm-0.10.1/tests/misc/utils.c:220:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
assert_success(access(path, X_OK));
data/vifm-0.10.1/tests/options/suite.c:108:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpoptions, val.str_val);
data/vifm-0.10.1/tests/stic/stic.c:143:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, format, ap);
data/vifm-0.10.1/tests/stic/stic.c:340:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected <NULL> but was \"%s\"", actual);
data/vifm-0.10.1/tests/stic/stic.c:345:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected \"%s\" but was <NULL>", expected);
data/vifm-0.10.1/tests/stic/stic.c:351:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected \"%s\" but was \"%s\"", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:401:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected \"%s\" to end with \"%s\"", actual, expected);
data/vifm-0.10.1/tests/stic/stic.c:408:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected \"%s\" to start with \"%s\"", actual, expected);
data/vifm-0.10.1/tests/stic/stic.c:415:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected \"%s\" to be in \"%s\"", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:422:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Expected \"%s\" not to have \"%s\" in it", actual, expected);
data/vifm-0.10.1/tests/stic/stic.c:495:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stic_magic_marker, marker);
data/vifm-0.10.1/tests/stic/stic.c:569:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%d check%s :: %d run test%s :: %d skipped test%s :: %s",
data/vifm-0.10.1/src/args.c:88:10: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
switch(getopt_long(argc, argv, "-c:fhv", long_opts, NULL))
data/vifm-0.10.1/src/compat/getopt.c:153:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#ifndef getenv
data/vifm-0.10.1/src/compat/getopt.c:154:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv ();
data/vifm-0.10.1/src/compat/getopt.c:291:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
d->__posixly_correct = posixly_correct | !!getenv ("POSIXLY_CORRECT");
data/vifm-0.10.1/src/compat/getopt.c:1196:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (int argc, char *const *argv, const char *optstring)
data/vifm-0.10.1/src/compat/getopt.c:1232:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "abc:d:0123456789");
data/vifm-0.10.1/src/compat/getopt.h:150:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt (int ___argc, char *const *___argv, const char *__shortopts)
data/vifm-0.10.1/src/compat/getopt.h:159:30: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int __REDIRECT_NTH (getopt, (int ___argc, char *const *___argv,
data/vifm-0.10.1/src/compat/getopt.h:165:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
# define getopt __posix_getopt
data/vifm-0.10.1/src/compat/getopt.h:169:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/vifm-0.10.1/src/compat/getopt.h:173:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int ___argc, char *const *___argv,
data/vifm-0.10.1/src/compat/getopt1.c:62:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long (int argc, char *const *argv, const char *options,
data/vifm-0.10.1/src/compat/getopt1.c:125:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "abc:d:0123456789",
data/vifm-0.10.1/src/compat/os.h:47:21: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
#define os_realpath realpath
data/vifm-0.10.1/src/utils/env.c:98:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv(name);
data/vifm-0.10.1/src/vifm.c:186:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:84:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const int debug = (getenv("DEBUG") != NULL);
data/vifm-0.10.1/tests/variables/clear.c:18:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) == NULL);
data/vifm-0.10.1/tests/variables/clear.c:20:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) != NULL);
data/vifm-0.10.1/tests/variables/clear.c:24:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) == NULL);
data/vifm-0.10.1/tests/variables/clear.c:29:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_A") != NULL);
data/vifm-0.10.1/tests/variables/clear.c:30:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("VAR_A") != NULL)
data/vifm-0.10.1/tests/variables/clear.c:32:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL_A", getenv("VAR_A"));
data/vifm-0.10.1/tests/variables/clear.c:36:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_A") != NULL);
data/vifm-0.10.1/tests/variables/clear.c:37:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("VAR_A") != NULL)
data/vifm-0.10.1/tests/variables/clear.c:39:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL_2", getenv("VAR_A"));
data/vifm-0.10.1/tests/variables/clear.c:44:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_A") != NULL);
data/vifm-0.10.1/tests/variables/clear.c:45:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("VAR_A") != NULL)
data/vifm-0.10.1/tests/variables/clear.c:47:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL_A", getenv("VAR_A"));
data/vifm-0.10.1/tests/variables/envvars.c:33:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:35:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:36:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(VAR_NAME) != NULL)
data/vifm-0.10.1/tests/variables/envvars.c:38:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL", getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:44:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:46:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:47:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(VAR_NAME) != NULL)
data/vifm-0.10.1/tests/variables/envvars.c:49:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL", getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:53:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:54:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(VAR_NAME) != NULL)
data/vifm-0.10.1/tests/variables/envvars.c:56:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL2", getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:62:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:64:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:65:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(VAR_NAME) != NULL)
data/vifm-0.10.1/tests/variables/envvars.c:67:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL2", getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:73:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:75:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv(VAR_NAME) != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:76:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(VAR_NAME) != NULL)
data/vifm-0.10.1/tests/variables/envvars.c:78:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL2", getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:82:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(VAR_NAME) != NULL)
data/vifm-0.10.1/tests/variables/envvars.c:84:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_string_equal("VAL2VAL2", getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:90:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_B") != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:92:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_B") == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:97:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_B") != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:98:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_C") != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:100:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_B") == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:101:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_C") == NULL);
data/vifm-0.10.1/tests/variables/envvars.c:106:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_B") != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:108:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR_B") != NULL);
data/vifm-0.10.1/tests/variables/envvars.c:118:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_null(getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/envvars.c:120:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_null(getenv(VAR_NAME));
data/vifm-0.10.1/tests/variables/format.c:110:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
assert_true(getenv("VAR") == NULL);
data/vifm-0.10.1/src/args.c:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_path[PATH_MAX + 1];
data/vifm-0.10.1/src/args.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chosen_files_out[PATH_MAX + 1]; /* Output for file picking. */
data/vifm-0.10.1/src/args.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chosen_dir_out[PATH_MAX + 1]; /* Output for directory picking. */
data/vifm-0.10.1/src/args.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lwin_path[PATH_MAX + 1]; /* Chosen path of the left pane. */
data/vifm-0.10.1/src/args.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rwin_path[PATH_MAX + 1]; /* Chosen path of the right pane. */
data/vifm-0.10.1/src/background.c:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80*10];
data/vifm-0.10.1/src/background.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[80];
data/vifm-0.10.1/src/background.c:409:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
while(select(max_fd + 1, memcpy(&ready, &active, sizeof(active)), NULL,
data/vifm-0.10.1/src/background.c:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[ERR_MSG_LEN];
data/vifm-0.10.1/src/background.c:661:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const wchar_t *args[4];
data/vifm-0.10.1/src/background.c:819:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nullfd = open("/dev/null", O_RDWR);
data/vifm-0.10.1/src/bmarks.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[strlen(path) + 16U];
data/vifm-0.10.1/src/bmarks.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[strlen(path) + 16U];
data/vifm-0.10.1/src/bmarks.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[strlen(path) + 16U];
data/vifm-0.10.1/src/bmarks.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_src[strlen(src) + 16U], canonic_dst[strlen(dst) + 16U];
data/vifm-0.10.1/src/bracket_notation.c:43:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const wchar_t key[8]; /* The replacement for the notation. */
data/vifm-0.10.1/src/bracket_notation.c:578:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t str_lowered[wcslen(str) + 1];
data/vifm-0.10.1/src/bracket_notation.c:638:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/vifm-0.10.1/src/bracket_notation.c:643:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case L' ': strcpy(buf, "<space>"); break;
data/vifm-0.10.1/src/bracket_notation.c:644:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case L'\r': strcpy(buf, "<cr>"); break;
data/vifm-0.10.1/src/bracket_notation.c:645:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case L'\n': strcpy(buf, "<c-j>"); break;
data/vifm-0.10.1/src/bracket_notation.c:646:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case L'\177': strcpy(buf, "<del>"); break;
data/vifm-0.10.1/src/bracket_notation.c:647:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_HOME): strcpy(buf, "<home>"); break;
data/vifm-0.10.1/src/bracket_notation.c:648:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_END): strcpy(buf, "<end>"); break;
data/vifm-0.10.1/src/bracket_notation.c:649:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_UP): strcpy(buf, "<up>"); break;
data/vifm-0.10.1/src/bracket_notation.c:650:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_DOWN): strcpy(buf, "<down>"); break;
data/vifm-0.10.1/src/bracket_notation.c:651:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_LEFT): strcpy(buf, "<left>"); break;
data/vifm-0.10.1/src/bracket_notation.c:652:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_RIGHT): strcpy(buf, "<right>"); break;
data/vifm-0.10.1/src/bracket_notation.c:653:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_DC): strcpy(buf, "<delete>"); break;
data/vifm-0.10.1/src/bracket_notation.c:654:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_BTAB): strcpy(buf, "<s-tab>"); break;
data/vifm-0.10.1/src/bracket_notation.c:655:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_PPAGE): strcpy(buf, "<pageup>"); break;
data/vifm-0.10.1/src/bracket_notation.c:656:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case K(KEY_NPAGE): strcpy(buf, "<pagedown>"); break;
data/vifm-0.10.1/src/bracket_notation.c:657:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case WC_C_SPACE: strcpy(buf, "<c-@>"); break;
data/vifm-0.10.1/src/bracket_notation.c:666:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<bs>");
data/vifm-0.10.1/src/bracket_notation.c:672:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<s-tab>");
data/vifm-0.10.1/src/bracket_notation.c:678:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<m-a>");
data/vifm-0.10.1/src/bracket_notation.c:683:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<esc>");
data/vifm-0.10.1/src/bracket_notation.c:695:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<f0>");
data/vifm-0.10.1/src/bracket_notation.c:700:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<s-f1>");
data/vifm-0.10.1/src/bracket_notation.c:705:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<s-f10>");
data/vifm-0.10.1/src/bracket_notation.c:710:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<c-f1>");
data/vifm-0.10.1/src/bracket_notation.c:715:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<c-f10>");
data/vifm-0.10.1/src/bracket_notation.c:720:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<a-f1>");
data/vifm-0.10.1/src/bracket_notation.c:725:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<a-f10>");
data/vifm-0.10.1/src/bracket_notation.c:730:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<f00>");
data/vifm-0.10.1/src/bracket_notation.c:736:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<c-A>");
data/vifm-0.10.1/src/builtin_functions.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic[PATH_MAX + 1];
data/vifm-0.10.1/src/builtin_functions.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char home[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char home[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exe_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vifm[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vifm[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:457:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cfg.data_dir, "vifm");
data/vifm-0.10.1/src/cfg/config.c:489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exe_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vifmrc[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vifmrc[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:565:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_file[PATH_MAX + 8];
data/vifm-0.10.1/src/cfg/config.c:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/config.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/config.c:621:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scripts[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/config.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readme[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.c:654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/config.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/config.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_VIFMRC_LINE_LEN + 1];
data/vifm-0.10.1/src/cfg/config.c:864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char with_forward_slashes[strlen(new_value) + 1];
data/vifm-0.10.1/src/cfg/config.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonicalized[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[9]; /* File name prefix. */
data/vifm-0.10.1/src/cfg/config.h:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[9]; /* File name suffix. */
data/vifm-0.10.1/src/cfg/config.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char home_dir[PATH_MAX + 1]; /* Ends with a slash. */
data/vifm-0.10.1/src/cfg/config.h:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_dir[PATH_MAX + 1]; /* Where local configuration files are
data/vifm-0.10.1/src/cfg/config.h:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colors_dir[PATH_MAX + 8]; /* Where local color files are stored. */
data/vifm-0.10.1/src/cfg/config.h:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_dir[PATH_MAX + 1]; /* Where to store data files. */
data/vifm-0.10.1/src/cfg/config.h:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trash_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.h:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[PATH_MAX + 1];
data/vifm-0.10.1/src/cfg/config.h:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_decs[FT_COUNT][2][9];
data/vifm-0.10.1/src/cfg/config.h:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_chars[256]; /* Whether corresponding character is a word char. */
data/vifm-0.10.1/src/cfg/info.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_file[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/info.c:242:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int i = atoi(line_val);
data/vifm-0.10.1/src/cfg/info.c:249:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int i = atoi(line_val);
data/vifm-0.10.1/src/cfg/info.c:338:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int i = atoi(line_val);
data/vifm-0.10.1/src/cfg/info.c:343:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int i = atoi(line_val);
data/vifm-0.10.1/src/cfg/info.c:348:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int i = atoi(line_val);
data/vifm-0.10.1/src/cfg/info.c:401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sort, view->sort_g, sizeof(view->sort));
data/vifm-0.10.1/src/cfg/info.c:480:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dot_filter_set(view, !atoi(value));
data/vifm-0.10.1/src/cfg/info.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_file[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/info.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_file[PATH_MAX + 16];
data/vifm-0.10.1/src/cfg/info.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4*1024];
data/vifm-0.10.1/src/cfg/info.c:1411:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096];
data/vifm-0.10.1/src/cmd_completion.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *exec_argv[exec_info.argc];
data/vifm-0.10.1/src/cmd_completion.c:617:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[NAME_MAX + 1];
data/vifm-0.10.1/src/cmd_completion.c:821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/src/cmd_completion.c:897:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_completion.c:962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_completion.c:978:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_completion.c:993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_completion.c:1165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/vifm-0.10.1/src/cmd_completion.c:1206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_core.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_file[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_core.c:484:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/cmd_core.c:787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline_copy[strlen(cmdline) + 1];
data/vifm-0.10.1/src/cmd_handlers.c:944:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/cmd_handlers.c:1391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:1411:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:1639:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:2060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_to_view[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:2462:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_path[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:2518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:2629:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[strlen(cmd_info->args) + 1];
data/vifm-0.10.1/src/cmd_handlers.c:2740:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[256*MAXNUM_COLOR];
data/vifm-0.10.1/src/cmd_handlers.c:2796:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/vifm-0.10.1/src/cmd_handlers.c:2798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fg_buf[16], bg_buf[16];
data/vifm-0.10.1/src/cmd_handlers.c:2820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg_name[16];
data/vifm-0.10.1/src/cmd_handlers.c:2940:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col_num = isdigit(*str) ? atoi(str) : -1;
data/vifm-0.10.1/src/cmd_handlers.c:2964:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/vifm-0.10.1/src/cmd_handlers.c:3289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/src/cmd_handlers.c:3618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_names[256];
data/vifm-0.10.1/src/cmd_handlers.c:3963:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:4123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_file_path[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:4215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:4219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/src/cmd_handlers.c:4309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[strlen(cmd_info->argv[0]) + 1];
data/vifm-0.10.1/src/cmd_handlers.c:4834:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(cmd_info->argv[1]);
data/vifm-0.10.1/src/cmd_handlers.c:4846:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(cmd_info->argv[0]);
data/vifm-0.10.1/src/compare.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char (*p)[other.nentries + 1] =
