Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/charybdis-4.1.2/authd/authd.c
Examining data/charybdis-4.1.2/authd/authd.h
Examining data/charybdis-4.1.2/authd/dns.c
Examining data/charybdis-4.1.2/authd/dns.h
Examining data/charybdis-4.1.2/authd/getaddrinfo.c
Examining data/charybdis-4.1.2/authd/getaddrinfo.h
Examining data/charybdis-4.1.2/authd/getnameinfo.c
Examining data/charybdis-4.1.2/authd/getnameinfo.h
Examining data/charybdis-4.1.2/authd/notice.c
Examining data/charybdis-4.1.2/authd/notice.h
Examining data/charybdis-4.1.2/authd/provider.c
Examining data/charybdis-4.1.2/authd/provider.h
Examining data/charybdis-4.1.2/authd/providers/blacklist.c
Examining data/charybdis-4.1.2/authd/providers/ident.c
Examining data/charybdis-4.1.2/authd/providers/opm.c
Examining data/charybdis-4.1.2/authd/providers/rdns.c
Examining data/charybdis-4.1.2/authd/res.c
Examining data/charybdis-4.1.2/authd/res.h
Examining data/charybdis-4.1.2/authd/reslib.c
Examining data/charybdis-4.1.2/authd/reslib.h
Examining data/charybdis-4.1.2/authd/reslist.c
Examining data/charybdis-4.1.2/bandb/bandb.c
Examining data/charybdis-4.1.2/bandb/bantool.c
Examining data/charybdis-4.1.2/bandb/rsdb.h
Examining data/charybdis-4.1.2/bandb/rsdb_snprintf.c
Examining data/charybdis-4.1.2/bandb/rsdb_sqlite3.c
Examining data/charybdis-4.1.2/bandb/sqlite3.c
Examining data/charybdis-4.1.2/bandb/sqlite3.h
Examining data/charybdis-4.1.2/extensions/chantype_dummy.c
Examining data/charybdis-4.1.2/extensions/chm_adminonly.c
Examining data/charybdis-4.1.2/extensions/chm_insecure.c
Examining data/charybdis-4.1.2/extensions/chm_nonotice.c
Examining data/charybdis-4.1.2/extensions/chm_operonly.c
Examining data/charybdis-4.1.2/extensions/chm_operonly_compat.c
Examining data/charybdis-4.1.2/extensions/chm_operpeace.c
Examining data/charybdis-4.1.2/extensions/chm_quietunreg_compat.c
Examining data/charybdis-4.1.2/extensions/chm_sslonly.c
Examining data/charybdis-4.1.2/extensions/chm_sslonly_compat.c
Examining data/charybdis-4.1.2/extensions/createauthonly.c
Examining data/charybdis-4.1.2/extensions/createoperonly.c
Examining data/charybdis-4.1.2/extensions/example_module.c
Examining data/charybdis-4.1.2/extensions/extb_account.c
Examining data/charybdis-4.1.2/extensions/extb_canjoin.c
Examining data/charybdis-4.1.2/extensions/extb_channel.c
Examining data/charybdis-4.1.2/extensions/extb_combi.c
Examining data/charybdis-4.1.2/extensions/extb_extgecos.c
Examining data/charybdis-4.1.2/extensions/extb_hostmask.c
Examining data/charybdis-4.1.2/extensions/extb_oper.c
Examining data/charybdis-4.1.2/extensions/extb_realname.c
Examining data/charybdis-4.1.2/extensions/extb_server.c
Examining data/charybdis-4.1.2/extensions/extb_ssl.c
Examining data/charybdis-4.1.2/extensions/extb_usermode.c
Examining data/charybdis-4.1.2/extensions/force_user_invis.c
Examining data/charybdis-4.1.2/extensions/helpops.c
Examining data/charybdis-4.1.2/extensions/hide_uncommon_channels.c
Examining data/charybdis-4.1.2/extensions/hurt.c
Examining data/charybdis-4.1.2/extensions/ip_cloaking.c
Examining data/charybdis-4.1.2/extensions/ip_cloaking_3.0.c
Examining data/charybdis-4.1.2/extensions/ip_cloaking_4.0.c
Examining data/charybdis-4.1.2/extensions/ip_cloaking_old.c
Examining data/charybdis-4.1.2/extensions/m_adminwall.c
Examining data/charybdis-4.1.2/extensions/m_echotags.c
Examining data/charybdis-4.1.2/extensions/m_extendchans.c
Examining data/charybdis-4.1.2/extensions/m_findforwards.c
Examining data/charybdis-4.1.2/extensions/m_identify.c
Examining data/charybdis-4.1.2/extensions/m_locops.c
Examining data/charybdis-4.1.2/extensions/m_mkpasswd.c
Examining data/charybdis-4.1.2/extensions/m_ojoin.c
Examining data/charybdis-4.1.2/extensions/m_okick.c
Examining data/charybdis-4.1.2/extensions/m_omode.c
Examining data/charybdis-4.1.2/extensions/m_opme.c
Examining data/charybdis-4.1.2/extensions/m_remove.c
Examining data/charybdis-4.1.2/extensions/m_roleplay.c
Examining data/charybdis-4.1.2/extensions/m_sendbans.c
Examining data/charybdis-4.1.2/extensions/m_webirc.c
Examining data/charybdis-4.1.2/extensions/no_kill_services.c
Examining data/charybdis-4.1.2/extensions/no_locops.c
Examining data/charybdis-4.1.2/extensions/no_oper_invis.c
Examining data/charybdis-4.1.2/extensions/override.c
Examining data/charybdis-4.1.2/extensions/restrict-unauthenticated.c
Examining data/charybdis-4.1.2/extensions/sno_channelcreate.c
Examining data/charybdis-4.1.2/extensions/sno_farconnect.c
Examining data/charybdis-4.1.2/extensions/sno_globalkline.c
Examining data/charybdis-4.1.2/extensions/sno_globalnickchange.c
Examining data/charybdis-4.1.2/extensions/sno_globaloper.c
Examining data/charybdis-4.1.2/extensions/sno_whois.c
Examining data/charybdis-4.1.2/extensions/spy_admin_notice.c
Examining data/charybdis-4.1.2/extensions/spy_info_notice.c
Examining data/charybdis-4.1.2/extensions/spy_links_notice.c
Examining data/charybdis-4.1.2/extensions/spy_motd_notice.c
Examining data/charybdis-4.1.2/extensions/spy_stats_notice.c
Examining data/charybdis-4.1.2/extensions/spy_stats_p_notice.c
Examining data/charybdis-4.1.2/extensions/spy_trace_notice.c
Examining data/charybdis-4.1.2/extensions/umode_noctcp.c
Examining data/charybdis-4.1.2/include/authproc.h
Examining data/charybdis-4.1.2/include/bandbi.h
Examining data/charybdis-4.1.2/include/cache.h
Examining data/charybdis-4.1.2/include/capability.h
Examining data/charybdis-4.1.2/include/certfp.h
Examining data/charybdis-4.1.2/include/channel.h
Examining data/charybdis-4.1.2/include/chmode.h
Examining data/charybdis-4.1.2/include/class.h
Examining data/charybdis-4.1.2/include/client.h
Examining data/charybdis-4.1.2/include/defaults.h
Examining data/charybdis-4.1.2/include/dns.h
Examining data/charybdis-4.1.2/include/hash.h
Examining data/charybdis-4.1.2/include/hook.h
Examining data/charybdis-4.1.2/include/hostmask.h
Examining data/charybdis-4.1.2/include/inline/stringops.h
Examining data/charybdis-4.1.2/include/ircd.h
Examining data/charybdis-4.1.2/include/ircd_defs.h
Examining data/charybdis-4.1.2/include/ircd_getopt.h
Examining data/charybdis-4.1.2/include/ircd_linker.h
Examining data/charybdis-4.1.2/include/ircd_signal.h
Examining data/charybdis-4.1.2/include/listener.h
Examining data/charybdis-4.1.2/include/logger.h
Examining data/charybdis-4.1.2/include/m_info.h
Examining data/charybdis-4.1.2/include/match.h
Examining data/charybdis-4.1.2/include/messages.h
Examining data/charybdis-4.1.2/include/modules.h
Examining data/charybdis-4.1.2/include/monitor.h
Examining data/charybdis-4.1.2/include/msg.h
Examining data/charybdis-4.1.2/include/msgbuf.h
Examining data/charybdis-4.1.2/include/newconf.h
Examining data/charybdis-4.1.2/include/numeric.h
Examining data/charybdis-4.1.2/include/operhash.h
Examining data/charybdis-4.1.2/include/packet.h
Examining data/charybdis-4.1.2/include/parse.h
Examining data/charybdis-4.1.2/include/patchlevel.h
Examining data/charybdis-4.1.2/include/privilege.h
Examining data/charybdis-4.1.2/include/ratelimit.h
Examining data/charybdis-4.1.2/include/reject.h
Examining data/charybdis-4.1.2/include/restart.h
Examining data/charybdis-4.1.2/include/s_assert.h
Examining data/charybdis-4.1.2/include/s_conf.h
Examining data/charybdis-4.1.2/include/s_newconf.h
Examining data/charybdis-4.1.2/include/s_serv.h
Examining data/charybdis-4.1.2/include/s_stats.h
Examining data/charybdis-4.1.2/include/s_user.h
Examining data/charybdis-4.1.2/include/scache.h
Examining data/charybdis-4.1.2/include/send.h
Examining data/charybdis-4.1.2/include/snomask.h
Examining data/charybdis-4.1.2/include/sslproc.h
Examining data/charybdis-4.1.2/include/stdinc.h
Examining data/charybdis-4.1.2/include/substitution.h
Examining data/charybdis-4.1.2/include/supported.h
Examining data/charybdis-4.1.2/include/tgchange.h
Examining data/charybdis-4.1.2/include/whowas.h
Examining data/charybdis-4.1.2/include/wsproc.h
Examining data/charybdis-4.1.2/ircd/authproc.c
Examining data/charybdis-4.1.2/ircd/bandbi.c
Examining data/charybdis-4.1.2/ircd/cache.c
Examining data/charybdis-4.1.2/ircd/capability.c
Examining data/charybdis-4.1.2/ircd/channel.c
Examining data/charybdis-4.1.2/ircd/chmode.c
Examining data/charybdis-4.1.2/ircd/class.c
Examining data/charybdis-4.1.2/ircd/client.c
Examining data/charybdis-4.1.2/ircd/dns.c
Examining data/charybdis-4.1.2/ircd/extban.c
Examining data/charybdis-4.1.2/ircd/getopt.c
Examining data/charybdis-4.1.2/ircd/hash.c
Examining data/charybdis-4.1.2/ircd/hook.c
Examining data/charybdis-4.1.2/ircd/hostmask.c
Examining data/charybdis-4.1.2/ircd/ircd.c
Examining data/charybdis-4.1.2/ircd/ircd_signal.c
Examining data/charybdis-4.1.2/ircd/listener.c
Examining data/charybdis-4.1.2/ircd/logger.c
Examining data/charybdis-4.1.2/ircd/main.c
Examining data/charybdis-4.1.2/ircd/match.c
Examining data/charybdis-4.1.2/ircd/modules.c
Examining data/charybdis-4.1.2/ircd/monitor.c
Examining data/charybdis-4.1.2/ircd/msgbuf.c
Examining data/charybdis-4.1.2/ircd/newconf.c
Examining data/charybdis-4.1.2/ircd/operhash.c
Examining data/charybdis-4.1.2/ircd/packet.c
Examining data/charybdis-4.1.2/ircd/parse.c
Examining data/charybdis-4.1.2/ircd/privilege.c
Examining data/charybdis-4.1.2/ircd/ratelimit.c
Examining data/charybdis-4.1.2/ircd/reject.c
Examining data/charybdis-4.1.2/ircd/restart.c
Examining data/charybdis-4.1.2/ircd/s_conf.c
Examining data/charybdis-4.1.2/ircd/s_newconf.c
Examining data/charybdis-4.1.2/ircd/s_serv.c
Examining data/charybdis-4.1.2/ircd/s_user.c
Examining data/charybdis-4.1.2/ircd/scache.c
Examining data/charybdis-4.1.2/ircd/send.c
Examining data/charybdis-4.1.2/ircd/snomask.c
Examining data/charybdis-4.1.2/ircd/sslproc.c
Examining data/charybdis-4.1.2/ircd/substitution.c
Examining data/charybdis-4.1.2/ircd/supported.c
Examining data/charybdis-4.1.2/ircd/tgchange.c
Examining data/charybdis-4.1.2/ircd/whowas.c
Examining data/charybdis-4.1.2/ircd/wsproc.c
Examining data/charybdis-4.1.2/librb/include/arc4random.h
Examining data/charybdis-4.1.2/librb/include/commio-int.h
Examining data/charybdis-4.1.2/librb/include/commio-ssl.h
Examining data/charybdis-4.1.2/librb/include/event-int.h
Examining data/charybdis-4.1.2/librb/include/rb_balloc.h
Examining data/charybdis-4.1.2/librb/include/rb_commio.h
Examining data/charybdis-4.1.2/librb/include/rb_dictionary.h
Examining data/charybdis-4.1.2/librb/include/rb_event.h
Examining data/charybdis-4.1.2/librb/include/rb_helper.h
Examining data/charybdis-4.1.2/librb/include/rb_lib.h
Examining data/charybdis-4.1.2/librb/include/rb_linebuf.h
Examining data/charybdis-4.1.2/librb/include/rb_memory.h
Examining data/charybdis-4.1.2/librb/include/rb_patricia.h
Examining data/charybdis-4.1.2/librb/include/rb_radixtree.h
Examining data/charybdis-4.1.2/librb/include/rb_rawbuf.h
Examining data/charybdis-4.1.2/librb/include/rb_tools.h
Examining data/charybdis-4.1.2/librb/src/arc4random.c
Examining data/charybdis-4.1.2/librb/src/balloc.c
Examining data/charybdis-4.1.2/librb/src/commio.c
Examining data/charybdis-4.1.2/librb/src/crypt.c
Examining data/charybdis-4.1.2/librb/src/devpoll.c
Examining data/charybdis-4.1.2/librb/src/dictionary.c
Examining data/charybdis-4.1.2/librb/src/epoll.c
Examining data/charybdis-4.1.2/librb/src/event.c
Examining data/charybdis-4.1.2/librb/src/gnutls.c
Examining data/charybdis-4.1.2/librb/src/gnutls_ratbox.h
Examining data/charybdis-4.1.2/librb/src/helper.c
Examining data/charybdis-4.1.2/librb/src/kqueue.c
Examining data/charybdis-4.1.2/librb/src/linebuf.c
Examining data/charybdis-4.1.2/librb/src/mbedtls.c
Examining data/charybdis-4.1.2/librb/src/mbedtls_ratbox.h
Examining data/charybdis-4.1.2/librb/src/nossl.c
Examining data/charybdis-4.1.2/librb/src/openssl.c
Examining data/charybdis-4.1.2/librb/src/openssl_ratbox.h
Examining data/charybdis-4.1.2/librb/src/patricia.c
Examining data/charybdis-4.1.2/librb/src/poll.c
Examining data/charybdis-4.1.2/librb/src/ports.c
Examining data/charybdis-4.1.2/librb/src/radixtree.c
Examining data/charybdis-4.1.2/librb/src/rawbuf.c
Examining data/charybdis-4.1.2/librb/src/rb_lib.c
Examining data/charybdis-4.1.2/librb/src/rb_memory.c
Examining data/charybdis-4.1.2/librb/src/select.c
Examining data/charybdis-4.1.2/librb/src/sigio.c
Examining data/charybdis-4.1.2/librb/src/tools.c
Examining data/charybdis-4.1.2/librb/src/unix.c
Examining data/charybdis-4.1.2/librb/src/win32.c
Examining data/charybdis-4.1.2/modules/cap_account_tag.c
Examining data/charybdis-4.1.2/modules/cap_server_time.c
Examining data/charybdis-4.1.2/modules/chm_nocolour.c
Examining data/charybdis-4.1.2/modules/chm_noctcp.c
Examining data/charybdis-4.1.2/modules/core/m_ban.c