data/vifm-0.10.1/src/compare.c:564:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progress_msg[128];
data/vifm-0.10.1/src/compare.c:590:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/compare.c:613:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/compare.c:685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/compare.c:718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[BLOCK_SIZE];
data/vifm-0.10.1/src/compare.c:793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a_block[BLOCK_SIZE], b_block[BLOCK_SIZE];
data/vifm-0.10.1/src/compare.c:794:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const a_file = fopen(a, "rb");
data/vifm-0.10.1/src/compare.c:795:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const b_file = fopen(b, "rb");
data/vifm-0.10.1/src/compare.c:875:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from_path[PATH_MAX + 1], to_path[PATH_MAX + 1];
data/vifm-0.10.1/src/compare.c:911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to_path[PATH_MAX + 1];
data/vifm-0.10.1/src/compare.c:912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonical[PATH_MAX + 1];
data/vifm-0.10.1/src/compat/mntent.c:107:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char opts_buf[40], *tmp;
data/vifm-0.10.1/src/compat/os.c:180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/src/compat/os.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_path[PATH_MAX + 1];
data/vifm-0.10.1/src/compat/os.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb[2048];
data/vifm-0.10.1/src/compat/os.c:331:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[size];
data/vifm-0.10.1/src/compat/os.h:42:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define os_fopen fopen
data/vifm-0.10.1/src/compat/os.h:51:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
#define os_tmpfile tmpfile
data/vifm-0.10.1/src/engine/autocmds.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/engine/autocmds.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/engine/autocmds.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[1U + strlen(autocmds[i].pattern) + 1U];
data/vifm-0.10.1/src/engine/autocmds.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[1U + strlen(autocmds[i].pattern) + 1U];
data/vifm-0.10.1/src/engine/autocmds.c:280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/engine/cmds.c:79:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TSTATIC char ** dispatch_line(const char args[], int *count, char sep,
data/vifm-0.10.1/src/engine/cmds.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[MAX_CMD_NAME_LEN];
data/vifm-0.10.1/src/engine/cmds.c:446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[MAX_CMD_NAME_LEN + 1];
data/vifm-0.10.1/src/engine/cmds.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[MAX_CMD_NAME_LEN];
data/vifm-0.10.1/src/engine/cmds.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[MAX_CMD_NAME_LEN];
data/vifm-0.10.1/src/engine/cmds.c:842:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[strlen(cmds[i].name) + 1];
data/vifm-0.10.1/src/engine/cmds.c:961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[MAX_CMD_NAME_LEN];
data/vifm-0.10.1/src/engine/cmds.c:1094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[MAX_CMD_NAME_LEN + 1];
data/vifm-0.10.1/src/engine/cmds.c:1192:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dispatch_line(const char args[], int *count, char sep, int regexp, int quotes,
data/vifm-0.10.1/src/engine/cmds.h:285:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ** dispatch_line(const char args[], int *count, char sep, int regexp,
data/vifm-0.10.1/src/engine/keys.c:781:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[16 + wcslen(rhs) + 1 + wcslen(left_keys) + 1];
data/vifm-0.10.1/src/engine/keys.c:1333:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t item[prefix_len + 1U + 1U];
data/vifm-0.10.1/src/engine/keys.c:1345:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/vifm-0.10.1/src/engine/keys.c:1362:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t item[prefix_len + 1U + 1U];
data/vifm-0.10.1/src/engine/keys.h:129:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const wchar_t keys[5];
data/vifm-0.10.1/src/engine/options.c:1043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_val[opt->val_count + 1];
data/vifm-0.10.1/src/engine/options.c:1107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_val[opt->val_count + 1];
data/vifm-0.10.1/src/engine/options.c:1268:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/vifm-0.10.1/src/engine/parsing.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3]; /* Full token string. */
data/vifm-0.10.1/src/engine/parsing.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[CMD_LINE_LENGTH_MAX + 1];
data/vifm-0.10.1/src/engine/parsing.c:948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CMD_LINE_LENGTH_MAX];
data/vifm-0.10.1/src/engine/parsing.c:970:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CMD_LINE_LENGTH_MAX + 1];
data/vifm-0.10.1/src/engine/parsing.c:1025:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CMD_LINE_LENGTH_MAX + 1];
data/vifm-0.10.1/src/engine/parsing.c:1108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VAR_NAME_LENGTH_MAX + 1];
data/vifm-0.10.1/src/engine/parsing.c:1124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VAR_NAME_LENGTH_MAX + 1];
data/vifm-0.10.1/src/engine/parsing.c:1125:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "v:");
data/vifm-0.10.1/src/engine/parsing.c:1161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[OPTION_NAME_MAX + 1];
data/vifm-0.10.1/src/engine/private/options.h:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *(*vals)[2]; /* For OPT_ENUM, OPT_SET and OPT_CHARSET types. */
data/vifm-0.10.1/src/engine/variables.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VAR_NAME_MAX + 1];
data/vifm-0.10.1/src/engine/variables.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VAR_NAME_MAX + 1];
data/vifm-0.10.1/src/event_loop.c:93:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t input_buf[128];
data/vifm-0.10.1/src/filelist.c:341:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&view->sort_g[0], &view->sort[0], sizeof(view->sort_g));
data/vifm-0.10.1/src/filelist.c:400:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char empty_string[1];
data/vifm-0.10.1/src/filelist.c:498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_dup[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:551:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newdir[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:570:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:825:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:842:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&view->custom.sort[0], &view->sort[0], sizeof(view->custom.sort));
data/vifm-0.10.1/src/filelist.c:1161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&view->sort[0], &view->custom.sort[0], sizeof(view->sort));
data/vifm-0.10.1/src/filelist.c:1186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_only[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:1813:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selected_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2006:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2105:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2429:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2585:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, with_entries, sizeof(*new)*with_count);
data/vifm-0.10.1/src/filelist.c:2765:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2874:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2943:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&view->sort_g[0], &view->sort[0], sizeof(view->sort_g));
data/vifm-0.10.1/src/filelist.c:2961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:2962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3783:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3841:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:3863:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filelist.c:4042:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filename_modifiers.c:58:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/filename_modifiers.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/filename_modifiers.c:91:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/filename_modifiers.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[256], sub[256];
data/vifm-0.10.1/src/filetype.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[NAME_MAX + 1];
data/vifm-0.10.1/src/filtering.c:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_with_slash[NAME_MAX + 1 + 1];
data/vifm-0.10.1/src/filtering.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_with_slash[NAME_MAX + 1 + 1];
data/vifm-0.10.1/src/filtering.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_with_slash[NAME_MAX + 1 + 1];
data/vifm-0.10.1/src/filtering.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + sizeof(name_with_slash)];
data/vifm-0.10.1/src/filtering.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/filtering.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_with_slash[NAME_MAX + 1 + 1];
data/vifm-0.10.1/src/filtering.c:842:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_with_slash[NAME_MAX + 1 + 1];
data/vifm-0.10.1/src/flist_pos.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perms[16];
data/vifm-0.10.1/src/flist_pos.c:492:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/flist_pos.c:493:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlink[PATH_MAX + 1], plink[PATH_MAX + 1];
data/vifm-0.10.1/src/flist_pos.c:573:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nperms[16];
data/vifm-0.10.1/src/flist_pos.c:819:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[NAME_MAX + 1];
data/vifm-0.10.1/src/flist_sel.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/flist_sel.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/flist_sel.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/flist_sel.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_size_str[64];
data/vifm-0.10.1/src/fops_common.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total_size_str[64];
data/vifm-0.10.1/src/fops_common.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_size_str[64];
data/vifm-0.10.1/src/fops_common.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total_size_str[64];
data/vifm-0.10.1/src/fops_common.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_size[64];
data/vifm-0.10.1/src/fops_common.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total_size[64];
data/vifm-0.10.1/src/fops_common.c:610:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[strlen(text) + 32];
data/vifm-0.10.1/src/fops_common.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rename_file[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_src[PATH_MAX + 1], full_dst[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_common.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1]; /* Path at which processing should take place. */
data/vifm-0.10.1/src/fops_cpmv.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_cpmv.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_cpmv.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_src[PATH_MAX + 1], full_dst[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task_desc[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_cpmv.c:468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_full[PATH_MAX + 1], dst_full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rel_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_cpmv.c:597:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_misc.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_misc.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task_desc[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_misc.c:467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkto[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_misc.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkto[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_misc.c:606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:775:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:818:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clone_name[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_misc.c:858:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:888:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:927:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_misc.c:938:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:970:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:1054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:1096:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:1119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task_desc[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:1204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_misc.c:1250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_misc.c:1270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char task_desc[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_put.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_real[PATH_MAX + 1], t_real[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/fops_put.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_buf[PATH_MAX + 1], dst_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:798:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX*3];
data/vifm-0.10.1/src/fops_put.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_put.c:1078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[128 + PATH_MAX];
data/vifm-0.10.1/src/fops_put.c:1094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:67:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rename_file_ext[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[strlen(curr->name) + 1];
data/vifm-0.10.1/src/fops_rename.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX(COMMAND_GROUP_INFO_LEN, 10 + NAME_MAX + 1)];
data/vifm-0.10.1/src/fops_rename.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[strlen(new_name) + 1 + strlen(rename_file_ext) + 1 + 1];
data/vifm-0.10.1/src/fops_rename.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:275:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[MAX(10 + NAME_MAX, COMMAND_GROUP_INFO_LEN) + 1];
data/vifm-0.10.1/src/fops_rename.c:360:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/fops_rename.c:418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_path[PATH_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:535:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16];
data/vifm-0.10.1/src/fops_rename.c:607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_fname[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:816:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NAME_MAX + 1];
data/vifm-0.10.1/src/fops_rename.c:877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN + 1];
data/vifm-0.10.1/src/int/desktop.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/int/desktop.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exec[1024] = "", mime_type[2048] = "", name[2048] = "";
data/vifm-0.10.1/src/int/desktop.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/vifm-0.10.1/src/int/desktop.c:154:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "caption");
data/vifm-0.10.1/src/int/desktop.c:160:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "%f");
data/vifm-0.10.1/src/int/desktop.c:169:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf + 1, "%f");
data/vifm-0.10.1/src/int/file_magic.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mimetype[128];
data/vifm-0.10.1/src/int/file_magic.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[PATH_MAX + 1];
data/vifm-0.10.1/src/int/file_magic.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/vifm-0.10.1/src/int/fuse.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_file_path[PATH_MAX + 1]; /* Full path to source file. */
data/vifm-0.10.1/src/int/fuse.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_file_dir[PATH_MAX + 1]; /* Full path to dir of source file. */
data/vifm-0.10.1/src/int/fuse.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mount_point[PATH_MAX + 1]; /* Full path to mount point. */
data/vifm-0.10.1/src/int/fuse.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/int/fuse.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mount_point[PATH_MAX + 1];
data/vifm-0.10.1/src/int/fuse.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param[PATH_MAX + 1];
data/vifm-0.10.1/src/int/fuse.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2*PATH_MAX];
data/vifm-0.10.1/src/int/fuse.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errors_file[PATH_MAX + 1];
data/vifm-0.10.1/src/int/fuse.c:235:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " 2> ");
data/vifm-0.10.1/src/int/fuse.c:371:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[96];
data/vifm-0.10.1/src/int/fuse.c:443:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[14 + PATH_MAX + 1];
data/vifm-0.10.1/src/int/fuse.c:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[14 + PATH_MAX + 1];
data/vifm-0.10.1/src/int/fuse.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char no_slash[strlen(mount_point) + 1];
data/vifm-0.10.1/src/int/path_env.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scripts_dir[PATH_MAX + 16];
data/vifm-0.10.1/src/int/path_env.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/int/term_title.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[512];
data/vifm-0.10.1/src/int/term_title.c:111:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t title[512];
data/vifm-0.10.1/src/int/term_title.c:242:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*win = (Window)atol(winid);
data/vifm-0.10.1/src/int/term_title.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[2048];
data/vifm-0.10.1/src/int/vim.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exe_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/int/vim.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vicmd[PATH_MAX + 1];
data/vifm-0.10.1/src/int/vim.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 5];
data/vifm-0.10.1/src/io/iop.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[BLOCK_SIZE];
data/vifm-0.10.1/src/io/iop.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_target[PATH_MAX + 1];
data/vifm-0.10.1/src/io/iop.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[6 + PATH_MAX*2 + 1];
data/vifm-0.10.1/src/io/iop.c:732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_dir[PATH_MAX + 2];
data/vifm-0.10.1/src/io/private/ioe.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&elist->errors[elist->error_count], &other->errors[0],
data/vifm-0.10.1/src/ipc.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipe_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ipc.c:405:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(path, O_RDONLY | O_NONBLOCK);
data/vifm-0.10.1/src/ipc.c:430:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY | O_NONBLOCK);
data/vifm-0.10.1/src/ipc.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkg[8192];
data/vifm-0.10.1/src/ipc.c:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ipc.c:689:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY);
data/vifm-0.10.1/src/ipc.c:719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ipc.c:790:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char find_pat[PATH_MAX + 1];
data/vifm-0.10.1/src/ipc.c:844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ipc.c:888:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(path, O_WRONLY | O_NONBLOCK);
data/vifm-0.10.1/src/macros.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/macros.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[32];
data/vifm-0.10.1/src/marks.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/marks.c:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/apropos_menu.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[64], topic[64];
data/vifm-0.10.1/src/menus/apropos_menu.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256];
data/vifm-0.10.1/src/menus/cabbrevs_menu.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[512];
data/vifm-0.10.1/src/menus/commands_menu.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_buf[512];
data/vifm-0.10.1/src/menus/filetypes_menu.c:121:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/filetypes_menu.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[64];
data/vifm-0.10.1/src/menus/filetypes_menu.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16];
data/vifm-0.10.1/src/menus/filetypes_menu.c:151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/jobs_menu.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_buf[24];
data/vifm-0.10.1/src/menus/jobs_menu.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_buf[sizeof(info_buf) + strlen(p->cmd) + 1024];
data/vifm-0.10.1/src/menus/marks_menu.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/marks_menu.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/media_menu.c:398:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/media_menu.c:401:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_of_mount_path[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/menus.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos_buf[POS_WIN_MIN_WIDTH + 1];
data/vifm-0.10.1/src/menus/menus.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/menus/menus.c:793:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/trashes_menu.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/trashes_menu.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_str[64];
data/vifm-0.10.1/src/menus/volumes_menu.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_name[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/volumes_menu.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/menus/volumes_menu.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_buf[PATH_MAX + 5];
data/vifm-0.10.1/src/menus/volumes_menu.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[4];
data/vifm-0.10.1/src/modes/cmdline.c:102:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t prompt[NAME_MAX + 1]; /* prompt */
data/vifm-0.10.1/src/modes/cmdline.c:319:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[2] = {key, L'\0'};
data/vifm-0.10.1/src/modes/cmdline.c:1776:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/cmdline.c:1847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/cmdline.h:99:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t prompt[NAME_MAX + 1]; /* prompt */
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origin_perms, perms, sizeof(perms));
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_str[64] = " ";
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inv[16];
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:108:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *attr_strings[ATTR_COUNT] = {
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:222:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origin_attrs, attrs, sizeof(attrs));
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char undo_msg[COMMAND_GROUP_INFO_LEN];
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:429:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portion[1024];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[2048];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:434:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg_buf[256];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[8192];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[w - 2 - 2*margin + 1];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[160];
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(linebuf)*5];
data/vifm-0.10.1/src/modes/file_info.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_buf[26];
data/vifm-0.10.1/src/modes/file_info.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_buf[64];
data/vifm-0.10.1/src/modes/file_info.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/src/modes/file_info.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_buf[26];
data/vifm-0.10.1/src/modes/file_info.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/file_info.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/file_info.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkto[PATH_MAX + NAME_MAX];
data/vifm-0.10.1/src/modes/file_info.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/file_info.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024];
data/vifm-0.10.1/src/modes/file_info.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NAME_MAX + 1];
data/vifm-0.10.1/src/modes/file_info.c:292:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Pipe read error");
data/vifm-0.10.1/src/modes/file_info.c:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/file_info.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[64];
data/vifm-0.10.1/src/modes/file_info.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/normal.c:599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[16];
data/vifm-0.10.1/src/modes/normal.c:604:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prefix, ".,$!");
data/vifm-0.10.1/src/modes/normal.c:613:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prefix, ".!");
data/vifm-0.10.1/src/modes/normal.c:1355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[16];
data/vifm-0.10.1/src/modes/normal.c:1465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[32];
data/vifm-0.10.1/src/modes/view.c:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/view.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/view.c:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[POS_WIN_MIN_WIDTH + 1];
data/vifm-0.10.1/src/modes/view.c:1349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ui_qv_width(vi->view)*4];
data/vifm-0.10.1/src/modes/view.c:1393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ui_qv_width(vi->view)*4];
data/vifm-0.10.1/src/modes/view.c:1491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/modes/view.c:1561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ops.c:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2*PATH_MAX + 1];
data/vifm-0.10.1/src/ops.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX*2 + 1];
data/vifm-0.10.1/src/ops.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[16 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ops.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[6 + PATH_MAX*2 + 1];
data/vifm-0.10.1/src/ops.c:477:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[6 + PATH_MAX*2 + 1];
data/vifm-0.10.1/src/ops.c:482:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "/B ");
data/vifm-0.10.1/src/ops.c:485:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "/Y ");
data/vifm-0.10.1/src/ops.c:487:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "/E /I /H /R > NUL");
data/vifm-0.10.1/src/ops.c:555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[6 + PATH_MAX*2 + 1];
data/vifm-0.10.1/src/ops.c:646:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10 + 32 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10 + 32 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[6 + PATH_MAX*2 + 1];
data/vifm-0.10.1/src/ops.c:763:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exe_dir[PATH_MAX + 2];
data/vifm-0.10.1/src/ops.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128 + PATH_MAX];
data/vifm-0.10.1/src/ops.c:1059:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_only[strlen(path) + 1];
data/vifm-0.10.1/src/ops.c:1060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic[PATH_MAX + 1];
data/vifm-0.10.1/src/opt_handlers.c:116:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int str_to_classify(const char str[], char type_decs[FT_COUNT][2][9]);
data/vifm-0.10.1/src/opt_handlers.c:553:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *(*vals)[2]; /* Array of possible values. */
data/vifm-0.10.1/src/opt_handlers.c:1030:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[64];
data/vifm-0.10.1/src/opt_handlers.c:1068:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/vifm-0.10.1/src/opt_handlers.c:1090:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", i);
data/vifm-0.10.1/src/opt_handlers.c:1147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/vifm-0.10.1/src/opt_handlers.c:1208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/vifm-0.10.1/src/opt_handlers.c:1248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[16];
data/vifm-0.10.1/src/opt_handlers.c:1249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char range[32];
data/vifm-0.10.1/src/opt_handlers.c:1262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char right[16];
data/vifm-0.10.1/src/opt_handlers.c:1500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opt_val[MAX_SORT_KEY_LEN*SK_COUNT];
data/vifm-0.10.1/src/opt_handlers.c:1597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valid_val[32];
data/vifm-0.10.1/src/opt_handlers.c:1661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_decs[FT_COUNT][2][9] = {};
data/vifm-0.10.1/src/opt_handlers.c:1689:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
str_to_classify(const char str[], char type_decs[FT_COUNT][2][9])
data/vifm-0.10.1/src/opt_handlers.c:1793:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/vifm-0.10.1/src/opt_handlers.c:2012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[128];
data/vifm-0.10.1/src/opt_handlers.c:2388:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[128];
data/vifm-0.10.1/src/opt_handlers.c:2502:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/vifm-0.10.1/src/opt_handlers.c:2635:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/vifm-0.10.1/src/opt_handlers.c:3412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_chars[256] = { };
data/vifm-0.10.1/src/registers.c:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_str[16];
data/vifm-0.10.1/src/registers.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char use_name[NAME_MAX + 1];
data/vifm-0.10.1/src/registers.c:677:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shmem_raw + current_offset, registers[reg_id].files[i], entry_len);
data/vifm-0.10.1/src/registers.c:740:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(registers[i].files[j], curstrptr, curlen);
data/vifm-0.10.1/src/running.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/running.c:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[512];
data/vifm-0.10.1/src/running.c:354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/running.c:628:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[NAME_MAX + 1 + NAME_MAX + 1];
data/vifm-0.10.1/src/running.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[strlen(prog_spec) + 1U];
data/vifm-0.10.1/src/running.c:664:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/running.c:676:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/running.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkto[PATH_MAX + NAME_MAX];
data/vifm-0.10.1/src/running.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/running.c:771:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_name[strlen(view->curr_dir) + 1];
data/vifm-0.10.1/src/running.c:1263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/vifm-0.10.1/src/running.c:1348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/vifm-0.10.1/src/running.c:1354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/vifm-0.10.1/src/sort.c:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first_perm[11], second_perm[11];
data/vifm-0.10.1/src/sort.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[NAME_MAX + 1], sname[NAME_MAX + 1];
data/vifm-0.10.1/src/sort.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/sort.c:537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlink[PATH_MAX + 1], plink[PATH_MAX + 1];
data/vifm-0.10.1/src/sort.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a_short_path[PATH_MAX + 1];
data/vifm-0.10.1/src/sort.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b_short_path[PATH_MAX + 1];
data/vifm-0.10.1/src/sort.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_buf[NAME_MAX + 1];
data/vifm-0.10.1/src/sort.c:608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_buf[NAME_MAX + 1];
data/vifm-0.10.1/src/status.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/status.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color_scheme[NAME_MAX + 1];
data/vifm-0.10.1/src/status.h:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msgs[51];
data/vifm-0.10.1/src/trash.c:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/trash.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/trash.c:590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/trash.c:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[PATH_MAX + 1];
data/vifm-0.10.1/src/trash.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_real[PATH_MAX*2], other_real[PATH_MAX*2];
data/vifm-0.10.1/src/trash.c:747:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real[PATH_MAX*2];
data/vifm-0.10.1/src/trash.c:751:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real[PATH_MAX*2];
data/vifm-0.10.1/src/trash.c:774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[PATH_MAX*2];
data/vifm-0.10.1/src/trash.c:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_dir[PATH_MAX*2];
data/vifm-0.10.1/src/trash.c:852:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid_str[32];
data/vifm-0.10.1/src/trash.c:870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/color_scheme.c:127:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *LIGHT_COLOR_NAMES[8] = {
data/vifm-0.10.1/src/ui/color_scheme.c:138:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *XTERM256_COLOR_NAMES[256] = {
data/vifm-0.10.1/src/ui/color_scheme.c:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_old_path[PATH_MAX + 16 + NAME_MAX];
data/vifm-0.10.1/src/ui/color_scheme.c:491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_new_path[PATH_MAX + 16 + NAME_MAX];
data/vifm-0.10.1/src/ui/color_scheme.c:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/color_scheme.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_cs_path[PATH_MAX + 32];
data/vifm-0.10.1/src/ui/color_scheme.c:640:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fg_buf[16], bg_buf[16];
data/vifm-0.10.1/src/ui/color_scheme.c:929:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/color_scheme.c:969:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dir_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/color_scheme.c:1032:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[64];
data/vifm-0.10.1/src/ui/color_scheme.c:1035:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result, "none,");
data/vifm-0.10.1/src/ui/color_scheme.c:1037:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, "bold,");
data/vifm-0.10.1/src/ui/color_scheme.c:1039:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, "underline,");
data/vifm-0.10.1/src/ui/color_scheme.c:1041:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, "reverse,");
data/vifm-0.10.1/src/ui/color_scheme.c:1043:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, "standout,");
data/vifm-0.10.1/src/ui/color_scheme.c:1046:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, "italic,");
data/vifm-0.10.1/src/ui/color_scheme.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1]; /* Name of the color scheme. */
data/vifm-0.10.1/src/ui/color_scheme.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1]; /* Associated root dir of the color scheme. */
data/vifm-0.10.1/src/ui/color_scheme.h:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *LIGHT_COLOR_NAMES[8];
data/vifm-0.10.1/src/ui/color_scheme.h:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *XTERM256_COLOR_NAMES[256];
data/vifm-0.10.1/src/ui/column_view.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_col_buf[1024 + 1];
data/vifm-0.10.1/src/ui/column_view.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col_buffer[sizeof(prev_col_buf)];
data/vifm-0.10.1/src/ui/column_view.c:281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_column[sizeof(prev_col_buf)];
data/vifm-0.10.1/src/ui/column_view.c:399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gap[to - from + 1];
data/vifm-0.10.1/src/ui/escape.c:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str, char_width_esc);
data/vifm-0.10.1/src/ui/escape.c:130:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(no_esc_sym, src_sym, char_width_esc);
data/vifm-0.10.1/src/ui/escape.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, INV_START, sizeof(INV_START) - 1);
data/vifm-0.10.1/src/ui/escape.c:333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, INV_END, sizeof(INV_END) - 1);
data/vifm-0.10.1/src/ui/escape.c:596:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/vifm-0.10.1/src/ui/escape.c:612:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, char_width);
data/vifm-0.10.1/src/ui/escape.c:628:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<cr>");
data/vifm-0.10.1/src/ui/fileview.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/fileview.c:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/fileview.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[width + (cfg.extra_padding ? 1 : 0) + 1];
data/vifm-0.10.1/src/ui/fileview.c:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/fileview.c:1080:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buf[strlen(buf) + 1];
data/vifm-0.10.1/src/ui/fileview.c:1176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[cdt->number_width + 1];
data/vifm-0.10.1/src/ui/fileview.c:1220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark[4];
data/vifm-0.10.1/src/ui/fileview.c:1232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark[4];
data/vifm-0.10.1/src/ui/fileview.c:1447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/vifm-0.10.1/src/ui/fileview.c:1511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/fileview.c:1759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/ui/fileview.c:1859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/fileview.c:1889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[view->window_cols + 1];
data/vifm-0.10.1/src/ui/quickview.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[4096]; /* Prefix character for each tree level. */
data/vifm-0.10.1/src/ui/quickview.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[parea->w + 1];
data/vifm-0.10.1/src/ui/quickview.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/quickview.c:536:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_target[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/quickview.c:863:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[parea->w + 1];
data/vifm-0.10.1/src/ui/statusbar.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/vifm-0.10.1/src/ui/statusbar.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char truncated_msg[2048];
data/vifm-0.10.1/src/ui/statusline.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_buf[len + 1];
data/vifm-0.10.1/src/ui/statusline.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[160*2 + 1];
data/vifm-0.10.1/src/ui/statusline.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_buf[26];
data/vifm-0.10.1/src/ui/statusline.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_buf[64];
data/vifm-0.10.1/src/ui/statusline.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_buf[52];
data/vifm-0.10.1/src/ui/statusline.c:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/statusline.c:360:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/statusline.c:499:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expr, *format, e - (*format));
data/vifm-0.10.1/src/ui/statusline.c:853:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bar_text[512*MAX_UTF_CHAR_LEN + 1];
data/vifm-0.10.1/src/ui/statusline.c:873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_text[max_width*MAX_UTF_CHAR_LEN + 1U];
data/vifm-0.10.1/src/ui/ui.c:1240:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wch[getcchar(line_attrs, NULL, &attrs, &color_pair, NULL)];
data/vifm-0.10.1/src/ui/ui.c:1600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[strlen(entry->name) + 1];
data/vifm-0.10.1/src/ui/ui.c:1639:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/ui.c:1899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_dummy[1];
data/vifm-0.10.1/src/ui/ui.c:2033:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/ui.c:2113:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ui_view_sort_list_contains(const char sort[SK_COUNT], char key)
data/vifm-0.10.1/src/ui/ui.h:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort[SK_COUNT];
data/vifm-0.10.1/src/ui/ui.h:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/ui.h:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char watched_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/ui.h:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/ui/ui.h:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_search[NAME_MAX + 1];
data/vifm-0.10.1/src/ui/ui.h:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sort[SK_COUNT], sort_g[SK_COUNT];
data/vifm-0.10.1/src/ui/ui.h:645:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ui_view_sort_list_contains(const char sort[SK_COUNT], char key);
data/vifm-0.10.1/src/undo.c:780:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64 + 2*PATH_MAX] = "";
data/vifm-0.10.1/src/undo.c:784:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<no operation>");
data/vifm-0.10.1/src/undo.c:848:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ERROR, not a valid operation kind");
data/vifm-0.10.1/src/utils/darray.h:80:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&da[i - 1], &da[i], sizeof(*da)); \
data/vifm-0.10.1/src/utils/env.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[strlen(name) + 1 + strlen(value) + 1];
data/vifm-0.10.1/src/utils/file_streams.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_buf[PART_BUFFER_LEN];
data/vifm-0.10.1/src/utils/filemon.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(×tamp->ts, &s.st_mtim, sizeof(s.st_mtim));
data/vifm-0.10.1/src/utils/filemon.c:47:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(×tamp->ts, &s.st_ctim, sizeof(s.st_ctim));
data/vifm-0.10.1/src/utils/filemon.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(×tamp->ts, &s.st_mtime, sizeof(s.st_mtime));
data/vifm-0.10.1/src/utils/filemon.c:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(×tamp->ts, &s.st_ctime, sizeof(s.st_ctime));
data/vifm-0.10.1/src/utils/filemon.c:83:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lhs, rhs, sizeof(*rhs));
data/vifm-0.10.1/src/utils/fs.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_to_selfref[len + 1 + 1 + 1];
data/vifm-0.10.1/src/utils/fs.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_real[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_real[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkto[PATH_MAX + NAME_MAX];
data/vifm-0.10.1/src/utils/fs.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_target[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdb[2048];