Examining data/charybdis-4.1.2/modules/core/m_die.c
Examining data/charybdis-4.1.2/modules/core/m_error.c
Examining data/charybdis-4.1.2/modules/core/m_join.c
Examining data/charybdis-4.1.2/modules/core/m_kick.c
Examining data/charybdis-4.1.2/modules/core/m_kill.c
Examining data/charybdis-4.1.2/modules/core/m_message.c
Examining data/charybdis-4.1.2/modules/core/m_mode.c
Examining data/charybdis-4.1.2/modules/core/m_modules.c
Examining data/charybdis-4.1.2/modules/core/m_nick.c
Examining data/charybdis-4.1.2/modules/core/m_part.c
Examining data/charybdis-4.1.2/modules/core/m_quit.c
Examining data/charybdis-4.1.2/modules/core/m_server.c
Examining data/charybdis-4.1.2/modules/core/m_squit.c
Examining data/charybdis-4.1.2/modules/m_accept.c
Examining data/charybdis-4.1.2/modules/m_admin.c
Examining data/charybdis-4.1.2/modules/m_alias.c
Examining data/charybdis-4.1.2/modules/m_away.c
Examining data/charybdis-4.1.2/modules/m_cap.c
Examining data/charybdis-4.1.2/modules/m_capab.c
Examining data/charybdis-4.1.2/modules/m_certfp.c
Examining data/charybdis-4.1.2/modules/m_challenge.c
Examining data/charybdis-4.1.2/modules/m_chghost.c
Examining data/charybdis-4.1.2/modules/m_close.c
Examining data/charybdis-4.1.2/modules/m_connect.c
Examining data/charybdis-4.1.2/modules/m_dline.c
Examining data/charybdis-4.1.2/modules/m_encap.c
Examining data/charybdis-4.1.2/modules/m_etrace.c
Examining data/charybdis-4.1.2/modules/m_grant.c
Examining data/charybdis-4.1.2/modules/m_help.c
Examining data/charybdis-4.1.2/modules/m_info.c
Examining data/charybdis-4.1.2/modules/m_invite.c
Examining data/charybdis-4.1.2/modules/m_ison.c
Examining data/charybdis-4.1.2/modules/m_kline.c
Examining data/charybdis-4.1.2/modules/m_knock.c
Examining data/charybdis-4.1.2/modules/m_links.c
Examining data/charybdis-4.1.2/modules/m_list.c
Examining data/charybdis-4.1.2/modules/m_lusers.c
Examining data/charybdis-4.1.2/modules/m_map.c
Examining data/charybdis-4.1.2/modules/m_monitor.c
Examining data/charybdis-4.1.2/modules/m_motd.c
Examining data/charybdis-4.1.2/modules/m_names.c
Examining data/charybdis-4.1.2/modules/m_oper.c
Examining data/charybdis-4.1.2/modules/m_operspy.c
Examining data/charybdis-4.1.2/modules/m_pass.c
Examining data/charybdis-4.1.2/modules/m_ping.c
Examining data/charybdis-4.1.2/modules/m_pong.c
Examining data/charybdis-4.1.2/modules/m_post.c
Examining data/charybdis-4.1.2/modules/m_privs.c
Examining data/charybdis-4.1.2/modules/m_rehash.c
Examining data/charybdis-4.1.2/modules/m_restart.c
Examining data/charybdis-4.1.2/modules/m_resv.c
Examining data/charybdis-4.1.2/modules/m_sasl.c
Examining data/charybdis-4.1.2/modules/m_scan.c
Examining data/charybdis-4.1.2/modules/m_services.c
Examining data/charybdis-4.1.2/modules/m_set.c
Examining data/charybdis-4.1.2/modules/m_signon.c
Examining data/charybdis-4.1.2/modules/m_snote.c
Examining data/charybdis-4.1.2/modules/m_starttls.c
Examining data/charybdis-4.1.2/modules/m_stats.c
Examining data/charybdis-4.1.2/modules/m_svinfo.c
Examining data/charybdis-4.1.2/modules/m_tb.c
Examining data/charybdis-4.1.2/modules/m_testline.c
Examining data/charybdis-4.1.2/modules/m_testmask.c
Examining data/charybdis-4.1.2/modules/m_tginfo.c
Examining data/charybdis-4.1.2/modules/m_time.c
Examining data/charybdis-4.1.2/modules/m_topic.c
Examining data/charybdis-4.1.2/modules/m_trace.c
Examining data/charybdis-4.1.2/modules/m_unreject.c
Examining data/charybdis-4.1.2/modules/m_user.c
Examining data/charybdis-4.1.2/modules/m_userhost.c
Examining data/charybdis-4.1.2/modules/m_users.c
Examining data/charybdis-4.1.2/modules/m_version.c
Examining data/charybdis-4.1.2/modules/m_wallops.c
Examining data/charybdis-4.1.2/modules/m_who.c
Examining data/charybdis-4.1.2/modules/m_whois.c
Examining data/charybdis-4.1.2/modules/m_whowas.c
Examining data/charybdis-4.1.2/modules/m_xline.c
Examining data/charybdis-4.1.2/modules/sno_routing.c
Examining data/charybdis-4.1.2/ssld/ssld.c
Examining data/charybdis-4.1.2/tests/client_util.c
Examining data/charybdis-4.1.2/tests/client_util.h
Examining data/charybdis-4.1.2/tests/ircd_util.c
Examining data/charybdis-4.1.2/tests/ircd_util.h
Examining data/charybdis-4.1.2/tests/msgbuf_parse1.c
Examining data/charybdis-4.1.2/tests/msgbuf_unparse1.c
Examining data/charybdis-4.1.2/tests/rb_dictionary1.c
Examining data/charybdis-4.1.2/tests/rb_snprintf_append1.c
Examining data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c
Examining data/charybdis-4.1.2/tests/runtests.c
Examining data/charybdis-4.1.2/tests/sasl_abort1.c
Examining data/charybdis-4.1.2/tests/send1.c
Examining data/charybdis-4.1.2/tests/serv_connect1.c
Examining data/charybdis-4.1.2/tests/substitution1.c
Examining data/charybdis-4.1.2/tests/tap/basic.c
Examining data/charybdis-4.1.2/tests/tap/basic.h
Examining data/charybdis-4.1.2/tests/tap/float.c
Examining data/charybdis-4.1.2/tests/tap/float.h
Examining data/charybdis-4.1.2/tests/tap/macros.h
Examining data/charybdis-4.1.2/tools/mkfingerprint.c
Examining data/charybdis-4.1.2/tools/mkpasswd.c
Examining data/charybdis-4.1.2/wsockd/sha1.c
Examining data/charybdis-4.1.2/wsockd/sha1.h
Examining data/charybdis-4.1.2/wsockd/wsockd.c
FINAL RESULTS:
data/charybdis-4.1.2/bandb/sqlite3.c:27998:42: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
{ "readlink", (sqlite3_syscall_ptr)readlink, 0 },
data/charybdis-4.1.2/librb/src/unix.c:175:6: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if (readlink("/proc/self/exe", path_buf, path_len) != -1)
data/charybdis-4.1.2/authd/notice.c:32:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/charybdis-4.1.2/authd/notice.c:46:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/charybdis-4.1.2/authd/notice.c:60:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/charybdis-4.1.2/authd/notice.c:74:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/charybdis-4.1.2/authd/provider.c:269:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/charybdis-4.1.2/authd/res.c:260:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hname + len, irc_domain);
data/charybdis-4.1.2/authd/reslist.c:95:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret += sprintf(ret, "%s,", fi->DnsServerList.IpAddress.String);
data/charybdis-4.1.2/authd/reslist.c:105:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ret += sprintf(ret, "%s,", ipAddr->IpAddress.String);
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:48:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), errstr, ap);
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:79:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(dbpath, W_OK))
data/charybdis-4.1.2/bandb/sqlite3.c:27872:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
{ "access", (sqlite3_syscall_ptr)access, 0 },
data/charybdis-4.1.2/bandb/sqlite3.c:44112:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define sqlite3DebugPrintf printf
data/charybdis-4.1.2/bandb/sqlite3.c:55830:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define TRACE(X) if(sqlite3BtreeTrace){printf X;fflush(stdout);}
data/charybdis-4.1.2/bandb/sqlite3.c:69458:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(pOut, zFormat1, pc,
data/charybdis-4.1.2/bandb/sqlite3.c:102017:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(printf, -1, 0, 0, printfFunc ),
data/charybdis-4.1.2/bandb/sqlite3.c:105989:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
char * (*snprintf)(int,char*,const char*,...);
data/charybdis-4.1.2/bandb/sqlite3.c:106101:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
char *(*vsnprintf)(int,char*,const char*,va_list);
data/charybdis-4.1.2/bandb/sqlite3.c:106250:53: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define sqlite3_snprintf sqlite3_api->snprintf
data/charybdis-4.1.2/bandb/sqlite3.c:106274:53: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define sqlite3_vsnprintf sqlite3_api->vsnprintf
data/charybdis-4.1.2/bandb/sqlite3.c:106350:53: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define sqlite3_uri_vsnprintf sqlite3_api->vsnprintf
data/charybdis-4.1.2/extensions/extb_hostmask.c:42:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_host, "%s!%s@%s", client_p->name, client_p->username, client_p->host);
data/charybdis-4.1.2/extensions/extb_hostmask.c:43:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_iphost, "%s!%s@%s", client_p->name, client_p->username, client_p->sockhost);
data/charybdis-4.1.2/extensions/extb_hostmask.c:49:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_althost, "%s!%s@%s", client_p->name, client_p->username, client_p->orighost);
data/charybdis-4.1.2/extensions/extb_hostmask.c:51:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_althost, "%s!%s@%s", client_p->name, client_p->username, client_p->localClient->mangledhost);
data/charybdis-4.1.2/extensions/extb_hostmask.c:59:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_ip4host, "%s!%s@", client_p->name, client_p->username);
data/charybdis-4.1.2/extensions/m_findforwards.c:104:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, chptr->chname);
data/charybdis-4.1.2/include/ircd_defs.h:44:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define AFP(a,b) __attribute__((format (printf, a, b)))
data/charybdis-4.1.2/include/stdinc.h:156:74: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
# define LOCAL_COPY(s) __extension__({ char *_s = alloca(strlen(s) + 1); strcpy(_s, s); _s; })
data/charybdis-4.1.2/include/stdinc.h:158:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
# define LOCAL_COPY(s) strcpy(alloca(strlen(s) + 1), s) /* XXX Is that allowed? */
data/charybdis-4.1.2/ircd/authproc.c:100:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/authproc.c:104:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/bandbi.c:91:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/bandbi.c:96:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/capability.c:184:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tl = sprintf(t, "%s ", entry->cap);
data/charybdis-4.1.2/ircd/channel.c:450:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_len = mlen = sprintf(lbuf, form_str(RPL_NAMREPLY),
data/charybdis-4.1.2/ircd/channel.c:475:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tlen = sprintf(t, "%s%s!%s@%s ", find_channel_status(msptr, stack),
data/charybdis-4.1.2/ircd/channel.c:489:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tlen = sprintf(t, "%s%s ", find_channel_status(msptr, stack),
data/charybdis-4.1.2/ircd/channel.c:559:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_host, "%s!%s@%s", who->name, who->username, who->host);
data/charybdis-4.1.2/ircd/channel.c:560:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_iphost, "%s!%s@%s", who->name, who->username, who->sockhost);
data/charybdis-4.1.2/ircd/channel.c:570:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_althost, "%s!%s@%s", who->name, who->username, who->orighost);
data/charybdis-4.1.2/ircd/channel.c:577:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_althost, "%s!%s@%s", who->name, who->username, who->localClient->mangledhost);
data/charybdis-4.1.2/ircd/channel.c:584:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_ip4host, "%s!%s@", who->name, who->username);
data/charybdis-4.1.2/ircd/channel.c:738:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_host, "%s!%s@%s", source_p->name, source_p->username, source_p->host);
data/charybdis-4.1.2/ircd/channel.c:739:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_iphost, "%s!%s@%s", source_p->name, source_p->username, source_p->sockhost);
data/charybdis-4.1.2/ircd/channel.c:745:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_althost, "%s!%s@%s", source_p->name, source_p->username, source_p->orighost);
data/charybdis-4.1.2/ircd/channel.c:752:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_althost, "%s!%s@%s", source_p->name, source_p->username, source_p->localClient->mangledhost);
data/charybdis-4.1.2/ircd/channel.c:973:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_host, "%s!%s@%s", client_p->name, client_p->username, client_p->host);
data/charybdis-4.1.2/ircd/channel.c:974:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src_iphost, "%s!%s@%s", client_p->name, client_p->username, client_p->sockhost);
data/charybdis-4.1.2/ircd/channel.c:1212:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pbuf += sprintf(pbuf, " %s", chptr->mode.key);
data/charybdis-4.1.2/ircd/channel.c:1230:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pbuf += sprintf(pbuf, " %s", chptr->mode.forward);
data/charybdis-4.1.2/ircd/channel.c:1275:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