data/vifm-0.10.1/src/utils/fs.c:529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_link[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:720:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_copy[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_real[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root_real[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char find_pat[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:871:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/fs.c:949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[16];
data/vifm-0.10.1/src/utils/fs.c:962:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "x:\\");
data/vifm-0.10.1/src/utils/fsdata.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fsdata.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node->data, data, len);
data/vifm-0.10.1/src/utils/fsdata.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fsdata.c:194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src, len);
data/vifm-0.10.1/src/utils/fsdata.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/fswatch_nix.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_LEN];
data/vifm-0.10.1/src/utils/fswatch_win.c:120:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t selfref_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/gmux_nix.c:54:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gmux->fd = open(gmux->name, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
data/vifm-0.10.1/src/utils/log.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/vifm-0.10.1/src/utils/log.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/path.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_can[strlen(s) + 8];
data/vifm-0.10.1/src/utils/path.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_can[strlen(t) + 8];
data/vifm-0.10.1/src/utils/path.c:127:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "//");
data/vifm-0.10.1/src/utils/path.c:247:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/path.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_real[PATH_MAX + 1], base_real[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/path.c:298:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "../");
data/vifm-0.10.1/src/utils/path.c:451:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/path.c:496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/path.c:629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/path.c:771:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/regexp.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[360];
data/vifm-0.10.1/src/utils/regexp.c:102:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/regexp.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/regexp.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/str.c:451:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char buf[2] = { c, '\0' };
data/vifm-0.10.1/src/utils/str.c:473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, prefix, prefix_len);
data/vifm-0.10.1/src/utils/str.c:799:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wc[2] = {};
data/vifm-0.10.1/src/utils/str.c:1098:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char haystack_us[strlen(haystack) + 1];
data/vifm-0.10.1/src/utils/str.c:1099:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char needle_us[strlen(needle) + 1];
data/vifm-0.10.1/src/utils/utf8.c:272:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
(void)MultiByteToWideChar(CP_UTF8, 0, utf8, len, &wc, 1);
data/vifm-0.10.1/src/utils/utf8.c:280:19: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
const int size = MultiByteToWideChar(CP_UTF8, 0, utf8, len, NULL, 0);
data/vifm-0.10.1/src/utils/utf8.c:282:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
(void)MultiByteToWideChar(CP_UTF8, 0, utf8, len, utf16, size);
data/vifm-0.10.1/src/utils/utf8.c:290:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
return MultiByteToWideChar(CP_UTF8, 0, utf8, strlen(utf8), NULL, 0);
data/vifm-0.10.1/src/utils/utils.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils.c:322:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1 + PATH_MAX*2 + 1 + 1];
data/vifm-0.10.1/src/utils/utils.c:346:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unique[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils.c:362:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unique + len - 2, "%d", ++i);
data/vifm-0.10.1/src/utils/utils.c:465:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, string, offset);
data/vifm-0.10.1/src/utils/utils.c:497:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, string, offset);
data/vifm-0.10.1/src/utils/utils.c:636:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonicalized[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils.c:665:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[bufs_len];
data/vifm-0.10.1/src/utils/utils.c:681:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*line_num = atoi(colon + 1);
data/vifm-0.10.1/src/utils/utils_nix.c:267:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int null_fd = open("/dev/null", O_RDWR);
data/vifm-0.10.1/src/utils/utils_nix.c:324:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils_nix.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils_nix.c:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/vifm-0.10.1/src/utils/utils_nix.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_name[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils_nix.c:710:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*uid = atoi(user);
data/vifm-0.10.1/src/utils/utils_nix.c:730:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*gid = atoi(group);
data/vifm-0.10.1/src/utils/utils_nix.c:839:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uid_buf[26];
data/vifm-0.10.1/src/utils/utils_nix.c:857:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/vifm-0.10.1/src/utils/utils_nix.c:878:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gid_buf[26];
data/vifm-0.10.1/src/utils/utils_nix.c:896:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/vifm-0.10.1/src/utils/utils_nix.c:993:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ttyname(STDIN_FILENO), O_RDWR);
data/vifm-0.10.1/src/utils/utils_nix.c:997:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ttyname(STDOUT_FILENO), O_RDWR);
data/vifm-0.10.1/src/utils/utils_nix.c:1001:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ttyname(STDERR_FILENO), O_RDWR);
data/vifm-0.10.1/src/utils/utils_nix.c:1006:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/tty", O_RDWR);
data/vifm-0.10.1/src/utils/utils_nix.c:1066:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(path, O_WRONLY);
data/vifm-0.10.1/src/utils/utils_nix.c:1100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[1];
data/vifm-0.10.1/src/utils/utils_nix.c:1109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[list_size + 1];
data/vifm-0.10.1/src/utils/utils_nix.c:1126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[value_size + 1];
data/vifm-0.10.1/src/utils/utils_win.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[strlen(cfg.shell) + 5 + strlen(cmd)*4 + 1 + 1];
data/vifm-0.10.1/src/utils/utils_win.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_buf[16];
data/vifm-0.10.1/src/utils/utils_win.c:386:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5 + 1];
data/vifm-0.10.1/src/utils/utils_win.c:405:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10 + 1];
data/vifm-0.10.1/src/utils/utils_win.c:424:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX*2];
data/vifm-0.10.1/src/utils/utils_win.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_buf[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shell[NAME_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:759:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char data_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:762:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exe_dir[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX + 1];
data/vifm-0.10.1/src/utils/utils_win.c:825:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sec_descr[size_needed];
data/vifm-0.10.1/src/utils/xxhash.c:105:76: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/vifm-0.10.1/src/utils/xxhash.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/vifm-0.10.1/src/utils/xxhash.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/vifm-0.10.1/src/utils/xxhash.c:568:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state));
data/vifm-0.10.1/src/utils/xxhash.c:582:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state));
data/vifm-0.10.1/src/utils/xxhash.c:850:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/vifm-0.10.1/src/utils/xxhash.c:857:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/vifm-0.10.1/src/utils/xxhash.h:237:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/vifm-0.10.1/src/utils/xxhash.h:238:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/vifm-0.10.1/src/viewcolumns_parser.c:210:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/vifm-0.10.1/src/vifm.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/src/vifm.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/column_view/align.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char print_buffer[800 + 1];
data/vifm-0.10.1/tests/column_view/cropping.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char print_buffer[40 + 1];
data/vifm-0.10.1/tests/column_view/utf8.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char print_buffer[80 + 1];
data/vifm-0.10.1/tests/column_view/width.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char print_buffer[20 + 1];
data/vifm-0.10.1/tests/commands/input.c:712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_name[1024];
data/vifm-0.10.1/tests/commands/one_number_range.c:37:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/lwin");
data/vifm-0.10.1/tests/commands/one_number_range.c:62:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rwin");
data/vifm-0.10.1/tests/fileops/chmod.c:68:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert_non_null(f = fopen(SANDBOX_PATH "/file", "w"));
data/vifm-0.10.1/tests/fileops/chmod.c:98:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert_non_null(f = fopen(SANDBOX_PATH "/dir/file", "w"));
data/vifm-0.10.1/tests/fileops/chmod.c:132:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert_non_null(f = fopen(SANDBOX_PATH "/dir/file", "w"));
data/vifm-0.10.1/tests/fileops/chown.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/cpmv_files.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_value[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/cpmv_files.c:84:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/fake/absolute/path");
data/vifm-0.10.1/tests/fileops/cpmv_files.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_value[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/cpmv_files.c:103:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/fake/absolute/path");
data/vifm-0.10.1/tests/fileops/cpmv_files.c:227:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lwin.curr_dir, "/trash");
data/vifm-0.10.1/tests/fileops/cpmv_files.c:231:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lwin.curr_dir, "/dir");
data/vifm-0.10.1/tests/fileops/cpmv_files.c:337:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(parent_to_child ? rwin.curr_dir : lwin.curr_dir, "/dir");
data/vifm-0.10.1/tests/fileops/delete.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trash_dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/delete.c:207:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lwin.curr_dir, "/dir");
data/vifm-0.10.1/tests/fileops/make_dirs.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/make_dirs.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_b[PATH_MAX + 8];
data/vifm-0.10.1/tests/fileops/make_files.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_b[PATH_MAX + 8];
data/vifm-0.10.1/tests/fileops/put_files.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_file[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/put_files.c:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/rename_files.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/rename_files.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/rename_files.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_name[NAME_MAX + 1];
data/vifm-0.10.1/tests/fileops/rename_files.c:209:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("script", "w");
data/vifm-0.10.1/tests/fileops/restore_files.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trash_dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/restore_files.c:49:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lwin.curr_dir, "/trash");
data/vifm-0.10.1/tests/fileops/restore_files.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/utils.c:45:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(path, "w");
data/vifm-0.10.1/tests/fileops/utils.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/fileops/utils.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buf[buf_len];
data/vifm-0.10.1/tests/filetype/filetype.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/vifm-0.10.1/tests/filetype/viewers.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/vifm-0.10.1/tests/iop/cp.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_target[PATH_MAX + 1];
data/vifm-0.10.1/tests/iop/cp.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_target[PATH_MAX + 1];
data/vifm-0.10.1/tests/iop/mkdir.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/iop/mkdir.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/iop/utils.c:52:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const a_file = fopen(a, "rb");
data/vifm-0.10.1/tests/iop/utils.c:53:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const b_file = fopen(b, "rb");
data/vifm-0.10.1/tests/ior/utils.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/ior/utils.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/ior/utils.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/ior/utils.c:63:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(file, "w");
data/vifm-0.10.1/tests/misc/append_selected_files.c:20:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/lwin");
data/vifm-0.10.1/tests/misc/append_selected_files.c:40:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rwin");
data/vifm-0.10.1/tests/misc/autocmds.c:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sandbox[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/autocmds.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/autocmds.c:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/autocmds.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/autocmds.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/autocmds.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/autocmds.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/bmarks.c:23:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/a/path");
data/vifm-0.10.1/tests/misc/builtin_functions.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/builtin_functions.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/builtin_functions.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/change_window.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected_cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/change_window.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/chase_links.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_completion.c:416:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t input[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_completion.c:417:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_completion.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_completion.c:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[PATH_MAX + 1], dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_editing.c:52:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "tests/fake/tail");
data/vifm-0.10.1/tests/misc/cmdline_editing.c:63:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "other/dir/othertail");
data/vifm-0.10.1/tests/misc/cmdline_editing.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_editing.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_scope.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/cmdline_scope.c:74:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("./script", "w");
data/vifm-0.10.1/tests/misc/commands.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sandbox[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_cs.c:43:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_cs.c:52:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_cs.c:74:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_cs.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_cs.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_cs.c:112:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_cs.c:127:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_cs.c:145:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_cs.c:161:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/commands_filetype.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/vifm-0.10.1/tests/misc/commands_misc.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sandbox[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:115:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "..");
data/vifm-0.10.1/tests/misc/commands_misc.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[PATH_MAX + 1], dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_misc.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX*2];
data/vifm-0.10.1/tests/misc/commands_misc.c:640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zeroes[8192] = "echo ";
data/vifm-0.10.1/tests/misc/commands_selection.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:120:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "not/a/valid/path");
data/vifm-0.10.1/tests/misc/commands_sibl.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sibl.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonic_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:271:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[PATH_MAX + 1], dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_sync.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/commands_tabs.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1], sandbox[PATH_MAX + 1], cs[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/compare.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/compare.c:733:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "no-such-path");
data/vifm-0.10.1/tests/misc/compare.c:764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/compare.c:766:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "no-such-path");
data/vifm-0.10.1/tests/misc/diff.c:216:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const a_file = fopen(a, "rb");
data/vifm-0.10.1/tests/misc/diff.c:217:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const b_file = fopen(b, "rb");
data/vifm-0.10.1/tests/misc/dir_stack.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/dir_stack.c:34:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/left");
data/vifm-0.10.1/tests/misc/dir_stack.c:35:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/right");
data/vifm-0.10.1/tests/misc/dir_stack.c:61:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/new-left");
data/vifm-0.10.1/tests/misc/dir_stack.c:62:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/new-right");
data/vifm-0.10.1/tests/misc/dir_stack.c:105:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/new-left");
data/vifm-0.10.1/tests/misc/dir_stack.c:106:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/new-right");
data/vifm-0.10.1/tests/misc/dir_stack.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/expand_macros.c:30:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/lwin");
data/vifm-0.10.1/tests/misc/expand_macros.c:53:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rwin");
data/vifm-0.10.1/tests/misc/expand_macros.c:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[32];
data/vifm-0.10.1/tests/misc/expand_macros.c:341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[32];
data/vifm-0.10.1/tests/misc/file_magic.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/file_magic.c:65:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(fname, "w");
data/vifm-0.10.1/tests/misc/filtering.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:51:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/some/path");
data/vifm-0.10.1/tests/misc/filtering.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:412:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lwin.curr_dir, "/nested");
data/vifm-0.10.1/tests/misc/filtering.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/filtering.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf1[80 + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[80 + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_file[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:294:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/misc/flist_custom.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:449:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(SANDBOX_PATH "/list", "w");
data/vifm-0.10.1/tests/misc/flist_custom.c:500:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[PATH_MAX + 1], dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:747:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom.c:781:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/a\nb", "w");
data/vifm-0.10.1/tests/misc/flist_custom_filtering.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_custom_filtering.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_hist.c:35:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/lwin");