mbl = preflen = sprintf(modebuf, ":%s TMODE %ld %s ",
data/charybdis-4.1.2/ircd/channel.c:1338:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(pbuf, "%s ", arg);
data/charybdis-4.1.2/ircd/chmode.c:283:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(who, "%s!%s@%s", source_p->name, source_p->username, source_p->host);
data/charybdis-4.1.2/ircd/chmode.c:1740:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
mlen = sprintf(modebuf, ":%s MODE %s ", fakesource_p->name, chptr->chname);
data/charybdis-4.1.2/ircd/chmode.c:1742:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
mlen = sprintf(modebuf, ":%s!%s@%s MODE %s ",
data/charybdis-4.1.2/ircd/chmode.c:1807:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(pbuf, "%s ", mode_changes[i].arg);
data/charybdis-4.1.2/ircd/client.c:1457:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment1, source_p->servptr->name);
data/charybdis-4.1.2/ircd/client.c:1459:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment1, source_p->name);
data/charybdis-4.1.2/ircd/client.c:1560:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comment1, source_p->servptr->name);
data/charybdis-4.1.2/ircd/client.c:1562:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comment1, source_p->name);
data/charybdis-4.1.2/ircd/getopt.c:94:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*((char **) opts[i].argloc), (*argv)[1]);
data/charybdis-4.1.2/ircd/logger.c:83:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(dirname, F_OK) == -1)
data/charybdis-4.1.2/ircd/logger.c:92:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(filename, F_OK) == -1)
data/charybdis-4.1.2/ircd/logger.c:94:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(dirname, W_OK) == -1)
data/charybdis-4.1.2/ircd/logger.c:105:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(filename, W_OK) == -1)
data/charybdis-4.1.2/ircd/logger.c:178:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/charybdis-4.1.2/ircd/logger.c:211:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/charybdis-4.1.2/ircd/logger.c:227:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/charybdis-4.1.2/ircd/logger.c:242:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/charybdis-4.1.2/ircd/logger.c:257:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/charybdis-4.1.2/ircd/msgbuf.c:202:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, msgbuf->tags[i].key);
data/charybdis-4.1.2/ircd/msgbuf.c:348:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(ws, buflen_copy - prefixlen, fmt, va);
data/charybdis-4.1.2/ircd/newconf.c:489:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(privs, privs_old);
data/charybdis-4.1.2/ircd/newconf.c:491:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(privs, args->v.string);
data/charybdis-4.1.2/ircd/newconf.c:2379:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, BUFSIZE, fmt, ap);
data/charybdis-4.1.2/ircd/newconf.c:2399:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, BUFSIZE, fmt, ap);
data/charybdis-4.1.2/ircd/parse.c:450:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tl = sprintf(t, " %s", parv[i]);
data/charybdis-4.1.2/ircd/parse.c:453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, " :%s", parv[parc - 1]);
data/charybdis-4.1.2/ircd/privilege.c:117:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(set->privs, parent->privs);
data/charybdis-4.1.2/ircd/privilege.c:119:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(set->privs, privs);
data/charybdis-4.1.2/ircd/restart.c:75:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(ircd_paths[IRCD_PATH_IRCD_EXEC], (void *)myargv);
data/charybdis-4.1.2/ircd/restart.c:80:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path, (void *)myargv);
data/charybdis-4.1.2/ircd/s_newconf.c:209:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), format, args);
data/charybdis-4.1.2/ircd/s_newconf.c:230:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), format, args);
data/charybdis-4.1.2/ircd/s_serv.c:549:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cur_len = mlen = sprintf(buf, ":%s BMASK %ld %s %c :",
data/charybdis-4.1.2/ircd/s_serv.c:577:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s$%s ", banptr->banstr, banptr->forward);
data/charybdis-4.1.2/ircd/s_serv.c:579:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s ", banptr->banstr);
data/charybdis-4.1.2/ircd/s_serv.c:683:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cur_len = mlen = sprintf(buf, ":%s SJOIN %ld %s %s :", me.id,
data/charybdis-4.1.2/ircd/s_serv.c:707:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s%s ", find_channel_status(msptr, 1),
data/charybdis-4.1.2/ircd/s_user.c:575:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpstr2, "Invalid username [%s]", source_p->username);
data/charybdis-4.1.2/ircd/s_user.c:1530:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(reason, 255, format, ap);
data/charybdis-4.1.2/ircd/s_user.c:1546:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(modeval, nick);
data/charybdis-4.1.2/ircd/s_user.c:1553:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(modeval, nick);
data/charybdis-4.1.2/ircd/send.c:517:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof buf, pattern, args);
data/charybdis-4.1.2/ircd/send.c:1001:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), pattern, args);
data/charybdis-4.1.2/ircd/send.c:1067:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), pattern, args);
data/charybdis-4.1.2/ircd/send.c:1279:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), pattern, args);
data/charybdis-4.1.2/ircd/sslproc.c:285:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/sslproc.c:289:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/wsproc.c:270:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/ircd/wsproc.c:274:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/librb/include/rb_helper.h:49:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute((format(printf, 2, 3)));
data/charybdis-4.1.2/librb/include/rb_helper.h:51:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute((format(printf, 2, 3)));
data/charybdis-4.1.2/librb/include/rb_lib.h:135:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define AFP(a,b) __attribute__((format (printf, a, b)))
data/charybdis-4.1.2/librb/include/rb_memory.h:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, x);
data/charybdis-4.1.2/librb/src/commio.c:1472:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(dst, inetntoa((const char *)src));
data/charybdis-4.1.2/librb/src/commio.c:1845:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "::ffff:%s", src);
data/charybdis-4.1.2/librb/src/helper.c:117:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(fullpath, X_OK) == -1)
data/charybdis-4.1.2/librb/src/patricia.c:77:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tmp);
data/charybdis-4.1.2/librb/src/rb_lib.c:139:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errbuf, sizeof(errbuf), format, args);
data/charybdis-4.1.2/librb/src/rb_lib.c:151:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errbuf, sizeof(errbuf), format, args);
data/charybdis-4.1.2/librb/src/rb_lib.c:163:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(errbuf, sizeof(errbuf), format, args);
data/charybdis-4.1.2/librb/src/tools.c:318:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int append_len = vsnprintf(str + orig_len, len - orig_len, format, ap);
data/charybdis-4.1.2/librb/src/tools.c:348:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int append_len = vsnprintf(str + orig_len, len - orig_len, format, ap);
data/charybdis-4.1.2/librb/src/tools.c:423:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(buf + used, remaining,
data/charybdis-4.1.2/librb/src/unix.c:87:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path, (const void *)argv); /* make gcc shut up */
data/charybdis-4.1.2/modules/core/m_join.c:475:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chptr->chname, parv[2]);
data/charybdis-4.1.2/modules/core/m_join.c:740:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chptr->chname, parv[2]);
data/charybdis-4.1.2/modules/core/m_join.c:757:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
mlen_uid = sprintf(buf_uid, ":%s SJOIN %ld %s %s :",
data/charybdis-4.1.2/modules/core/m_join.c:826:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(ptr_uid, "%s ", use_id(target_p));
data/charybdis-4.1.2/modules/core/m_join.c:1095:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(pbuf, "%s ", oldmode->key);
data/charybdis-4.1.2/modules/core/m_join.c:1135:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(pbuf, "%s ", mode->key);
data/charybdis-4.1.2/modules/core/m_join.c:1158:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(pbuf, "%s ", mode->forward);
data/charybdis-4.1.2/modules/core/m_join.c:1286:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cur_len = mlen = sprintf(lmodebuf, ":%s MODE %s -", source_p->name, chptr->chname);
data/charybdis-4.1.2/modules/core/m_join.c:1314:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pbuf += sprintf(pbuf, "%s$%s ", banptr->banstr, banptr->forward);
data/charybdis-4.1.2/modules/core/m_join.c:1316:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pbuf += sprintf(pbuf, "%s ", banptr->banstr);
data/charybdis-4.1.2/modules/core/m_kill.c:168:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Killed (%s (%s))", source_p->name, reason);
data/charybdis-4.1.2/modules/core/m_kill.c:285:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Killed (%s %s)", source_p->name, reason);
data/charybdis-4.1.2/modules/core/m_mode.c:337:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
mlen = sprintf(modebuf, ":%s MODE %s +", fakesource_p->name, chptr->chname);
data/charybdis-4.1.2/modules/core/m_mode.c:397:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
arglen = sprintf(pbuf, "%s ", s);
data/charybdis-4.1.2/modules/m_alias.c:68:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, alias->name);
data/charybdis-4.1.2/modules/m_ison.c:80:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, form_str(RPL_ISON), me.name, source_p->name);
data/charybdis-4.1.2/modules/m_monitor.c:82:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_offlen = cur_onlen = mlen = sprintf(onbuf, form_str(RPL_MONONLINE),
data/charybdis-4.1.2/modules/m_monitor.c:84:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(offbuf, form_str(RPL_MONOFFLINE),
data/charybdis-4.1.2/modules/m_monitor.c:146:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
arglen = sprintf(onptr, "%s!%s@%s",
data/charybdis-4.1.2/modules/m_monitor.c:167:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
arglen = sprintf(offptr, "%s", name);
data/charybdis-4.1.2/modules/m_monitor.c:224:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_len = mlen = sprintf(buf, form_str(RPL_MONLIST),
data/charybdis-4.1.2/modules/m_monitor.c:245:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
arglen = sprintf(nbuf, "%s", monptr->name);
data/charybdis-4.1.2/modules/m_monitor.c:266:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
mlen = cur_onlen = sprintf(onbuf, form_str(RPL_MONONLINE),
data/charybdis-4.1.2/modules/m_monitor.c:268:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_offlen = sprintf(offbuf, form_str(RPL_MONOFFLINE),
data/charybdis-4.1.2/modules/m_monitor.c:294:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
arglen = sprintf(onptr, "%s!%s@%s",
data/charybdis-4.1.2/modules/m_monitor.c:315:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
arglen = sprintf(offptr, "%s", monptr->name);
data/charybdis-4.1.2/modules/m_names.c:138:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_len = mlen = sprintf(buf, form_str(RPL_NAMREPLY),
data/charybdis-4.1.2/modules/m_names.c:181:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tlen = sprintf(t, "%s ", target_p->name);
data/charybdis-4.1.2/modules/m_restart.c:135:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Server RESTART by %s", get_client_name(source_p, HIDE_IP));
data/charybdis-4.1.2/modules/m_time.c:111:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s %d %d -- %02u:%02u:%02u %c%02u:%02u",
data/charybdis-4.1.2/modules/m_topic.c:131:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(topic_info, "%s!%s@%s",
data/charybdis-4.1.2/modules/m_userhost.c:68:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_len = sprintf(buf, form_str(RPL_USERHOST), me.name, source_p->name, "");
data/charybdis-4.1.2/modules/m_userhost.c:86:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
rl = sprintf(response, "%s%s=%c%s@%s ",
data/charybdis-4.1.2/modules/m_userhost.c:95:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
rl = sprintf(response, "%s%s=%c%s@%s ",
data/charybdis-4.1.2/modules/m_userhost.c:104:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s", response);
data/charybdis-4.1.2/modules/m_who.c:466:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf(buf + *pos, max, fmt, ap);
data/charybdis-4.1.2/modules/m_who.c:490:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(status, "%c%s%s",
data/charybdis-4.1.2/modules/m_whois.c:248:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cur_len = mlen = sprintf(buf, form_str(RPL_WHOISCHANNELS),
data/charybdis-4.1.2/modules/m_whois.c:291:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tlen = sprintf(t, "%s%s%s ",
data/charybdis-4.1.2/ssld/ssld.c:252:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(reason, sizeof(reason), fmt, ap);
data/charybdis-4.1.2/ssld/ssld.c:676:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) &buf[5], cstring);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:541:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:608:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(329)); /* final character will be replaced with ' ' */
data/charybdis-4.1.2/tests/msgbuf_parse1.c:617:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(329));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:681:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(314));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:748:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(315)); /* final character will be replaced with ' ' */
data/charybdis-4.1.2/tests/msgbuf_parse1.c:815:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(300));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:882:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(301)); /* final character will be replaced with ' ' */
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1191:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(509));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1215:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(510));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1239:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(1));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1241:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(508));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1265:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(510));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1291:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(511)); /* the last byte will be replaced with a ' ' when parsing */
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1299:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(511));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1322:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(510));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1348:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(1));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1350:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(508));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1376:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(1));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1378:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(509)); /* the last byte will be replaced with a ' ' when parsing */
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1386:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(509));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1409:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(1));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1411:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(510)); /* the second-last byte will be replaced with a ' ' when parsing */
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1419:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(510));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1991:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(496));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2015:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(494));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2041:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(495));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2066:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(493));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2092:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(496));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2099:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(496));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2122:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(497));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2129:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(497));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2152:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2154:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(472));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2232:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2234:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(472));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2313:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2315:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(472));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2394:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2396:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(472));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2476:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2478:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(471));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2487:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(471));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2564:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2566:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(471));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2576:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(471));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2653:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2655:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(473));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2733:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2735:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(473));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2814:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2816:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(471));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2895:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(328));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2897:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(471));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:270:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:272:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(250));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:304:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:306:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(249));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:338:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:340:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(248));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:372:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:374:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(247));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:406:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:408:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(241));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:440:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:442:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(240));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:474:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:476:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(239));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:508:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:510:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(238));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:542:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:544:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(250));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:576:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:578:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(249));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:610:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:612:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(248));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:644:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(259));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:646:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(247));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:678:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(267));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:680:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(241));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:712:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(267));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:714:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(240));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:746:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(267));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:748:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(239));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:780:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(267));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:782:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(238));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:812:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(510));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:842:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(509));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:872:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(508));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:902:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(508));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1021:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(508));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1052:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(507));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1083:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(506));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1114:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(507));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1145:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(506));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1176:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(505));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1207:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(506));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1238:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(505));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1269:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(504));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1300:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(506));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1331:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(505));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1362:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(504));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1714:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(488));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1739:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(489));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1763:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(487));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1770:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(487));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1794:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(488));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1801:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(488));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1828:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(483));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1853:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(484));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1877:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(482));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1884:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(482));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1908:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(483));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1915:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(483));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1942:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(476));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1967:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(477));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1991:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(475));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1998:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(475));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2022:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(476));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2029:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(476));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2056:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(399));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2081:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(400));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2105:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(398));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2112:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(398));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2136:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, MKTEXT(399));
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2143:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, MKTEXT(399));
data/charybdis-4.1.2/tests/runtests.c:286:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/runtests.c:310:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/charybdis-4.1.2/tests/runtests.c:546:13: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl(path, path, (char *) 0) == -1)
data/charybdis-4.1.2/tests/runtests.c:1153:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, X_OK) < 0)
data/charybdis-4.1.2/tests/runtests.c:1479:9: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl(path, path, (char *) 0) == -1)
data/charybdis-4.1.2/tests/runtests.c:1514:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(usage_message, program, program, program, usage_extra);
data/charybdis-4.1.2/tests/runtests.c:1535:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage_message, program, program, program, usage_extra);
data/charybdis-4.1.2/tests/runtests.c:1577:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(banner, shortlist);
data/charybdis-4.1.2/tests/sasl_abort1.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(server->id, TEST_SERVER_ID);
data/charybdis-4.1.2/tests/sasl_abort1.c:53:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote->id, TEST_REMOTE_ID);
data/charybdis-4.1.2/tests/send1.c:144:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user->id, TEST_ID);
data/charybdis-4.1.2/tests/send1.c:145:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(server->id, TEST_SERVER_ID);
data/charybdis-4.1.2/tests/send1.c:146:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote->id, TEST_REMOTE_ID);
data/charybdis-4.1.2/tests/send1.c:147:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(server2->id, TEST_SERVER2_ID);
data/charybdis-4.1.2/tests/send1.c:148:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote2->id, TEST_REMOTE2_ID);
data/charybdis-4.1.2/tests/send1.c:149:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(server3->id, TEST_SERVER3_ID);
data/charybdis-4.1.2/tests/send1.c:150:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote3->id, TEST_REMOTE3_ID);
data/charybdis-4.1.2/tests/send1.c:152:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_chan_o->id, TEST_ME_ID "90001");
data/charybdis-4.1.2/tests/send1.c:153:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_chan_ov->id, TEST_ME_ID "90002");
data/charybdis-4.1.2/tests/send1.c:154:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_chan_v->id, TEST_ME_ID "90003");
data/charybdis-4.1.2/tests/send1.c:155:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_chan_p->id, TEST_ME_ID "90004");
data/charybdis-4.1.2/tests/send1.c:156:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_chan_d->id, TEST_ME_ID "90005");
data/charybdis-4.1.2/tests/send1.c:158:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote_chan_o->id, TEST_SERVER_ID "90101");
data/charybdis-4.1.2/tests/send1.c:159:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote_chan_ov->id, TEST_SERVER_ID "90102");
data/charybdis-4.1.2/tests/send1.c:160:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote_chan_v->id, TEST_SERVER_ID "90103");
data/charybdis-4.1.2/tests/send1.c:161:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote_chan_p->id, TEST_SERVER_ID "90104");
data/charybdis-4.1.2/tests/send1.c:162:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote_chan_d->id, TEST_SERVER_ID "90105");
data/charybdis-4.1.2/tests/send1.c:164:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote2_chan_p->id, TEST_SERVER2_ID "90204");
data/charybdis-4.1.2/tests/send1.c:165:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote2_chan_d->id, TEST_SERVER2_ID "90205");
data/charybdis-4.1.2/tests/substitution1.c:135:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(512));
data/charybdis-4.1.2/tests/substitution1.c:145:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(513));
data/charybdis-4.1.2/tests/substitution1.c:155:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(600));
data/charybdis-4.1.2/tests/substitution1.c:165:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(500));
data/charybdis-4.1.2/tests/substitution1.c:166:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(10));
data/charybdis-4.1.2/tests/substitution1.c:175:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(500));
data/charybdis-4.1.2/tests/substitution1.c:176:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(11));
data/charybdis-4.1.2/tests/substitution1.c:185:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(500));
data/charybdis-4.1.2/tests/substitution1.c:186:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(12));
data/charybdis-4.1.2/tests/substitution1.c:196:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(500));
data/charybdis-4.1.2/tests/substitution1.c:197:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(13));
data/charybdis-4.1.2/tests/substitution1.c:207:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(600));
data/charybdis-4.1.2/tests/substitution1.c:208:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(10));
data/charybdis-4.1.2/tests/substitution1.c:218:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(100));
data/charybdis-4.1.2/tests/substitution1.c:219:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(400));
data/charybdis-4.1.2/tests/substitution1.c:220:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(10));
data/charybdis-4.1.2/tests/substitution1.c:229:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(100));
data/charybdis-4.1.2/tests/substitution1.c:230:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(400));
data/charybdis-4.1.2/tests/substitution1.c:231:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(11));
data/charybdis-4.1.2/tests/substitution1.c:240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(100));
data/charybdis-4.1.2/tests/substitution1.c:241:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(400));
data/charybdis-4.1.2/tests/substitution1.c:242:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(12));
data/charybdis-4.1.2/tests/substitution1.c:252:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(100));
data/charybdis-4.1.2/tests/substitution1.c:253:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(400));
data/charybdis-4.1.2/tests/substitution1.c:254:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(13));
data/charybdis-4.1.2/tests/substitution1.c:264:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, MKTEXT(200));
data/charybdis-4.1.2/tests/substitution1.c:265:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(400));
data/charybdis-4.1.2/tests/substitution1.c:266:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, MKTEXT(100));
data/charybdis-4.1.2/tests/substitution1.c:277:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(input, MKTEXT(1000));
data/charybdis-4.1.2/tests/substitution1.c:317:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, MKTEXT(1000));
data/charybdis-4.1.2/tests/tap/basic.c:134:13: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args); \
data/charybdis-4.1.2/tests/tap/basic.c:431:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/charybdis-4.1.2/tests/tap/basic.c:613:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/charybdis-4.1.2/tests/tap/basic.c:635:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/charybdis-4.1.2/tests/tap/basic.c:656:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/charybdis-4.1.2/tests/tap/basic.c:678:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, args);
data/charybdis-4.1.2/tests/tap/basic.c:867:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK) == 0)
data/charybdis-4.1.2/tests/tap/basic.c:908:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, X_OK) < 0)
data/charybdis-4.1.2/tests/tap/basic.h:66:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__noreturn__, __format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/tap/basic.h:75:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 2, 3)));
data/charybdis-4.1.2/tests/tap/basic.h:77:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 2, 0)));
data/charybdis-4.1.2/tests/tap/basic.h:79:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/tap/basic.h:86:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 3, 4)));
data/charybdis-4.1.2/tests/tap/basic.h:88:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 2, 3)));
data/charybdis-4.1.2/tests/tap/basic.h:97:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 3, 4)));
data/charybdis-4.1.2/tests/tap/basic.h:99:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 3, 4)));
data/charybdis-4.1.2/tests/tap/basic.h:101:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 3, 4)));
data/charybdis-4.1.2/tests/tap/basic.h:103:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 3, 4)));
data/charybdis-4.1.2/tests/tap/basic.h:107:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__noreturn__, __nonnull__, __format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/tap/basic.h:109:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__noreturn__, __nonnull__, __format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/tap/basic.h:113:44: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__nonnull__, __format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/tap/basic.h:115:44: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__nonnull__, __format__(printf, 1, 2)));
data/charybdis-4.1.2/tests/tap/float.h:38:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((__format__(printf, 4, 5)));
data/charybdis-4.1.2/tools/mkpasswd.c:59:1: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
getpass(const char *prompt)
data/charybdis-4.1.2/tools/mkpasswd.c:197:15: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
plaintext = getpass("plaintext: ");
data/charybdis-4.1.2/tools/mkpasswd.c:206:15: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
plaintext = getpass("again: ");
data/charybdis-4.1.2/tools/mkpasswd.c:234:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "$1$%s$", saltpara);
data/charybdis-4.1.2/tools/mkpasswd.c:271:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "$5$%s$", saltpara);
data/charybdis-4.1.2/tools/mkpasswd.c:290:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "$6$%s$", saltpara);
data/charybdis-4.1.2/tools/mkpasswd.c:348:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "$2a$%s$%s$", tbuf, saltpara);
data/charybdis-4.1.2/tools/mkpasswd.c:369:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(salt, "$2a$%s$", tbuf);