data/vifm-0.10.1/tests/misc/flist_hist.c:46:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rwin");
data/vifm-0.10.1/tests/misc/flist_misc.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_misc.c:389:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char type_decs_slash[FT_COUNT][2][9] = {
data/vifm-0.10.1/tests/misc/flist_misc.c:392:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char type_decs_brackets[FT_COUNT][2][9] = {
data/vifm-0.10.1/tests/misc/flist_misc.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_misc.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:33:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.last_dir, "--last--");
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:34:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "--cur--");
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:47:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.home_dir, "--home--");
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:48:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "--cur--");
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_pick_cd_path.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_reload.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_tree.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1], test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_tree.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_tree.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_tree.c:801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_tree.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/flist_tree.c:825:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX + 1];
data/vifm-0.10.1/tests/misc/fname_modif.c:24:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/lwin");
data/vifm-0.10.1/tests/misc/fname_modif.c:49:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rwin");
data/vifm-0.10.1/tests/misc/fname_modif.c:95:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.home_dir, "/rwin/");
data/vifm-0.10.1/tests/misc/fname_modif.c:421:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rw.in");
data/vifm-0.10.1/tests/misc/fname_modif.c:476:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "" SL "rw.in");
data/vifm-0.10.1/tests/misc/fname_modif.c:607:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "//server/share/directory");
data/vifm-0.10.1/tests/misc/fname_modif.c:619:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "h:/rwin");
data/vifm-0.10.1/tests/misc/fname_modif.c:629:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "//ZX-Spectrum");
data/vifm-0.10.1/tests/misc/format_edit_selection_cmd.c:18:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/lwin");
data/vifm-0.10.1/tests/misc/format_edit_selection_cmd.c:41:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/rwin");
data/vifm-0.10.1/tests/misc/format_mount_command.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/tests/misc/format_mount_command.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/tests/misc/format_mount_command.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/tests/misc/format_mount_command.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/tests/misc/format_mount_command.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/vifm-0.10.1/tests/misc/format_mount_command.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/vifm-0.10.1/tests/misc/format_mount_command.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/vifm-0.10.1/tests/misc/format_mount_command.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/vifm-0.10.1/tests/misc/format_mount_command.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/vifm-0.10.1/tests/misc/fuse.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fuse_home[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:101:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/mount.spec", "w");
data/vifm-0.10.1/tests/misc/fuse.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:153:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/mount.spec", "w");
data/vifm-0.10.1/tests/misc/fuse.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nested[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/fuse.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fuse_home[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/get_cmd_path.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/get_cmd_path.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/get_cmd_path.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/integration.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[100] = { };
data/vifm-0.10.1/tests/misc/integration.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[100] = { };
data/vifm-0.10.1/tests/misc/integration.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[100] = { };
data/vifm-0.10.1/tests/misc/integration.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[100] = { };
data/vifm-0.10.1/tests/misc/integration.c:106:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/etc");
data/vifm-0.10.1/tests/misc/integration.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[100] = { };
data/vifm-0.10.1/tests/misc/integration.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/integration.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/integration.c:132:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expected, "/bin\n");
data/vifm-0.10.1/tests/misc/integration.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[100] = { };
data/vifm-0.10.1/tests/misc/integration.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/integration.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/integration.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/integration.c:220:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("./script", "w");
data/vifm-0.10.1/tests/misc/leave_invalid_dir.c:26:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/aaaaaaaaaaa/bbbbbbbbbbb/cccccccccc");
data/vifm-0.10.1/tests/misc/leave_invalid_dir.c:35:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/aaaaaaaaaaa/bbbbbbbbbbb/cccccccccc/");
data/vifm-0.10.1/tests/misc/menus.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_bmarks.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_cs.c:20:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_cs.c:57:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cfg.cs.name, "test-scheme");
data/vifm-0.10.1/tests/misc/menus_dirhistory.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_find.c:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_find.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_find.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_media.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sandbox[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_media.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_media.c:84:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:111:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:124:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:173:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:189:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:204:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:238:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:255:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:270:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:279:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:298:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:378:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:386:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:408:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/menus_media.c:445:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/menus_media.c:463:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/navigation.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/normal.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/normal.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/ops.c:46:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen("old", "w");
data/vifm-0.10.1/tests/misc/options.c:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word_chars[sizeof(cfg.word_chars)];
data/vifm-0.10.1/tests/misc/options_classify.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char type_decs[FT_COUNT][2][9] = {
data/vifm-0.10.1/tests/misc/options_classify.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char type_decs[FT_COUNT][2][9] = {};
data/vifm-0.10.1/tests/misc/options_classify.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_decs[FT_COUNT][2][9];
data/vifm-0.10.1/tests/misc/options_classify.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type_decs, &cfg.type_decs, sizeof(cfg.type_decs));
data/vifm-0.10.1/tests/misc/options_classify.c:196:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/parse_apropos_line.c:7:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[64], topic[64];
data/vifm-0.10.1/tests/misc/parse_apropos_line.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[64], topic[64];
data/vifm-0.10.1/tests/misc/parse_apropos_line.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[64], topic[64];
data/vifm-0.10.1/tests/misc/parse_apropos_line.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[64], t[64];
data/vifm-0.10.1/tests/misc/parse_apropos_line.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[64], t[64];
data/vifm-0.10.1/tests/misc/parse_apropos_line.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[64], topic[64];
data/vifm-0.10.1/tests/misc/quickview.c:114:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(curr_view->curr_dir, "echo");
data/vifm-0.10.1/tests/misc/quickview.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/quickview.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/quickview.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/quickview.c:185:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(TEST_DATA_PATH "/read/dos-line-endings", "r");
data/vifm-0.10.1/tests/misc/quickview.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pat4kib[4096 + 8];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnbuf[LINE_SIZE];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmp[26];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnbuf[LINE_SIZE];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[7];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:199:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(query, "get,X\n");
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:250:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 3, constpartcmp, sizeof(constpartcmp) - 1);
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[16384 + 8];
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:391:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *args[4];
data/vifm-0.10.1/tests/misc/rename.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dup[ARRAY_LEN(files)] = {};
data/vifm-0.10.1/tests/misc/rename.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_name[PATH_MAX + NAME_MAX + 1];
data/vifm-0.10.1/tests/misc/rename.c:158:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("script", "w");
data/vifm-0.10.1/tests/misc/running.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/running.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[PATH_MAX + 16];
data/vifm-0.10.1/tests/misc/running.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[PATH_MAX + 16];
data/vifm-0.10.1/tests/misc/strchar2str.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[cfg.tab_stop + 1];
data/vifm-0.10.1/tests/misc/suite.c:52:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/non-existing-dir");
data/vifm-0.10.1/tests/misc/suite.c:53:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/non-existing-dir");
data/vifm-0.10.1/tests/misc/tabs.c:50:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/a");
data/vifm-0.10.1/tests/misc/tabs.c:51:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/a");
data/vifm-0.10.1/tests/misc/tabs.c:59:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/l");
data/vifm-0.10.1/tests/misc/tabs.c:60:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/r");
data/vifm-0.10.1/tests/misc/tabs.c:70:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lwin.curr_dir, "/l");
data/vifm-0.10.1/tests/misc/tabs.c:71:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rwin.curr_dir, "/r");
data/vifm-0.10.1/tests/misc/tabs.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1], sandbox[PATH_MAX + 1], test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/tabs.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1], sandbox[PATH_MAX + 1], test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/tabs.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1], sandbox[PATH_MAX + 1], test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/trash.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sandbox[PATH_MAX + 1];
data/vifm-0.10.1/tests/misc/utils.c:165:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(view->curr_dir, "/path");
data/vifm-0.10.1/tests/misc/utils.c:206:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(path, "w");
data/vifm-0.10.1/tests/misc/utils.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buf[buf_len];
data/vifm-0.10.1/tests/misc/utils.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4*1024];
data/vifm-0.10.1/tests/misc/vifminfo.c:40:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/misc/vifminfo.c:99:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/misc/vifminfo.c:117:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/misc/vifminfo.c:135:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/misc/vifminfo.c:151:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/misc/vifminfo.c:174:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/vifminfo", "w");
data/vifm-0.10.1/tests/options/charset.c:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cpoptions[10];
data/vifm-0.10.1/tests/options/hat.c:5:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cpoptions[10];
data/vifm-0.10.1/tests/options/suite.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cpoptions[10];
data/vifm-0.10.1/tests/parsing/and_or.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[8192];
data/vifm-0.10.1/tests/parsing/and_or.c:86:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expr, "1&&1==");
data/vifm-0.10.1/tests/parsing/and_or.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[8192];
data/vifm-0.10.1/tests/parsing/and_or.c:99:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expr, "1||1==");
data/vifm-0.10.1/tests/parsing/double_quotes.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8192];
data/vifm-0.10.1/tests/parsing/numbers.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zeroes[8192];
data/vifm-0.10.1/tests/parsing/single_quoted.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8192];
data/vifm-0.10.1/tests/regs_shmem_app/regcmd.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnbuf[LINE_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stic_magic_marker[20] = "";
data/vifm-0.10.1/tests/stic/stic.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:299:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected %d but was %d", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:305:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:306:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected %lu but was %lu", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:314:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected %f but was %f", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:323:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected %f but was %f", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:335:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected <NULL> but was <NULL>");
data/vifm-0.10.1/tests/stic/stic.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:364:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected <NULL> but was <NULL>");
data/vifm-0.10.1/tests/stic/stic.c:370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected <NULL> but was \"%ls\"", actual);
data/vifm-0.10.1/tests/stic/stic.c:372:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected <NULL> but was wide string");
data/vifm-0.10.1/tests/stic/stic.c:379:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected \"%ls\" but was <NULL>", expected);
data/vifm-0.10.1/tests/stic/stic.c:381:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected wide string but was <NULL>");
data/vifm-0.10.1/tests/stic/stic.c:389:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected \"%ls\" but was \"%ls\"", expected, actual);
data/vifm-0.10.1/tests/stic/stic.c:391:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Expected wide string doesn't match");
data/vifm-0.10.1/tests/stic/stic.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[STIC_PRINT_BUFFER_SIZE];
data/vifm-0.10.1/tests/stic/stic.c:473:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d tests run %d checks failed", nrun, nfailed);
data/vifm-0.10.1/tests/stic/stic.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[40];
data/vifm-0.10.1/tests/stic/stic.c:529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/vifm-0.10.1/tests/stic/stic.c:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[40];
data/vifm-0.10.1/tests/stic/stic.c:562:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(time,"< 1 ms");
data/vifm-0.10.1/tests/stic/stic.c:566:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(time,"%lu ms",end - start);
data/vifm-0.10.1/tests/stic/stic.h:69:120: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define assert_n_array_equal(expected, actual, n) do { int stic_count; for(stic_count=0; stic_count<n; stic_count++) { char s_seatest[STIC_PRINT_BUFFER_SIZE]; stic_printf(s_seatest,"Expected %d to be %d at position %d", actual[stic_count], expected[stic_count], stic_count); stic_simple_test_result((expected[stic_count] == actual[stic_count]), s_seatest, __FUNCTION__, __FILE__, __LINE__);} } while (0)
data/vifm-0.10.1/tests/undo/trash.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char trash_path[PATH_MAX + 1];
data/vifm-0.10.1/tests/undo/trash.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char full_src[PATH_MAX + 1];
data/vifm-0.10.1/tests/undo/trash.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char full_dst[PATH_MAX + 1];
data/vifm-0.10.1/tests/undo/trash.c:41:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fclose(fopen(SANDBOX_PATH "/dst", "w"));
data/vifm-0.10.1/tests/undo/trash.c:48:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fclose(fopen(SANDBOX_PATH "/src", "w"));
data/vifm-0.10.1/tests/undo/trash.c:57:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fclose(fopen(SANDBOX_PATH "/dst", "w"));
data/vifm-0.10.1/tests/utils/canonical.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/canonical.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/extract_part.c:7:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_buf[64];
data/vifm-0.10.1/tests/utils/extract_part.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_buf[64];
data/vifm-0.10.1/tests/utils/extract_part.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_buf[64];
data/vifm-0.10.1/tests/utils/extract_part.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_buf[64];
data/vifm-0.10.1/tests/utils/extract_part.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_buf[64];
data/vifm-0.10.1/tests/utils/file_streams.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/vifm-0.10.1/tests/utils/file_streams.c:10:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(TEST_DATA_PATH "/read/utf8-bom", "rb");
data/vifm-0.10.1/tests/utils/filemon.c:59:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(SANDBOX_PATH "/file", "w");
data/vifm-0.10.1/tests/utils/friendly_size.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/vifm-0.10.1/tests/utils/friendly_size.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/friendly_size.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/vifm-0.10.1/tests/utils/fsdata.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char big_data[128];
data/vifm-0.10.1/tests/utils/fsdata.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char small_data[1];
data/vifm-0.10.1/tests/utils/fsdata.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char big_data[128];
data/vifm-0.10.1/tests/utils/fswatch.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sandbox[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/fswatch.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_command_name.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[NAME_MAX + 1];
data/vifm-0.10.1/tests/utils/get_line.c:9:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/two-lines", "r");
data/vifm-0.10.1/tests/utils/get_line.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[5];
data/vifm-0.10.1/tests/utils/get_line.c:30:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/two-lines", "r");
data/vifm-0.10.1/tests/utils/get_line.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[100];
data/vifm-0.10.1/tests/utils/get_line.c:48:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/two-lines", "r");
data/vifm-0.10.1/tests/utils/get_line.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[100];
data/vifm-0.10.1/tests/utils/get_line.c:69:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/two-lines", "r");
data/vifm-0.10.1/tests/utils/get_line.c:88:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/two-lines", "r");
data/vifm-0.10.1/tests/utils/parse_file_spec.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_data[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/parse_file_spec.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/parse_file_spec.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/parse_file_spec.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[PATH_MAX + 1];