data/charybdis-4.1.2/wsockd/wsockd.c:449:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(reason, sizeof(reason), fmt, ap);
data/charybdis-4.1.2/authd/reslist.c:70:11: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary("iphlpapi.dll");
data/charybdis-4.1.2/bandb/bantool.c:138:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "hieuspvwd")) != -1)
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:65:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
bandb_dbpath_env = getenv("BANDB_DBPATH");
data/charybdis-4.1.2/bandb/sqlite3.c:21758:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&winMutex_staticMutexes[i].mutex);
data/charybdis-4.1.2/bandb/sqlite3.c:21852:9: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&p->mutex);
data/charybdis-4.1.2/bandb/sqlite3.c:21918:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&p->mutex);
data/charybdis-4.1.2/bandb/sqlite3.c:30347:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
lk = random();
data/charybdis-4.1.2/bandb/sqlite3.c:32924:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[0] ) azDirs[0] = getenv("SQLITE_TMPDIR");
data/charybdis-4.1.2/bandb/sqlite3.c:32925:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[1] ) azDirs[1] = getenv("TMPDIR");
data/charybdis-4.1.2/bandb/sqlite3.c:33346:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *envforce = getenv("SQLITE_FORCE_PROXY_LOCKING");
data/charybdis-4.1.2/bandb/sqlite3.c:39727:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[0] ) azDirs[0] = getenv("SQLITE_TMPDIR");
data/charybdis-4.1.2/bandb/sqlite3.c:39728:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[1] ) azDirs[1] = getenv("TMPDIR");
data/charybdis-4.1.2/bandb/sqlite3.c:39729:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[2] ) azDirs[2] = getenv("TMP");
data/charybdis-4.1.2/bandb/sqlite3.c:39730:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[3] ) azDirs[3] = getenv("TEMP");
data/charybdis-4.1.2/bandb/sqlite3.c:39731:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[4] ) azDirs[4] = getenv("USERPROFILE");
data/charybdis-4.1.2/bandb/sqlite3.c:102029:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
VFUNCTION(random, 0, 0, 0, randomFunc ),
data/charybdis-4.1.2/extensions/m_mkpasswd.c:193:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/charybdis-4.1.2/ircd/ircd.c:590:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/charybdis-4.1.2/ircd/ircd.c:604:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(tv->tv_sec ^ (tv->tv_usec | (getpid() << 20)));
data/charybdis-4.1.2/ircd/ircd.c:617:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/charybdis-4.1.2/librb/src/arc4random.c:138:9: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
lib = LoadLibrary("ADVAPI32.DLL");
data/charybdis-4.1.2/librb/src/commio.c:365:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env_mapped = getenv("SCTP_I_WANT_MAPPED_V4_ADDR");
data/charybdis-4.1.2/librb/src/commio.c:2261:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *ioenv = getenv("LIBRB_USE_IOTYPE");
data/charybdis-4.1.2/librb/src/helper.c:53:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tifd = getenv("IFD");
data/charybdis-4.1.2/librb/src/helper.c:54:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tofd = getenv("OFD");
data/charybdis-4.1.2/librb/src/helper.c:55:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmaxfd = getenv("MAXFD");
data/charybdis-4.1.2/librb/src/unix.c:172:2: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
realpath(s, path_buf);
data/charybdis-4.1.2/librb/src/unix.c:188:2: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
realpath(map->l_name, path_buf);
data/charybdis-4.1.2/librb/src/unix.c:197:2: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
realpath(tmp_path, path_buf);
data/charybdis-4.1.2/librb/src/win32.c:135:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((buf = getenv(name)) != NULL)
data/charybdis-4.1.2/ssld/ssld.c:1165:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s_ctlfd = getenv("CTL_FD");
data/charybdis-4.1.2/ssld/ssld.c:1166:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s_pipe = getenv("CTL_PIPE");
data/charybdis-4.1.2/ssld/ssld.c:1167:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s_pid = getenv("CTL_PPID");
data/charybdis-4.1.2/tests/runtests.c:1508:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((option = getopt(argc, argv, "b:hl:os:v")) != EOF) {
data/charybdis-4.1.2/tests/runtests.c:1543:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("C_TAP_VERBOSE") != NULL)
data/charybdis-4.1.2/tests/tap/basic.c:863:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
base = getenv(envs[i]);
data/charybdis-4.1.2/tests/tap/basic.c:904:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
build = getenv("C_TAP_BUILD");
data/charybdis-4.1.2/tools/mkpasswd.c:101:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, "xymbr:h?l:s:p:")) != -1)
data/charybdis-4.1.2/tools/mkpasswd.c:380:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/charybdis-4.1.2/wsockd/wsockd.c:957:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s_ctlfd = getenv("CTL_FD");
data/charybdis-4.1.2/wsockd/wsockd.c:958:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s_pipe = getenv("CTL_PIPE");
data/charybdis-4.1.2/wsockd/wsockd.c:959:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s_pid = getenv("CTL_PPID");
data/charybdis-4.1.2/authd/authd.c:129:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *parv[MAXPARA + 1];
data/charybdis-4.1.2/authd/authd.c:130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readbuf[READBUF_SIZE];
data/charybdis-4.1.2/authd/dns.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[HOSTIPLEN] = "*";
data/charybdis-4.1.2/authd/dns.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[(HOSTIPLEN + 1) * IRCD_MAXNS];
data/charybdis-4.1.2/authd/dns.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[HOSTIPLEN];
data/charybdis-4.1.2/authd/getaddrinfo.c:245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pai, hints, sizeof(*pai));
data/charybdis-4.1.2/authd/getaddrinfo.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pton[PTON_MAX];
data/charybdis-4.1.2/authd/getaddrinfo.c:506:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ai, pai, sizeof(struct rb_addrinfo));
data/charybdis-4.1.2/authd/getaddrinfo.c:512:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + afd->a_off, addr, (size_t)afd->a_addrlen);
data/charybdis-4.1.2/authd/getaddrinfo.c:520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&xai, ai, sizeof(struct rb_addrinfo));
data/charybdis-4.1.2/authd/getaddrinfo.c:561:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(servname);
data/charybdis-4.1.2/authd/getnameinfo.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numserv[512];
data/charybdis-4.1.2/authd/getnameinfo.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numaddr[512];
data/charybdis-4.1.2/authd/getnameinfo.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numaddr[512];
data/charybdis-4.1.2/authd/notice.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/authd/notice.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/authd/notice.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/authd/notice.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/authd/provider.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/authd/provider.c:321:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auth->l_port = (uint16_t)atoi(l_port); /* should be safe */
data/charybdis-4.1.2/authd/provider.c:326:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auth->c_port = (uint16_t)atoi(c_port);
data/charybdis-4.1.2/authd/provider.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_ip[HOSTIPLEN + 1]; /* Listener IP address */
data/charybdis-4.1.2/authd/provider.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_ip[HOSTIPLEN + 1]; /* Client IP address */
data/charybdis-4.1.2/authd/provider.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOSTLEN + 1]; /* Used for DNS lookup */
data/charybdis-4.1.2/authd/provider.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[USERLEN + 1]; /* Used for ident lookup */
data/charybdis-4.1.2/authd/providers/blacklist.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[IRCD_RES_HOSTLEN + 1];
data/charybdis-4.1.2/authd/providers/blacklist.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */
data/charybdis-4.1.2/authd/providers/blacklist.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter[HOSTIPLEN]; /* The filter itself */
data/charybdis-4.1.2/authd/providers/blacklist.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IRCD_RES_HOSTLEN + 1];
data/charybdis-4.1.2/authd/providers/blacklist.c:528:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iptype = atoi(parv[1]) & 0x3;
data/charybdis-4.1.2/authd/providers/blacklist.c:559:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(parv[0]);
data/charybdis-4.1.2/authd/providers/ident.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authbuf[32];
data/charybdis-4.1.2/authd/providers/ident.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IDENT_BUFSIZE + 1] = { 0 }; /* buffer to read auth reply into */
data/charybdis-4.1.2/authd/providers/ident.c:253:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remp = atoi(remotePortString);
data/charybdis-4.1.2/authd/providers/ident.c:257:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locp = atoi(commaPtr);
data/charybdis-4.1.2/authd/providers/ident.c:347:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(parv[0]);
data/charybdis-4.1.2/authd/providers/opm.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[16];
data/charybdis-4.1.2/authd/providers/opm.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[HOSTIPLEN];
data/charybdis-4.1.2/authd/providers/opm.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[OPM_READSIZE];
data/charybdis-4.1.2/authd/providers/opm.c:312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, "\x04\x01", 2); c += 2; /* Socks version 4, connect command */
data/charybdis-4.1.2/authd/providers/opm.c:313:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
data/charybdis-4.1.2/authd/providers/opm.c:314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
data/charybdis-4.1.2/authd/providers/opm.c:337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, "\x05\x01\x00\x05\x01\x00", 6); c += 6;
data/charybdis-4.1.2/authd/providers/opm.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
data/charybdis-4.1.2/authd/providers/opm.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
data/charybdis-4.1.2/authd/providers/opm.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, ((struct sockaddr_in6 *)&scan->listener->addr)->sin6_addr.s6_addr, 16); c += 16; /* Address */
data/charybdis-4.1.2/authd/providers/opm.c:349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, &(((struct sockaddr_in6 *)&scan->listener->addr)->sin6_port), 2); c += 2; /* Port */
data/charybdis-4.1.2/authd/providers/opm.c:367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuf[128]; /* A bit bigger than we need but better safe than sorry */
data/charybdis-4.1.2/authd/providers/opm.c:672:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(parv[0]);
data/charybdis-4.1.2/authd/providers/opm.c:735:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iport = atoi(parv[1]);
data/charybdis-4.1.2/authd/providers/opm.c:749:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iport = atoi(parv[1]);
data/charybdis-4.1.2/authd/providers/opm.c:803:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iport = atoi(parv[1]);
data/charybdis-4.1.2/authd/providers/rdns.c:155:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(parv[0]);
data/charybdis-4.1.2/authd/res.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char queryname[IRCD_RES_HOSTLEN + 1]; /* name currently being queried */
data/charybdis-4.1.2/authd/res.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[IRCD_RES_HOSTLEN + 1];
data/charybdis-4.1.2/authd/res.c:513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&request->addr, addr, sizeof(struct rb_sockaddr_storage));
data/charybdis-4.1.2/authd/res.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPACKET];
data/charybdis-4.1.2/authd/res.c:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[IRCD_RES_HOSTLEN + 1]; /* working buffer */
data/charybdis-4.1.2/authd/res.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[IRCD_RES_HOSTLEN + 100]; /* working buffer */
data/charybdis-4.1.2/authd/res.c:680:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v4->sin_addr, current, sizeof(struct in_addr));
data/charybdis-4.1.2/authd/res.c:690:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v6->sin6_addr, current, sizeof(struct in6_addr));
data/charybdis-4.1.2/authd/res.c:723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(HEADER) + MAXPACKET]
data/charybdis-4.1.2/authd/reslib.c:112:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char irc_domain[IRCD_RES_HOSTLEN + 1];
data/charybdis-4.1.2/authd/reslib.c:114:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char digitvalue[256] = {
data/charybdis-4.1.2/authd/reslib.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[DNS_MAXLINE];
data/charybdis-4.1.2/authd/reslib.c:208:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen("/etc/resolv.conf", "r")) == NULL)
data/charybdis-4.1.2/authd/reslib.c:284:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&irc_nsaddr_list[irc_nscount], res->ai_addr, res->ai_addrlen);
data/charybdis-4.1.2/authd/reslib.c:320:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[NS_MAXCDNAME];
data/charybdis-4.1.2/authd/reslib.c:370:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstp, srcp, l);
data/charybdis-4.1.2/authd/reslib.c:705:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
dn += sprintf(dn, "\\[x");
data/charybdis-4.1.2/authd/reslib.c:707:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
dn += sprintf(dn, "%02x", *cp & 0xff);
data/charybdis-4.1.2/authd/reslib.c:710:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
dn += sprintf(dn, "%02x", tc & (0xff << (8 - b)));
data/charybdis-4.1.2/authd/reslib.c:713:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
dn += sprintf(dn, "%1x",
data/charybdis-4.1.2/authd/reslib.c:716:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
dn += sprintf(dn, "/%d]", blen);
data/charybdis-4.1.2/authd/reslib.c:956:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstp, srcp, n + 1);
data/charybdis-4.1.2/authd/reslib.c:975:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[NS_MAXCDNAME];
data/charybdis-4.1.2/authd/reslib.c:1185:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *dnptrs[20], **dpp, **lastdnptr;
data/charybdis-4.1.2/authd/reslib.h:124:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char irc_domain[IRCD_RES_HOSTLEN + 1];
data/charybdis-4.1.2/authd/reslist.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enumbuf[39]; /* GUIDs are 38 chars + 1 for NULL */
data/charybdis-4.1.2/authd/reslist.c:204:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namelist[512];
data/charybdis-4.1.2/bandb/bandb.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bandb_letter[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/bandb/bandb.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *bandb_table[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/bandb/bandb.c:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/charybdis-4.1.2/bandb/bandb.c:182:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *parv[MAXPARA + 1];
data/charybdis-4.1.2/bandb/bandb.c:183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readbuf[READBUF_SIZE];
data/charybdis-4.1.2/bandb/bandb.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/charybdis-4.1.2/bandb/bantool.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bandb_letter[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/bandb/bantool.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *bandb_table[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/bandb/bantool.c:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *bandb_suffix[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/bandb/bantool.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char me[PATH_MAX];
data/charybdis-4.1.2/bandb/bantool.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char etc[PATH_MAX];
data/charybdis-4.1.2/bandb/bantool.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conf[PATH_MAX];
data/charybdis-4.1.2/bandb/bantool.c:277:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[BUFSIZE * 2];
data/charybdis-4.1.2/bandb/bantool.c:278:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/charybdis-4.1.2/bandb/bantool.c:313:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(fd = fopen(conf, "w")))
data/charybdis-4.1.2/bandb/bantool.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFSIZE];
data/charybdis-4.1.2/bandb/bantool.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newreason[REASONLEN];
data/charybdis-4.1.2/bandb/bantool.c:398:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(fd = fopen(conf, "r")))
data/charybdis-4.1.2/bandb/bantool.c:615:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[14]; /* int(11) + 2 + \0 */
data/charybdis-4.1.2/bandb/bantool.c:639:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE * 2];
data/charybdis-4.1.2/bandb/bantool.c:666:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE * 2];
data/charybdis-4.1.2/bandb/bantool.c:700:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE * 2];
data/charybdis-4.1.2/bandb/bantool.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[8]; /* longest string is 'INTEGER\0' */
data/charybdis-4.1.2/bandb/bantool.c:849:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_DATE_STRING];
data/charybdis-4.1.2/bandb/rsdb_snprintf.c:251:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char TempBuffer[TEMPBUF_MAX];
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbpath[PATH_MAX];
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE * 4];
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE * 4];
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE * 4];
data/charybdis-4.1.2/bandb/sqlite3.c:13513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSelName[12]; /* Symbolic name of this SELECT use for debugging */
data/charybdis-4.1.2/bandb/sqlite3.c:13700:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char yDbMask[(SQLITE_MAX_ATTACHED+9)/8];
data/charybdis-4.1.2/bandb/sqlite3.c:15191:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SQLITE_PRIVATE const unsigned char sqlite3CtypeMap[256] = {
data/charybdis-4.1.2/bandb/sqlite3.c:16176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[100]; /* Initial space */
data/charybdis-4.1.2/bandb/sqlite3.c:17293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *z, zBuf[30];
data/charybdis-4.1.2/bandb/sqlite3.c:17564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/charybdis-4.1.2/bandb/sqlite3.c:17584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/charybdis-4.1.2/bandb/sqlite3.c:17603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/charybdis-4.1.2/bandb/sqlite3.c:17640:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/charybdis-4.1.2/bandb/sqlite3.c:17828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[20];
data/charybdis-4.1.2/bandb/sqlite3.c:18857:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zTitle[100]; /* The title text */
data/charybdis-4.1.2/bandb/sqlite3.c:19027:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBt, &aAddr[1], pHdr->nBacktrace*sizeof(void*));
data/charybdis-4.1.2/bandb/sqlite3.c:19036:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, mem.zTitle, mem.nTitle);
data/charybdis-4.1.2/bandb/sqlite3.c:19103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, pPrior, (int)(nByte<pOldHdr->iSize ? nByte : pOldHdr->iSize));
data/charybdis-4.1.2/bandb/sqlite3.c:19209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem.zTitle, zTitle, n);
data/charybdis-4.1.2/bandb/sqlite3.c:19233:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zFilename, "w");
data/charybdis-4.1.2/bandb/sqlite3.c:19822:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pPrior, nOld);
data/charybdis-4.1.2/bandb/sqlite3.c:19824:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pPrior, nBytes);
data/charybdis-4.1.2/bandb/sqlite3.c:19880:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zFilename, "w");
data/charybdis-4.1.2/bandb/sqlite3.c:20379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pPrior, nOld);
data/charybdis-4.1.2/bandb/sqlite3.c:20500:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zFilename, "w");
data/charybdis-4.1.2/bandb/sqlite3.c:22710:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, p, db->lookaside.sz);
data/charybdis-4.1.2/bandb/sqlite3.c:22758:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zNew, z, n);
data/charybdis-4.1.2/bandb/sqlite3.c:22771:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zNew, z, (size_t)n);
data/charybdis-4.1.2/bandb/sqlite3.c:23062:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[etBUFSIZE]; /* Conversion buffer */
data/charybdis-4.1.2/bandb/sqlite3.c:23344:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+(prefix!=0),"Inf",4);
data/charybdis-4.1.2/bandb/sqlite3.c:23643:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( !isMalloced(p) && p->nChar>0 ) memcpy(zNew, p->zText, p->nChar);
data/charybdis-4.1.2/bandb/sqlite3.c:23679:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zText[p->nChar], z, N);
data/charybdis-4.1.2/bandb/sqlite3.c:23699:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zText[p->nChar-N], z, N);
data/charybdis-4.1.2/bandb/sqlite3.c:23723:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zText, p->zBase, p->nChar+1);
data/charybdis-4.1.2/bandb/sqlite3.c:23775:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[SQLITE_PRINT_BUF_SIZE];
data/charybdis-4.1.2/bandb/sqlite3.c:23808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[SQLITE_PRINT_BUF_SIZE];
data/charybdis-4.1.2/bandb/sqlite3.c:23894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zMsg[SQLITE_PRINT_BUF_SIZE*3]; /* Complete log message */
data/charybdis-4.1.2/bandb/sqlite3.c:23923:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[500];
data/charybdis-4.1.2/bandb/sqlite3.c:24004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[500];
data/charybdis-4.1.2/bandb/sqlite3.c:24045:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLine[1000];
data/charybdis-4.1.2/bandb/sqlite3.c:24108:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLine[100];
data/charybdis-4.1.2/bandb/sqlite3.c:24183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zFlgs[30];
data/charybdis-4.1.2/bandb/sqlite3.c:24470:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[256]; /* State variables */
data/charybdis-4.1.2/bandb/sqlite3.c:24523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[256];
data/charybdis-4.1.2/bandb/sqlite3.c:24564:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/charybdis-4.1.2/bandb/sqlite3.c:24571:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/charybdis-4.1.2/bandb/sqlite3.c:25075:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/charybdis-4.1.2/bandb/sqlite3.c:25185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/charybdis-4.1.2/bandb/sqlite3.c:25342:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zBuf[20];
data/charybdis-4.1.2/bandb/sqlite3.c:26053:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut, &u, 8);
data/charybdis-4.1.2/bandb/sqlite3.c:26094:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pValue, &u, 4);
data/charybdis-4.1.2/bandb/sqlite3.c:26526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x,p,4);
data/charybdis-4.1.2/bandb/sqlite3.c:26531:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x,p,4);
data/charybdis-4.1.2/bandb/sqlite3.c:26536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x,p,4);
data/charybdis-4.1.2/bandb/sqlite3.c:26545:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&v,4);
data/charybdis-4.1.2/bandb/sqlite3.c:26549:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&x,4);
data/charybdis-4.1.2/bandb/sqlite3.c:26553:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&x,4);
data/charybdis-4.1.2/bandb/sqlite3.c:26824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &x, 8);
data/charybdis-4.1.2/bandb/sqlite3.c:27564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aPadding[32];
data/charybdis-4.1.2/bandb/sqlite3.c:27848:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(zFile, flags, mode);
data/charybdis-4.1.2/bandb/sqlite3.c:28423:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zCanonicalName, zAbsoluteName, n+1);
data/charybdis-4.1.2/bandb/sqlite3.c:28601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aSemName[MAX_PATHNAME+2]; /* Name of that semaphore */
data/charybdis-4.1.2/bandb/sqlite3.c:28641:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aErr[80];
data/charybdis-4.1.2/bandb/sqlite3.c:28829:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pInode->fileId, &fileId, sizeof(fileId));
data/charybdis-4.1.2/bandb/sqlite3.c:30697:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], amt);