data/vifm-0.10.1/tests/utils/path_exists.c:13:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/file", "w");
data/vifm-0.10.1/tests/utils/process_cmd_output.c:22:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const f = fopen(SANDBOX_PATH "/list", "w");
data/vifm-0.10.1/tests/utils/read_file_lines.c:81:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(TEST_DATA_PATH "/read/utf8-bom", "rb");
data/vifm-0.10.1/tests/utils/read_file_lines.c:94:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(TEST_DATA_PATH "/read/utf8-bom", "rb");
data/vifm-0.10.1/tests/utils/read_line.c:10:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/read_line.c:28:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/read_line.c:47:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/read_line.c:146:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/read_line.c:166:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/read_line.c:187:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/read_line.c:210:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(TEST_DATA_PATH "/read/very-long-line", "r");
data/vifm-0.10.1/tests/utils/rel_symlinks.c:104:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fclose(fopen(SANDBOX_PATH "/target", "w"));
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "/";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "/bin";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "/a/b/c";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "/a/b/c/";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "/a/b/c///";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "name";
data/vifm-0.10.1/tests/utils/remove_last_path_component.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1] = "c:/a";
data/vifm-0.10.1/tests/utils/sstr.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1];
data/vifm-0.10.1/tests/utils/sstr.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/vifm-0.10.1/tests/utils/sstr.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/vifm-0.10.1/tests/utils/str_to_case.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str)*4];
data/vifm-0.10.1/tests/utils/str_to_case.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str)*4];
data/vifm-0.10.1/tests/utils/str_to_case.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str)*4];
data/vifm-0.10.1/tests/utils/str_to_case.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str)*4];
data/vifm-0.10.1/tests/utils/str_to_case.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str)*4];
data/vifm-0.10.1/tests/utils/str_to_case.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str)*4];
data/vifm-0.10.1/tests/utils/str_to_case.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str) - 1];
data/vifm-0.10.1/tests/utils/str_to_case.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str) - 1];
data/vifm-0.10.1/tests/utils/str_to_case.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str) - 1];
data/vifm-0.10.1/tests/utils/str_to_case.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str) - 1];
data/vifm-0.10.1/tests/utils/str_to_case.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str) - 1];
data/vifm-0.10.1/tests/utils/str_to_case.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(str) - 1];
data/vifm-0.10.1/tests/variables/format.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zeroes[8192];
data/vifm-0.10.1/src/args.c:225:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "-");
data/vifm-0.10.1/src/background.c:355:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((nread = read(error_pipe[0], linebuf, sizeof(linebuf) - 1)) > 0)
data/vifm-0.10.1/src/background.c:363:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, linebuf, sizeof(buf) - strlen(buf) - 1);
data/vifm-0.10.1/src/background.c:363:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, linebuf, sizeof(buf) - strlen(buf) - 1);
data/vifm-0.10.1/src/background.c:426:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(j->fd, err_msg, sizeof(err_msg) - 1U);
data/vifm-0.10.1/src/bmarks.c:98:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char canonic_path[strlen(path) + 16U];
data/vifm-0.10.1/src/bmarks.c:124:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char canonic_path[strlen(path) + 16U];
data/vifm-0.10.1/src/bmarks.c:217:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char canonic_path[strlen(path) + 16U];
data/vifm-0.10.1/src/bmarks.c:234:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/vifm-0.10.1/src/bmarks.c:256:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char canonic_src[strlen(src) + 16U], canonic_dst[strlen(dst) + 16U];
data/vifm-0.10.1/src/bmarks.c:256:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char canonic_src[strlen(src) + 16U], canonic_dst[strlen(dst) + 16U];
data/vifm-0.10.1/src/bracket_notation.c:504:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_pairs[i].len = wcslen(key_pairs[i].notation);
data/vifm-0.10.1/src/bracket_notation.c:543:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = wcslen(cmd) + 1;
data/vifm-0.10.1/src/bracket_notation.c:563:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += wcslen(p);
data/vifm-0.10.1/src/bracket_notation.c:578:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t str_lowered[wcslen(str) + 1];
data/vifm-0.10.1/src/bracket_notation.c:610:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t str_len = wcslen(str);
data/vifm-0.10.1/src/cfg/config.c:757:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(line, p + 1, sizeof(line) - strlen(line) - 1);
data/vifm-0.10.1/src/cfg/config.c:757:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(line, p + 1, sizeof(line) - strlen(line) - 1);
data/vifm-0.10.1/src/cfg/config.c:864:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char with_forward_slashes[strlen(new_value) + 1];
data/vifm-0.10.1/src/cfg/info.c:1402:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(line, non_whitespace, strlen(non_whitespace) + 1);
data/vifm-0.10.1/src/cfg/info.c:1459:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/vifm-0.10.1/src/cmd_completion.c:612:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/vifm-0.10.1/src/cmd_completion.c:633:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/vifm-0.10.1/src/cmd_completion.c:671:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((equal == NULL) ? str : ++equal);
data/vifm-0.10.1/src/cmd_completion.c:671:48: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
size_t len = strlen((equal == NULL) ? str : ++equal);
data/vifm-0.10.1/src/cmd_completion.c:706:38: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const char *const comma = strrchr(equal, ',');
data/vifm-0.10.1/src/cmd_completion.c:711:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(equal);
data/vifm-0.10.1/src/cmd_completion.c:711:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
len = strlen(equal);
data/vifm-0.10.1/src/cmd_completion.c:716:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(strncasecmp(equal, STYLES[i][0], len) == 0)
data/vifm-0.10.1/src/cmd_completion.c:726:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(strncasecmp(equal, "default", len) == 0)
data/vifm-0.10.1/src/cmd_completion.c:730:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(strncasecmp(equal, "none", len) == 0)
data/vifm-0.10.1/src/cmd_completion.c:737:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(strncasecmp(equal, XTERM256_COLOR_NAMES[i], len) == 0)
data/vifm-0.10.1/src/cmd_completion.c:744:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(strncasecmp(equal, LIGHT_COLOR_NAMES[i], len) == 0)
data/vifm-0.10.1/src/cmd_completion.c:752:51: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
vle_compl_add_last_match((equal == NULL) ? str : equal);
data/vifm-0.10.1/src/cmd_completion.c:760:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/vifm-0.10.1/src/cmd_completion.c:800:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen(str);
data/vifm-0.10.1/src/cmd_completion.c:1041:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t filename_len = strlen(filename);
data/vifm-0.10.1/src/cmd_completion.c:1104:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/vifm-0.10.1/src/cmd_completion.c:1121:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/vifm-0.10.1/src/cmd_completion.c:1141:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(file);
data/vifm-0.10.1/src/cmd_completion.c:1168:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "/");
data/vifm-0.10.1/src/cmd_core.c:787:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char cmdline_copy[strlen(cmdline) + 1];
data/vifm-0.10.1/src/cmd_handlers.c:1128:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *fmt = (strlen(pattern) <= 10)
data/vifm-0.10.1/src/cmd_handlers.c:1289:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = wcslen(wide_prefix);
data/vifm-0.10.1/src/cmd_handlers.c:2629:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char pattern[strlen(cmd_info->args) + 1];
data/vifm-0.10.1/src/cmd_handlers.c:2752:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_len += strlen(msg + msg_len);
data/vifm-0.10.1/src/cmd_handlers.c:2761:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_len += strlen(msg + msg_len);
data/vifm-0.10.1/src/cmd_handlers.c:2769:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_len += strlen(msg + msg_len);
data/vifm-0.10.1/src/cmd_handlers.c:2827:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal[1] == '\0')
data/vifm-0.10.1/src/cmd_handlers.c:2993:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(type);
data/vifm-0.10.1/src/cmd_handlers.c:3344:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_lines = realloc(lines, len + 1 + strlen(msg) + 1);
data/vifm-0.10.1/src/cmd_handlers.c:4309:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen(cmd_info->argv[0]) + 1];
data/vifm-0.10.1/src/cmd_handlers.c:4318:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen(cmd_info->argv[0]);
data/vifm-0.10.1/src/cmd_handlers.c:4319:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(cmd_info->argv[1]);
data/vifm-0.10.1/src/cmd_handlers.c:4952:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(com_beginning) > 0)
data/vifm-0.10.1/src/compare.c:914:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr->origin + strlen(flist_get_dir(from)), curr->name);
data/vifm-0.10.1/src/compat/getopt.c:322:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = d->__nonoption_flags_max_len = strlen (orig_str);
data/vifm-0.10.1/src/compat/getopt.c:557:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (namelen == (unsigned int) strlen (p->name))
data/vifm-0.10.1/src/compat/getopt.c:642:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:715:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:755:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:760:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:953:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - d->__nextchar) == strlen (p->name))
data/vifm-0.10.1/src/compat/getopt.c:1001:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:1045:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:1083:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/getopt.c:1089:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d->__nextchar += strlen (d->__nextchar);
data/vifm-0.10.1/src/compat/mntent.c:116:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(opts_buf, tmp, sizeof(opts_buf) - 1);
data/vifm-0.10.1/src/compat/mntent.c:161:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t i = strlen(s0) + strlen(s1) + 1 + 1;
data/vifm-0.10.1/src/compat/mntent.c:161:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t i = strlen(s0) + strlen(s1) + 1 + 1;
data/vifm-0.10.1/src/compat/os.c:140:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
os_dir->entry.d_namlen = strlen(os_dir->entry.d_name);
data/vifm-0.10.1/src/compat/os.c:343:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(utf8_buf) + 1U > size)
data/vifm-0.10.1/src/engine/abbrevs.c:232:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen(prefix);
data/vifm-0.10.1/src/engine/autocmds.c:201:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char pat[1U + strlen(autocmds[i].pattern) + 1U];
data/vifm-0.10.1/src/engine/autocmds.c:242:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char pat[1U + strlen(autocmds[i].pattern) + 1U];
data/vifm-0.10.1/src/engine/cmds.c:346:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/vifm-0.10.1/src/engine/cmds.c:360:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char c = cur->name[strlen(cur->name) - 1];
data/vifm-0.10.1/src/engine/cmds.c:563:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cmd != NULL && strncmp(name, cmd->name, strlen(name)) != 0)
data/vifm-0.10.1/src/engine/cmds.c:696:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "!");
data/vifm-0.10.1/src/engine/cmds.c:706:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cmd, len);
data/vifm-0.10.1/src/engine/cmds.c:721:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cur->name, buf_len);
data/vifm-0.10.1/src/engine/cmds.c:726:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur->type == USER_CMD && cur->name[strlen(cur->name) - 1] == *t)
data/vifm-0.10.1/src/engine/cmds.c:728:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cur->name, buf_len);
data/vifm-0.10.1/src/engine/cmds.c:735:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cur->name, buf_len);
data/vifm-0.10.1/src/engine/cmds.c:808:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd_name);
data/vifm-0.10.1/src/engine/cmds.c:842:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen(cmds[i].name) + 1];
data/vifm-0.10.1/src/engine/cmds.c:846:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_len = strlen(buf);
data/vifm-0.10.1/src/engine/cmds.c:847:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
short_len = strlen(cmds[i].abbr);
data/vifm-0.10.1/src/engine/cmds.c:896:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(name, "command", strlen(name)) == 0)
data/vifm-0.10.1/src/engine/cmds.c:982:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmd_name);
data/vifm-0.10.1/src/engine/cmds.c:1078:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cmd, len);
data/vifm-0.10.1/src/engine/cmds.c:1113:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_name[strlen(cmd_name) - 1] = '\0';
data/vifm-0.10.1/src/engine/cmds.c:1219:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmdstr);
data/vifm-0.10.1/src/engine/cmds.c:1427:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(beginning);
data/vifm-0.10.1/src/engine/cmds.c:1442:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
content_len = strlen(content);
data/vifm-0.10.1/src/engine/cmds.c:1444:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_size = content_len + 1 + strlen(cur->name) + 10 + strlen(cur->cmd) + 1;
data/vifm-0.10.1/src/engine/cmds.c:1444:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_size = content_len + 1 + strlen(cur->name) + 10 + strlen(cur->cmd) + 1;
data/vifm-0.10.1/src/engine/completion.c:193:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t lena = strlen(stra);
data/vifm-0.10.1/src/engine/completion.c:194:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t lenb = strlen(strb);
data/vifm-0.10.1/src/engine/functions.c:138:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/vifm-0.10.1/src/engine/keys.c:781:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t buf[16 + wcslen(rhs) + 1 + wcslen(left_keys) + 1];
data/vifm-0.10.1/src/engine/keys.c:781:38: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t buf[16 + wcslen(rhs) + 1 + wcslen(left_keys) + 1];
data/vifm-0.10.1/src/engine/keys.c:790:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vifm_swprintf(buf + wcslen(buf), ARRAY_LEN(buf) - wcslen(buf), L"%d",
data/vifm-0.10.1/src/engine/keys.c:790:54: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vifm_swprintf(buf + wcslen(buf), ARRAY_LEN(buf) - wcslen(buf), L"%d",
data/vifm-0.10.1/src/engine/keys.c:1332:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = wcslen(prefix);
data/vifm-0.10.1/src/engine/keys.c:1361:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = wcslen(prefix);
data/vifm-0.10.1/src/engine/options.c:239:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert((size_t)full->val_count == 1U + strlen(full->vals[0][0]) &&
data/vifm-0.10.1/src/engine/options.c:792:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(valid_len != strlen(value))
data/vifm-0.10.1/src/engine/options.c:871:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(valid_len != strlen(value))
data/vifm-0.10.1/src/engine/options.c:885:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(opt->val.str_val);
data/vifm-0.10.1/src/engine/options.c:1109:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(opt->val.str_val) <= (size_t)opt->val_count &&
data/vifm-0.10.1/src/engine/options.c:1173:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t old_len = (old == NULL ? 0 : strlen(old));
data/vifm-0.10.1/src/engine/options.c:1174:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new = realloc(old, old_len + 1 + strlen(value) + 1);
data/vifm-0.10.1/src/engine/options.c:1179:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new, "");
data/vifm-0.10.1/src/engine/options.c:1181:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new, ",");
data/vifm-0.10.1/src/engine/options.c:1200:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = old + strlen(old);
data/vifm-0.10.1/src/engine/options.c:1207:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(old, p + 1, strlen(p + 1) + 1);
data/vifm-0.10.1/src/engine/options.c:1294:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = buf + strlen(buf);
data/vifm-0.10.1/src/engine/options.c:1342:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(last_opt) != (size_t)(args - *start))
data/vifm-0.10.1/src/engine/options.c:1375:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(last_opt, last_opt + 2, strlen(last_opt) - 2 + 1);
data/vifm-0.10.1/src/engine/options.c:1381:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(last_opt, last_opt + 3, strlen(last_opt) - 3 + 1);
data/vifm-0.10.1/src/engine/options.c:1431:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*argsp = args + strlen(args);
data/vifm-0.10.1/src/engine/options.c:1558:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(buf);
data/vifm-0.10.1/src/engine/options.c:1625:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(beginning);
data/vifm-0.10.1/src/engine/options.c:1652:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(beginning);
data/vifm-0.10.1/src/engine/parsing.c:243:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_position += strlen(last_position);
data/vifm-0.10.1/src/engine/parsing.c:566:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res_len += strlen(res + res_len);
data/vifm-0.10.1/src/engine/parsing.c:1278:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/vifm-0.10.1/src/engine/parsing.c:1493:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_token.str, start, *in - start);
data/vifm-0.10.1/src/engine/text_buffer.c:125:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(&tb->data[tb->len++], "\n");
data/vifm-0.10.1/src/engine/variables.c:485:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = realloc(record->val, strlen(record->val) + strlen(val) + 1);
data/vifm-0.10.1/src/engine/variables.c:485:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = realloc(record->val, strlen(record->val) + strlen(val) + 1);
data/vifm-0.10.1/src/engine/variables.c:760:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(var);
data/vifm-0.10.1/src/engine/variables.c:785:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(var);
data/vifm-0.10.1/src/event_loop.c:219:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(wcslen(input_buf) - counter + 1)*sizeof(wchar_t));
data/vifm-0.10.1/src/event_loop.c:242:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(wcslen(input_buf) - counter + 1)*sizeof(wchar_t));
data/vifm-0.10.1/src/filelist.c:1626:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strnoscmp(view->curr_dir, cfg.fuse_home, strlen(cfg.fuse_home)) == 0 &&
data/vifm-0.10.1/src/filelist.c:3018:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "/%s", arg + 1);
data/vifm-0.10.1/src/filelist.c:3432:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(path) >= strlen(root_path) && "Path is too short.");
data/vifm-0.10.1/src/filelist.c:3432:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(path) >= strlen(root_path) && "Path is too short.");
data/vifm-0.10.1/src/filelist.c:3434:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path += strlen(root_path);
data/vifm-0.10.1/src/filelist.c:3587:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t root_len = strlen(root);
data/vifm-0.10.1/src/filename_modifiers.c:146:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/filename_modifiers.c:155:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t home_len = strlen(cfg.home_dir);
data/vifm-0.10.1/src/filename_modifiers.c:170:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(curr_view->curr_dir);
data/vifm-0.10.1/src/filename_modifiers.c:249:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buf, ext_pos, strlen(ext_pos) + 1);
data/vifm-0.10.1/src/filename_modifiers.c:302:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = strlen(str);
data/vifm-0.10.1/src/flist_hist.c:256:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(view->history[i].dir) < 1)
data/vifm-0.10.1/src/flist_hist.c:371:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strchr(view->last_dir + strlen(view->curr_dir) + 1, '/') == NULL)
data/vifm-0.10.1/src/flist_hist.c:376:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *const dir_name = view->last_dir + strlen(view->curr_dir) + 1U;
data/vifm-0.10.1/src/flist_pos.c:609:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (ext == NULL) ? (name + strlen(name)) : (ext + 1);
data/vifm-0.10.1/src/fops_common.c:430:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy_str(pretty, pretty_size, skip_char(path + strlen(base_dir), '/'));
data/vifm-0.10.1/src/fops_common.c:659:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char msg[strlen(text) + 32];
data/vifm-0.10.1/src/fops_common.c:745:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
saved_umask = umask(~0600);
data/vifm-0.10.1/src/fops_common.c:748:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void)umask(saved_umask);
data/vifm-0.10.1/src/fops_common.c:753:8: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void)umask(saved_umask);
data/vifm-0.10.1/src/fops_common.c:931:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/vifm-0.10.1/src/fops_common.c:936:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/fops_common.c:942:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, " to ", COMMAND_GROUP_INFO_LEN - len - 1);
data/vifm-0.10.1/src/fops_common.c:943:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/fops_common.c:944:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, custom_fname, COMMAND_GROUP_INFO_LEN - len - 1);
data/vifm-0.10.1/src/fops_common.c:945:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/fops_common.c:955:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, ", ", COMMAND_GROUP_INFO_LEN - len - 1);
data/vifm-0.10.1/src/fops_common.c:956:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/fops_common.c:958:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, fname, COMMAND_GROUP_INFO_LEN - len - 1);
data/vifm-0.10.1/src/fops_cpmv.c:422:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(undo_msg + strlen(undo_msg), undo_msg_len - strlen(undo_msg),
data/vifm-0.10.1/src/fops_cpmv.c:422:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(undo_msg + strlen(undo_msg), undo_msg_len - strlen(undo_msg),
data/vifm-0.10.1/src/fops_misc.c:788:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(result);
data/vifm-0.10.1/src/fops_misc.c:1001:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/fops_misc.c:1005:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/vifm-0.10.1/src/fops_put.c:137:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
task_desc_len = strlen(task_desc);
data/vifm-0.10.1/src/fops_put.c:154:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
task_desc_len = strlen(task_desc);
data/vifm-0.10.1/src/fops_put.c:734:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/vifm-0.10.1/src/fops_rename.c:73:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char filename[strlen(curr->name) + 1];
data/vifm-0.10.1/src/fops_rename.c:110:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char new[strlen(new_name) + 1 + strlen(rename_file_ext) + 1 + 1];
data/vifm-0.10.1/src/fops_rename.c:110:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char new[strlen(new_name) + 1 + strlen(rename_file_ext) + 1 + 1];
data/vifm-0.10.1/src/fops_rename.c:268:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(path[strlen(path) - 1] != '/')
data/vifm-0.10.1/src/fops_rename.c:301:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
undo_msg_len = strlen(undo_msg);
data/vifm-0.10.1/src/fops_rename.c:307:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(undo_msg, ", ", sizeof(undo_msg) - undo_msg_len - 1U);
data/vifm-0.10.1/src/fops_rename.c:308:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
undo_msg_len = strlen(undo_msg);
data/vifm-0.10.1/src/fops_rename.c:312:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
undo_msg_len += strlen(undo_msg + undo_msg_len);
data/vifm-0.10.1/src/fops_rename.c:760:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(from) == strlen(to) && "Lengths don't match.");
data/vifm-0.10.1/src/fops_rename.c:760:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(from) == strlen(to) && "Lengths don't match.");
data/vifm-0.10.1/src/int/desktop.c:155:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/vifm-0.10.1/src/int/desktop.c:161:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/vifm-0.10.1/src/int/fuse.c:389:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_pos += strlen(buf_pos);
data/vifm-0.10.1/src/int/fuse.c:394:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_pos += strlen(buf_pos);
data/vifm-0.10.1/src/int/fuse.c:399:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_pos += strlen(buf_pos);
data/vifm-0.10.1/src/int/fuse.c:518:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(runner->mount_point);
data/vifm-0.10.1/src/int/fuse.c:675:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char no_slash[strlen(mount_point) + 1];
data/vifm-0.10.1/src/int/fuse.c:699:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file += strlen(runner->source_file_dir) + 1;
data/vifm-0.10.1/src/int/fuse.c:735:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t new_len = strlen(string) - prefix_len;
data/vifm-0.10.1/src/int/path_env.c:142:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_path = malloc(strlen(path) + 1 + strlen(old_path) + 1);
data/vifm-0.10.1/src/int/path_env.c:142:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_path = malloc(strlen(path) + 1 + strlen(old_path) + 1);
data/vifm-0.10.1/src/int/path_env.c:197:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p + strlen(p);
data/vifm-0.10.1/src/int/vim.c:212:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/vifm-0.10.1/src/io/ior.c:365:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rel_part = full_path + strlen(cp_args->arg1.src);
data/vifm-0.10.1/src/ipc.c:332:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/vifm-0.10.1/src/ipc.c:488:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pkg += strlen(pkg) + 1;
data/vifm-0.10.1/src/ipc.c:618:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(MAX_USEC/MAX_REPEATS);
data/vifm-0.10.1/src/ipc.c:651:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(pkg + len) + 1;
data/vifm-0.10.1/src/ipc.c:856:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name + strlen(PREFIX));
data/vifm-0.10.1/src/macros.c:152:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len = strlen(command);
data/vifm-0.10.1/src/macros.c:169:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(expanded, command, x);
data/vifm-0.10.1/src/macros.c:171:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:194:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:203:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:208:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:213:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:218:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:223:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:228:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:233:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:278:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:298:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:306:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:349:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(expanded, command + y, x - y);
data/vifm-0.10.1/src/macros.c:350:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:377:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t old_len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:599:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(expanded);
data/vifm-0.10.1/src/macros.c:601:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = realloc(expanded, len + strlen(str) + 1);
data/vifm-0.10.1/src/menus/bmarks_menu.c:71:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(line);
data/vifm-0.10.1/src/menus/commands_menu.c:64:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t cmdname_len = strlen(list[m.len]);
data/vifm-0.10.1/src/menus/filetypes_menu.c:254:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = MAX(max_len, (int)strlen(records->list[i].description));
data/vifm-0.10.1/src/menus/jobs_menu.c:69:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char item_buf[sizeof(info_buf) + strlen(p->cmd) + 1024];
data/vifm-0.10.1/src/menus/map_menu.c:61:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = wcslen(prefix);
data/vifm-0.10.1/src/menus/menus.c:520:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(str);
data/vifm-0.10.1/src/menus/menus.c:636:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t expanded_line_len = (strlen(line) - tab_count) + extra_line_len;
data/vifm-0.10.1/src/modes/cmdline.c:709:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_stat.index = wcslen(cmd);
data/vifm-0.10.1/src/modes/cmdline.c:735:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(input_stat.prompt, prompt, ARRAY_LEN(input_stat.prompt));
data/vifm-0.10.1/src/modes/cmdline.c:1145:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l -= strlen(items[*last_pos].text);
data/vifm-0.10.1/src/modes/cmdline.c:1155:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len -= strlen(items[i].text);
data/vifm-0.10.1/src/modes/cmdline.c:1561:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_stat.len = wcslen(input_stat.line);
data/vifm-0.10.1/src/modes/cmdline.c:1936:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped = commands_escape_for_insertion(mb_input, strlen(mb_input), str);
data/vifm-0.10.1/src/modes/cmdline.c:2108:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_stat.dot_len = wcslen(completion);
data/vifm-0.10.1/src/modes/cmdline.c:2119:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = wcslen(str);
data/vifm-0.10.1/src/modes/cmdline.c:2240:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat->len = wcslen(wide_new);
data/vifm-0.10.1/src/modes/cmdline.c:2525:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_mb + strlen(line_mb));
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:401:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t perm_str_len = strlen(perm_str);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:411:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perm_str_len += strlen(perm_str + perm_str_len);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:445:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perm_str_len += strlen(perm_str + perm_str_len);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:447:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
perm_str[strlen(perm_str) - 1] = '\0'; /* Remove last comma (','). */
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:461:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(undo_msg);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:470:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(undo_msg + len, ", ", sizeof(undo_msg) - len - 1);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:471:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(undo_msg + len);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:473:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(undo_msg + len, entry->name, sizeof(undo_msg) - len - 1);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_nix.c:474:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(undo_msg + len);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:397:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(undo_msg);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:406:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(undo_msg + len, ", ", sizeof(undo_msg) - len - 1);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:407:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(undo_msg + len);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:409:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(undo_msg + len, entry->name, sizeof(undo_msg) - len - 1);
data/vifm-0.10.1/src/modes/dialogs/attr_dialog_win.c:410:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(undo_msg + len);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:244:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message += strlen(portion);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:505:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:568:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(error_win, 0, (w - strlen(title) - 2)/2, " %s ", title);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:665:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msg_len = strlen(msg);
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:703:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) + strlen(linebuf) + 1 >= sizeof(buf))
data/vifm-0.10.1/src/modes/dialogs/msg_dialog.c:703:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) + strlen(linebuf) + 1 >= sizeof(buf))
data/vifm-0.10.1/src/modes/file_info.c:214:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int max_width = getmaxx(menu_win) - strlen(label) - 2;
data/vifm-0.10.1/src/modes/file_info.c:297:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(x > 9 && strlen(buf) > (size_t)(x - 9))
data/vifm-0.10.1/src/modes/view.c:1124:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/vifm-0.10.1/src/ops.c:363:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = wcslen(utf16_path);
data/vifm-0.10.1/src/ops.c:983:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (ops->errors == NULL) ? 0U : strlen(ops->errors);
data/vifm-0.10.1/src/ops.c:1059:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char dir_only[strlen(path) + 1];
data/vifm-0.10.1/src/opt_handlers.c:1049:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *const doubled = malloc(strlen(str)*2 + 1);
data/vifm-0.10.1/src/opt_handlers.c:1526:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt_val_len += strlen(opt_val + opt_val_len);
data/vifm-0.10.1/src/opt_handlers.c:1800:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return &item_name[strlen(name)];
data/vifm-0.10.1/src/opt_handlers.c:1823:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(prefix) > 8)
data/vifm-0.10.1/src/opt_handlers.c:1828:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(suffix) > 8)
data/vifm-0.10.1/src/registers.c:549:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_register_sizes[i] += strlen(registers[i].files[j]) + 1;
data/vifm-0.10.1/src/registers.c:676:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t entry_len = strlen(registers[reg_id].files[i]) + 1;
data/vifm-0.10.1/src/registers.c:738:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t curlen = strlen(curstrptr) + 1;
data/vifm-0.10.1/src/running.c:538:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len = strlen(prog_cmd)) == 0)
data/vifm-0.10.1/src/running.c:631:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char spec[strlen(prog_spec) + 1U];
data/vifm-0.10.1/src/running.c:771:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char dir_name[strlen(view->curr_dir) + 1];
data/vifm-0.10.1/src/running.c:1040:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
title = skip_whitespace(visubcmd + strlen(vicmd) + 1);
data/vifm-0.10.1/src/running.c:1173:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(start);
data/vifm-0.10.1/src/running.c:1284:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = realloc(lines, len + 1 + strlen(buf) + 1);
data/vifm-0.10.1/src/status.c:142:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(stats->color_scheme, "");
data/vifm-0.10.1/src/trash.c:532:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msg);
data/vifm-0.10.1/src/trash.c:853:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(copy);
data/vifm-0.10.1/src/ui/color_scheme.c:1009:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/vifm-0.10.1/src/ui/color_scheme.c:1049:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result[strlen(result) - 1] = '\0';
data/vifm-0.10.1/src/ui/escape.c:106:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(line);
data/vifm-0.10.1/src/ui/escape.c:185:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(processed, line, offset);
data/vifm-0.10.1/src/ui/escape.c:213:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(next, line + corrected, so_offset - corrected);
data/vifm-0.10.1/src/ui/escape.c:228:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(next, line + esc_pos, len);
data/vifm-0.10.1/src/ui/escape.c:328:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, sym, sym_width);
data/vifm-0.10.1/src/ui/escape.c:607:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*screen_width = strlen(name);
data/vifm-0.10.1/src/ui/escape.c:623:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/vifm-0.10.1/src/ui/fileview.c:1080:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char print_buf[strlen(buf) + 1];
data/vifm-0.10.1/src/ui/fileview.c:1126:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(print_buf, buf, extra_prefix);
data/vifm-0.10.1/src/ui/fileview.c:1199:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = get_last_path_component(full_column) + strlen(prefix);
data/vifm-0.10.1/src/ui/fileview.c:1205:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((size_t)entry->match_right > strlen(fname) - strlen(suffix))
data/vifm-0.10.1/src/ui/fileview.c:1205:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((size_t)entry->match_right > strlen(fname) - strlen(suffix))
data/vifm-0.10.1/src/ui/fileview.c:1209:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ro -= entry->match_right - (strlen(fname) - strlen(suffix));
data/vifm-0.10.1/src/ui/fileview.c:1209:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ro -= entry->match_right - (strlen(fname) - strlen(suffix));
data/vifm-0.10.1/src/ui/fileview.c:1228:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(align == AT_RIGHT && lo < (short int)strlen(full_column) - buf_len)
data/vifm-0.10.1/src/ui/quickview.c:286:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(path, "/", sizeof(path) - strlen(path) - 1);
data/vifm-0.10.1/src/ui/quickview.c:286:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, "/", sizeof(path) - strlen(path) - 1);
data/vifm-0.10.1/src/ui/quickview.c:346:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/vifm-0.10.1/src/ui/quickview.c:638:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s->prefix) + 1U + 1U < sizeof(s->prefix))
data/vifm-0.10.1/src/ui/quickview.c:640:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s->prefix, " ");
data/vifm-0.10.1/src/ui/quickview.c:655:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(s->prefix);
data/vifm-0.10.1/src/ui/quickview.c:847:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(fgetc(fp) != EOF);
data/vifm-0.10.1/src/ui/statusbar.c:287:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, msg, left);
data/vifm-0.10.1/src/ui/statusline.c:126:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(result.attrs) == utf8_strsw(result.line) && "Broken attrs!");
data/vifm-0.10.1/src/ui/statusline.c:203:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(id_buf, ":");
data/vifm-0.10.1/src/ui/statusline.c:204:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
get_gid_string(curr, 0, sizeof(id_buf) - strlen(id_buf),
data/vifm-0.10.1/src/ui/statusline.c:205:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_buf + strlen(id_buf));
data/vifm-0.10.1/src/ui/statusline.c:227:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwaddstr(stat_win, 0, x - (strlen(name_buf) + 2), name_buf);
data/vifm-0.10.1/src/ui/statusline.c:229:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_x + strlen(id_buf) + 1 > x - (strlen(name_buf) + 2))
data/vifm-0.10.1/src/ui/statusline.c:229:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_x + strlen(id_buf) + 1 > x - (strlen(name_buf) + 2))
data/vifm-0.10.1/src/ui/statusline.c:231:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_x + strlen(id_buf) + 1 > x - (strlen(name_buf) + 2))
data/vifm-0.10.1/src/ui/statusline.c:231:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_x + strlen(id_buf) + 1 > x - (strlen(name_buf) + 2))
data/vifm-0.10.1/src/ui/ui.c:189:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int x = getmaxx(ruler_win) - strlen(val);
data/vifm-0.10.1/src/ui/ui.c:1060:5: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(wcslen(str) > (size_t)getmaxx(input_win))
data/vifm-0.10.1/src/ui/ui.c:1062:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += wcslen(str) - getmaxx(input_win);
data/vifm-0.10.1/src/ui/ui.c:1387:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expanded);
data/vifm-0.10.1/src/ui/ui.c:1600:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char tmp_buf[strlen(entry->name) + 1];
data/vifm-0.10.1/src/ui/ui.c:1646:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_path, "/");
data/vifm-0.10.1/src/utils/env.c:49:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal != NULL)
data/vifm-0.10.1/src/utils/env.c:71:6: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal != NULL)
data/vifm-0.10.1/src/utils/env.c:187:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen(name) + 1 + strlen(value) + 1];
data/vifm-0.10.1/src/utils/env.c:187:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen(name) + 1 + strlen(value) + 1];
data/vifm-0.10.1/src/utils/file_streams.c:39:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t part_len = strlen(part_buf);
data/vifm-0.10.1/src/utils/file_streams.c:103:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(fp);
data/vifm-0.10.1/src/utils/file_streams.c:106:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c2 = fgetc(fp);
data/vifm-0.10.1/src/utils/file_streams.c:119:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/vifm-0.10.1/src/utils/file_streams.c:126:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/vifm-0.10.1/src/utils/file_streams.c:133:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/vifm-0.10.1/src/utils/filter.c:154:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(filter->raw);
data/vifm-0.10.1/src/utils/filter.c:213:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/vifm-0.10.1/src/utils/fs.c:98:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(path);
data/vifm-0.10.1/src/utils/fs.c:268:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cwd, ".");
data/vifm-0.10.1/src/utils/fs.c:314:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, link_target, buf_len);
data/vifm-0.10.1/src/utils/fs.c:396:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, t + 4, buf_len);
data/vifm-0.10.1/src/utils/fs.c:398:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, t, buf_len);
data/vifm-0.10.1/src/utils/fswatch_nix.c:137:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(w->fd, buf, BUF_LEN);
data/vifm-0.10.1/src/utils/globs.c:47:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_len = final_regex_len + 1 + 1 + strlen(regex) + 1;
data/vifm-0.10.1/src/utils/matcher.c:142:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_path = (expr[1] == '{' && expr[strlen(expr) - 2] == '}');
data/vifm-0.10.1/src/utils/matcher.c:222:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->raw[strlen(m->raw) - strip] = '\0';
data/vifm-0.10.1/src/utils/matcher.c:255:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flags = (flags == NULL) ? (m->raw + strlen(m->raw)) : (flags + 1);
data/vifm-0.10.1/src/utils/matchers.c:382:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/vifm-0.10.1/src/utils/matchers.c:397:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/vifm-0.10.1/src/utils/matchers.c:406:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/vifm-0.10.1/src/utils/matchers.c:410:1: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch:
data/vifm-0.10.1/src/utils/matchers.c:429:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/vifm-0.10.1/src/utils/matchers.c:439:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/vifm-0.10.1/src/utils/matchers.c:444:8: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
goto mismatch;
data/vifm-0.10.1/src/utils/matchers.c:448:1: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch:
data/vifm-0.10.1/src/utils/path.c:62:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/vifm-0.10.1/src/utils/path.c:76:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str[0] != '\0' && str[strlen(str) - 1] == '/';
data/vifm-0.10.1/src/utils/path.c:82:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(prefix);
data/vifm-0.10.1/src/utils/path.c:104:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char s_can[strlen(s) + 8];
data/vifm-0.10.1/src/utils/path.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char t_can[strlen(t) + 8];
data/vifm-0.10.1/src/utils/path.c:277:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = path + strlen(path);
data/vifm-0.10.1/src/utils/path.c:279:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b = base + strlen(base);
data/vifm-0.10.1/src/utils/path.c:303:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonicalize_path(p, buf + strlen(buf), sizeof(buf) - strlen(buf));
data/vifm-0.10.1/src/utils/path.c:303:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonicalize_path(p, buf + strlen(buf), sizeof(buf) - strlen(buf));
data/vifm-0.10.1/src/utils/path.c:308:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, ".");
data/vifm-0.10.1/src/utils/path.c:365:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/vifm-0.10.1/src/utils/path.c:454:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cfg.home_dir) - 1;
data/vifm-0.10.1/src/utils/path.c:458:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(strcpy(buf, "~"), path + len, sizeof(buf) - strlen(buf) - 1);
data/vifm-0.10.1/src/utils/path.c:458:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strncat(strcpy(buf, "~"), path + len, sizeof(buf) - strlen(buf) - 1);
data/vifm-0.10.1/src/utils/path.c:458:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(strcpy(buf, "~"), path + len, sizeof(buf) - strlen(buf) - 1);
data/vifm-0.10.1/src/utils/path.c:517:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = path + strlen(path);
data/vifm-0.10.1/src/utils/path.c:602:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return is_unc_path(path) || (strlen(path) >= 2 && path[1] == ':' &&
data/vifm-0.10.1/src/utils/path.c:616:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(path, "/");
data/vifm-0.10.1/src/utils/path.c:619:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/vifm-0.10.1/src/utils/path.c:676:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return path + strlen(path);
data/vifm-0.10.1/src/utils/path.c:696:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(path);
data/vifm-0.10.1/src/utils/path.c:716:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char *)path + strlen(path);
data/vifm-0.10.1/src/utils/str.c:55:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t last_char_pos = strlen(str) - 1;
data/vifm-0.10.1/src/utils/str.c:96:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = reallocarray(NULL, strlen(s) + 1U, sizeof(*w));
data/vifm-0.10.1/src/utils/str.c:132:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = wcslen(ws) + 1;
data/vifm-0.10.1/src/utils/str.c:138:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(result, ws, len);
data/vifm-0.10.1/src/utils/str.c:145:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen(prefix);
data/vifm-0.10.1/src/utils/str.c:152:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen(prefix);
data/vifm-0.10.1/src/utils/str.c:166:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - strlen(suffix)] = '\0';
data/vifm-0.10.1/src/utils/str.c:166:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - strlen(suffix)] = '\0';
data/vifm-0.10.1/src/utils/str.c:181:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str_len = strlen(str);
data/vifm-0.10.1/src/utils/str.c:182:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t suffix_len = strlen(suffix);
data/vifm-0.10.1/src/utils/str.c:194:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/vifm-0.10.1/src/utils/str.c:394:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = str + strlen(str);
data/vifm-0.10.1/src/utils/str.c:403:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (result == NULL) ? (str + strlen(str)) : (result + 1);
data/vifm-0.10.1/src/utils/str.c:458:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen(prefix);
data/vifm-0.10.1/src/utils/str.c:490:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t suffix_len = strlen(suffix);
data/vifm-0.10.1/src/utils/str.c:516:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len += strlen(str + *len);
data/vifm-0.10.1/src/utils/str.c:523:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/vifm-0.10.1/src/utils/str.c:609:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t separator_len = strlen(separator);
data/vifm-0.10.1/src/utils/str.c:611:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str);
data/vifm-0.10.1/src/utils/str.c:693:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/vifm-0.10.1/src/utils/str.c:783:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, line, char_width);
data/vifm-0.10.1/src/utils/str.c:811:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t with_len = strlen(with);
data/vifm-0.10.1/src/utils/str.c:818:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new + *len, with, with_len + 1);
data/vifm-0.10.1/src/utils/str.c:926:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(str);
data/vifm-0.10.1/src/utils/str.c:943:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*state = (end == NULL) ? (str + strlen(str)) : (end + 1);
data/vifm-0.10.1/src/utils/str.c:988:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = str + strlen(str);
data/vifm-0.10.1/src/utils/str.c:1098:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char haystack_us[strlen(haystack) + 1];
data/vifm-0.10.1/src/utils/str.c:1099:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char needle_us[strlen(needle) + 1];
data/vifm-0.10.1/src/utils/string_array.c:33:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static char * read_whole_file(const char filepath[], size_t *read);
data/vifm-0.10.1/src/utils/string_array.c:34:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static char * read_seekable_stream(FILE *fp, size_t *read);
data/vifm-0.10.1/src/utils/string_array.c:205:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_whole_file(const char filepath[], size_t *read)
data/vifm-0.10.1/src/utils/string_array.c:214:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
content = read_seekable_stream(fp, read);
data/vifm-0.10.1/src/utils/string_array.c:240:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
null = (null_sep_heuristic && strlen(text) != text_len);
data/vifm-0.10.1/src/utils/string_array.c:245:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_nonseekable_stream(FILE *fp, size_t *read, progress_cb cb, const void *arg)
data/vifm-0.10.1/src/utils/string_array.c:298:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_seekable_stream(FILE *fp, size_t *read)
data/vifm-0.10.1/src/utils/string_array.h:102:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char * read_nonseekable_stream(FILE *fp, size_t *read, progress_cb cb,
data/vifm-0.10.1/src/utils/utf8.c:89:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length_left = strlen(str);
data/vifm-0.10.1/src/utils/utf8.c:109:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length_left = strlen(str);
data/vifm-0.10.1/src/utils/utf8.c:270:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(utf8);
data/vifm-0.10.1/src/utils/utf8.c:279:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(utf8);
data/vifm-0.10.1/src/utils/utf8.c:290:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return MultiByteToWideChar(CP_UTF8, 0, utf8, strlen(utf8), NULL, 0);
data/vifm-0.10.1/src/utils/utf8.c:296:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = wcslen(utf16);
data/vifm-0.10.1/src/utils/utils.c:357:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(unique);
data/vifm-0.10.1/src/utils/utils.c:389:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = line + strlen(line);
data/vifm-0.10.1/src/utils/utils.c:419:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(quoted);
data/vifm-0.10.1/src/utils/utils.c:458:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/vifm-0.10.1/src/utils/utils.c:490:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/vifm-0.10.1/src/utils/utils.c:635:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t bufs_len = strlen(cwd) + 1U + strlen(spec) + 1U + 1U;
data/vifm-0.10.1/src/utils/utils.c:635:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t bufs_len = strlen(cwd) + 1U + strlen(spec) + 1U + 1U;
data/vifm-0.10.1/src/utils/utils.c:667:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path, spec, colon - spec);
data/vifm-0.10.1/src/utils/utils.c:680:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path_buf, spec, colon - spec);
data/vifm-0.10.1/src/utils/utils_nix.c:338:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t npieces = DIV_ROUND_UP(strlen(cmd), safe_arg_len);
data/vifm-0.10.1/src/utils/utils_nix.c:517:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t new_len = strlen(entry->mnt_dir);
data/vifm-0.10.1/src/utils/utils_nix.c:1142:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name += strlen(name) + 1U;
data/vifm-0.10.1/src/utils/utils_win.c:198:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen(cfg.shell) + 5 + strlen(cmd)*4 + 1 + 1];
data/vifm-0.10.1/src/utils/utils_win.c:198:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen(cfg.shell) + 5 + strlen(cmd)*4 + 1 + 1];
data/vifm-0.10.1/src/utils/utils_win.c:213:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = buf + strlen(buf);
data/vifm-0.10.1/src/utils/utils_win.c:224:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "'");
data/vifm-0.10.1/src/utils/utils_win.c:306:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fp) != 'M' || fgetc(fp) != 'Z')
data/vifm-0.10.1/src/utils/utils_win.c:306:25: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fp) != 'M' || fgetc(fp) != 'Z')
data/vifm-0.10.1/src/utils/utils_win.c:389:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "A");
data/vifm-0.10.1/src/utils/utils_win.c:391:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "H");
data/vifm-0.10.1/src/utils/utils_win.c:393:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "I");
data/vifm-0.10.1/src/utils/utils_win.c:395:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "R");
data/vifm-0.10.1/src/utils/utils_win.c:397:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "S");
data/vifm-0.10.1/src/utils/utils_win.c:486:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(path_buf);
data/vifm-0.10.1/tests/column_view/align.c:42:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(print_buffer + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/column_view/align.c:42:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(print_buffer + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/column_view/cropping.c:40:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(print_buffer + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/column_view/cropping.c:40:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(print_buffer + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/column_view/utf8.c:53:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(print_buffer +
data/vifm-0.10.1/tests/column_view/utf8.c:54:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8_nstrsnlen(print_buffer, offset), buf, strlen(buf));
data/vifm-0.10.1/tests/column_view/width.c:36:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(print_buffer + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/column_view/width.c:36:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(print_buffer + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/fileops/chmod.c:36:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(0000);
data/vifm-0.10.1/tests/fileops/chmod.c:41:8: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void)umask(mask);
data/vifm-0.10.1/tests/fileops/generic.c:33:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, ".");
data/vifm-0.10.1/tests/fileops/generic.c:44:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rwin.curr_dir, ".");
data/vifm-0.10.1/tests/fileops/size.c:73:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2000);
data/vifm-0.10.1/tests/fileops/utils.c:63:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5000);
data/vifm-0.10.1/tests/iop/utils.c:71:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a_data = fgetc(a_file);
data/vifm-0.10.1/tests/iop/utils.c:72:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b_data = fgetc(b_file);
data/vifm-0.10.1/tests/misc/bmarks.c:138:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert_false(path[strlen(path) - 1] == '~');
data/vifm-0.10.1/tests/misc/cmdline_completion.c:67:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stats.index = wcslen(stats.line);
data/vifm-0.10.1/tests/misc/cmdline_completion.c:174:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stats.len = wcslen(stats.line);
data/vifm-0.10.1/tests/misc/commands_misc.c:641:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(zeroes + strlen(zeroes), '0', sizeof(zeroes) - (strlen(zeroes) + 1U));
data/vifm-0.10.1/tests/misc/commands_misc.c:641:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(zeroes + strlen(zeroes), '0', sizeof(zeroes) - (strlen(zeroes) + 1U));
data/vifm-0.10.1/tests/misc/diff.c:235:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a_data = fgetc(a_file);
data/vifm-0.10.1/tests/misc/diff.c:236:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b_data = fgetc(b_file);
data/vifm-0.10.1/tests/misc/extract_abbrev.c:98:14: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stats.len = wcslen(str);
data/vifm-0.10.1/tests/misc/flist_custom.c:763:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((cdt->line_hi_group == 1 ? buf1 : buf2) + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/misc/flist_custom.c:763:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy((cdt->line_hi_group == 1 ? buf1 : buf2) + offset, buf, strlen(buf));
data/vifm-0.10.1/tests/misc/fname_modif.c:162:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, "/");
data/vifm-0.10.1/tests/misc/integration.c:85:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, "/");
data/vifm-0.10.1/tests/misc/integration.c:131:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, "/");
data/vifm-0.10.1/tests/misc/leave_invalid_dir.c:17:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, "");
data/vifm-0.10.1/tests/misc/leave_invalid_dir.c:20:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lwin.curr_dir) + 1));
data/vifm-0.10.1/tests/misc/leave_invalid_dir.c:29:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lwin.curr_dir) + 1));
data/vifm-0.10.1/tests/misc/leave_invalid_dir.c:38:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lwin.curr_dir) + 1));
data/vifm-0.10.1/tests/misc/marks.c:32:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int bookmark_count = strlen(valid_marks);
data/vifm-0.10.1/tests/misc/menus.c:42:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, ".");
data/vifm-0.10.1/tests/misc/ops.c:32:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lwin.curr_dir, ".");
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:151:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lnbuf[strlen(lnbuf) - 1] = '\0';
data/vifm-0.10.1/tests/misc/registers_shared_memory.c:242:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(result + patsz + 6, "\n"); /* add \n and 0 terminator */
data/vifm-0.10.1/tests/misc/utils.c:363:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5000);
data/vifm-0.10.1/tests/parsing/and_or.c:87:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(expr + strlen(expr), '3', sizeof(expr) - strlen(expr));
data/vifm-0.10.1/tests/parsing/and_or.c:87:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(expr + strlen(expr), '3', sizeof(expr) - strlen(expr));
data/vifm-0.10.1/tests/parsing/and_or.c:100:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(expr + strlen(expr), '3', sizeof(expr) - strlen(expr));
data/vifm-0.10.1/tests/parsing/and_or.c:100:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(expr + strlen(expr), '3', sizeof(expr) - strlen(expr));
data/vifm-0.10.1/tests/regs_shmem_app/regcmd.c:41:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lnbuf[strlen(lnbuf) - 1] = 0; /* replace \n by end of string */
data/vifm-0.10.1/tests/regs_shmem_app/regcmd.c:59:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(action) > 5 && action[0] == 's' &&
data/vifm-0.10.1/tests/stic/stic.c:113:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(s);
data/vifm-0.10.1/tests/stic/stic.c:175:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * file = path + strlen(path);
data/vifm-0.10.1/tests/stic/stic.c:402:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stic_simple_test_result(strcmp(expected, actual+(strlen(actual)-strlen(expected)))==0, s, function, file, line);
data/vifm-0.10.1/tests/stic/stic.c:402:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stic_simple_test_result(strcmp(expected, actual+(strlen(actual)-strlen(expected)))==0, s, function, file, line);
data/vifm-0.10.1/tests/stic/stic.c:409:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stic_simple_test_result(strncmp(expected, actual, strlen(expected))==0, s, function, file, line);
data/vifm-0.10.1/tests/stic/stic.c:509:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(stic_fixture_filter, fixture, strlen(stic_fixture_filter)) != 0) run = 0;
data/vifm-0.10.1/tests/stic/stic.c:513:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(stic_test_filter, test, strlen(stic_test_filter)) != 0) run = 0;
data/vifm-0.10.1/tests/stic/stic.c:557:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(s, '-', strlen(s));
data/vifm-0.10.1/tests/utils/parse_file_spec.c:84:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(test_data, "/");
data/vifm-0.10.1/tests/utils/parse_file_spec.c:101:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(test_data, "\\");
data/vifm-0.10.1/tests/utils/parse_file_spec.c:106:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(test_data, "/");
data/vifm-0.10.1/tests/utils/utf8.c:21:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t expected_len = strlen(utf8_str);
data/vifm-0.10.1/tests/utils/utf8.c:41:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t expected_len = strlen(utf8_str) - strlen(utf8_end);
data/vifm-0.10.1/tests/utils/utf8.c:41:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t expected_len = strlen(utf8_str) - strlen(utf8_end);
data/vifm-0.10.1/tests/utils/utf8.c:52:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t expected_len = strlen(utf8_str) - strlen(utf8_end);
data/vifm-0.10.1/tests/utils/utf8.c:52:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t expected_len = strlen(utf8_str) - strlen(utf8_end);
data/vifm-0.10.1/tests/utils/utf8.c:61:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
ANALYSIS SUMMARY:
Hits = 2129
Lines analyzed = 160867 in approximately 3.84 seconds (41916 lines/second)
Physical Source Lines of Code (SLOC) = 118249
Hits@level = [0] 727 [1] 501 [2] 1229 [3] 61 [4] 292 [5] 46
Hits@level+ = [0+] 2856 [1+] 2129 [2+] 1628 [3+] 399 [4+] 338 [5+] 46
Hits/KSLOC@level+ = [0+] 24.1524 [1+] 18.0044 [2+] 13.7676 [3+] 3.37424 [4+] 2.85838 [5+] 0.38901
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.