data/charybdis-4.1.2/bandb/sqlite3.c:30701:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:30816:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldCntr[4];
data/charybdis-4.1.2/bandb/sqlite3.c:30832:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, amt);
data/charybdis-4.1.2/bandb/sqlite3.c:30836:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:31019:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zDirname[MAX_PATHNAME+1];
data/charybdis-4.1.2/bandb/sqlite3.c:33064:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zDb[MAX_PATHNAME+1]; /* Database file path */
data/charybdis-4.1.2/bandb/sqlite3.c:33094:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDb, zPath, nDb);
data/charybdis-4.1.2/bandb/sqlite3.c:33172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zTmpname[MAX_PATHNAME+2];
data/charybdis-4.1.2/bandb/sqlite3.c:33352:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
useProxy = atoi(envforce)>0;
data/charybdis-4.1.2/bandb/sqlite3.c:33554:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDel, zIn, n);
data/charybdis-4.1.2/bandb/sqlite3.c:33669:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zBuf, &t, sizeof(t));
data/charybdis-4.1.2/bandb/sqlite3.c:33670:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[sizeof(t)], &randomnessPid, sizeof(randomnessPid));
data/charybdis-4.1.2/bandb/sqlite3.c:34013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tPath[MAXPATHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PROXY_MAXCONCHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[64] = "";
data/charybdis-4.1.2/bandb/sqlite3.c:34285:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tBuf[PROXY_MAXCONCHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readBuf[PROXY_MAXCONCHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockPath[MAXPATHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34392:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockPath, &readBuf[PROXY_PATHINDEX], pathLen);
data/charybdis-4.1.2/bandb/sqlite3.c:34438:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char writeBuffer[PROXY_MAXCONCHLEN];
data/charybdis-4.1.2/bandb/sqlite3.c:34442:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&writeBuffer[PROXY_HEADERLEN], myHostID, PROXY_HOSTIDLEN);
data/charybdis-4.1.2/bandb/sqlite3.c:34589:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conchPath, dbPath, len+1);
data/charybdis-4.1.2/bandb/sqlite3.c:34605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conchPath[i+1], "-conch", 7);
data/charybdis-4.1.2/bandb/sqlite3.c:34665:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dbPath, (char *)pFile->lockingContext, len + 1);
data/charybdis-4.1.2/bandb/sqlite3.c:34684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbPath[MAXPATHLEN+1]; /* Name of the database file */
data/charybdis-4.1.2/bandb/sqlite3.c:36177:41: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
{ "MultiByteToWideChar", (SYSCALL)MultiByteToWideChar, 0 },
data/charybdis-4.1.2/bandb/sqlite3.c:36595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zDbgBuf[SQLITE_WIN32_DBG_BUF_SIZE];
data/charybdis-4.1.2/bandb/sqlite3.c:36602:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDbgBuf, zBuf, nMin);
data/charybdis-4.1.2/bandb/sqlite3.c:36618:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDbgBuf, zBuf, nMin);
data/charybdis-4.1.2/bandb/sqlite3.c:37207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zMsg[500]; /* Human readable error text */
data/charybdis-4.1.2/bandb/sqlite3.c:37851:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], amt);
data/charybdis-4.1.2/bandb/sqlite3.c:37857:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:37929:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, amt);
data/charybdis-4.1.2/bandb/sqlite3.c:37935:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:41203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
data/charybdis-4.1.2/bandb/sqlite3.c:41243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
data/charybdis-4.1.2/bandb/sqlite3.c:44666:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbFileVers[16]; /* Changes whenever database file changes */
data/charybdis-4.1.2/bandb/sqlite3.c:44974:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zRet[1024];
data/charybdis-4.1.2/bandb/sqlite3.c:45055:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ac[4];
data/charybdis-4.1.2/bandb/sqlite3.c:45074:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[4];
data/charybdis-4.1.2/bandb/sqlite3.c:45244:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aMagic[8]; /* A buffer to hold the magic header */
data/charybdis-4.1.2/bandb/sqlite3.c:45336:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char zeroHdr[28] = {0};
data/charybdis-4.1.2/bandb/sqlite3.c:45424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zHeader, aJournalMagic, sizeof(aJournalMagic));
data/charybdis-4.1.2/bandb/sqlite3.c:45501:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aMagic[8]; /* A buffer to hold the magic header */
data/charybdis-4.1.2/bandb/sqlite3.c:46351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData, (u8*)aData, pPager->pageSize);
data/charybdis-4.1.2/bandb/sqlite3.c:48153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zHeader, aJournalMagic, sizeof(aJournalMagic));
data/charybdis-4.1.2/bandb/sqlite3.c:48667:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPager->zFilename, zPathname, nPathname);
data/charybdis-4.1.2/bandb/sqlite3.c:48668:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( nUri ) memcpy(&pPager->zFilename[nPathname+1], zUri, nUri);
data/charybdis-4.1.2/bandb/sqlite3.c:48669:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPager->zJournal, zPathname, nPathname);
data/charybdis-4.1.2/bandb/sqlite3.c:48670:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPager->zJournal[nPathname], "-journal\000", 8+2);
data/charybdis-4.1.2/bandb/sqlite3.c:48674:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPager->zWal, zPathname, nPathname);
data/charybdis-4.1.2/bandb/sqlite3.c:48675:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPager->zWal[nPathname], "-wal\000", 4+1);
data/charybdis-4.1.2/bandb/sqlite3.c:49165:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbFileVers[sizeof(pPager->dbFileVers)];
data/charybdis-4.1.2/bandb/sqlite3.c:50064:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const void *pCopy = (const void *)&((const char *)zBuf)[24];
data/charybdis-4.1.2/bandb/sqlite3.c:52034:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&aHdr[1], (const void*)&pWal->hdr, sizeof(WalIndexHdr));
data/charybdis-4.1.2/bandb/sqlite3.c:52036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&aHdr[0], (const void*)&pWal->hdr, sizeof(WalIndexHdr));
data/charybdis-4.1.2/bandb/sqlite3.c:52065:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aFrame[8], pWal->hdr.aSalt, 8);
data/charybdis-4.1.2/bandb/sqlite3.c:52146:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zName[15];
data/charybdis-4.1.2/bandb/sqlite3.c:52514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr.aSalt, &aBuf[16], 8);
data/charybdis-4.1.2/bandb/sqlite3.c:52819:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aLeft, aTmp, sizeof(aTmp[0])*iOut);
data/charybdis-4.1.2/bandb/sqlite3.c:53046:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr.aSalt[1], &salt1, 4);
data/charybdis-4.1.2/bandb/sqlite3.c:53399:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr, &h1, sizeof(WalIndexHdr));
data/charybdis-4.1.2/bandb/sqlite3.c:53813:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr, pSnapshot, sizeof(WalIndexHdr));
data/charybdis-4.1.2/bandb/sqlite3.c:54065:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr, (void *)walIndexHdr(pWal), sizeof(WalIndexHdr));
data/charybdis-4.1.2/bandb/sqlite3.c:54373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aWalHdr[16], pWal->hdr.aSalt, 8);
data/charybdis-4.1.2/bandb/sqlite3.c:54752:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet, &pWal->hdr, sizeof(WalIndexHdr));
data/charybdis-4.1.2/bandb/sqlite3.c:56559:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aSpace[200]; /* Temp space for pIdxKey - to avoid a malloc */
data/charybdis-4.1.2/bandb/sqlite3.c:57184:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[x], &data[x], (cbrk+size) - x);
data/charybdis-4.1.2/bandb/sqlite3.c:57187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[cbrk], &src[pc], size);
data/charybdis-4.1.2/bandb/sqlite3.c:57250:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aData[iAddr], &aData[pc], 2);
data/charybdis-4.1.2/bandb/sqlite3.c:57944:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zDbHeader[100]; /* Database header content */
data/charybdis-4.1.2/bandb/sqlite3.c:58006:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zFullPathname, zFilename, nFilename);
data/charybdis-4.1.2/bandb/sqlite3.c:58850:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, zMagicHeader, sizeof(zMagicHeader));
data/charybdis-4.1.2/bandb/sqlite3.c:60207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPayload, pBuf, nByte);
data/charybdis-4.1.2/bandb/sqlite3.c:60210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, pPayload, nByte);
data/charybdis-4.1.2/bandb/sqlite3.c:60412:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aSave, aWrite, 4);
data/charybdis-4.1.2/bandb/sqlite3.c:60415:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aWrite, aSave, 4);
data/charybdis-4.1.2/bandb/sqlite3.c:61433:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:61457:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:61463:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPrevTrunk->aData[0], &pTrunk->aData[0], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:61486:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNewTrunk->aData[0], &pTrunk->aData[0], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:61488:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNewTrunk->aData[8], &pTrunk->aData[12], (k-1)*4);
data/charybdis-4.1.2/bandb/sqlite3.c:61553:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aData[8+closest*4], &aData[4+k*4], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:62034:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPayload, pSrc, n);
data/charybdis-4.1.2/bandb/sqlite3.c:62144:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTemp, pCell, sz);
data/charybdis-4.1.2/bandb/sqlite3.c:62179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[idx], pCell, sz);
data/charybdis-4.1.2/bandb/sqlite3.c:62276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pTmp[i], &aData[i], usableSize - i);
data/charybdis-4.1.2/bandb/sqlite3.c:62288:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData, pCell, szCell[i]);
data/charybdis-4.1.2/bandb/sqlite3.c:62451:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTmp, aData, pPg->pBt->usableSize);
data/charybdis-4.1.2/bandb/sqlite3.c:62725:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aTo[iData], &aFrom[iData], pBt->usableSize-iData);
data/charybdis-4.1.2/bandb/sqlite3.c:62726:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aTo[iToHdr], &aFrom[iFromHdr], pFrom->cellOffset + 2*pFrom->nCell);
data/charybdis-4.1.2/bandb/sqlite3.c:62920:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]);
data/charybdis-4.1.2/bandb/sqlite3.c:63036:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTemp, apDiv[i], sz);
data/charybdis-4.1.2/bandb/sqlite3.c:63045:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b.apCell[b.nCell], &pOld->aData[8], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:63284:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&apNew[nNew-1]->aData[8], &pOld->aData[8], 4);
data/charybdis-4.1.2/bandb/sqlite3.c:63358:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNew->aData[8], pCell, 4);
data/charybdis-4.1.2/bandb/sqlite3.c:63586:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pChild->aiOvfl, pRoot->aiOvfl,
data/charybdis-4.1.2/bandb/sqlite3.c:63588:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pChild->apOvfl, pRoot->apOvfl,
data/charybdis-4.1.2/bandb/sqlite3.c:63847:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newCell, oldCell, 4);
data/charybdis-4.1.2/bandb/sqlite3.c:65133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zErr[100];
data/charybdis-4.1.2/bandb/sqlite3.c:65820:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, zIn, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:66458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMem->zMalloc, pMem->z, pMem->n);
data/charybdis-4.1.2/bandb/sqlite3.c:66655:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMem, &t, sizeof(t));
data/charybdis-4.1.2/bandb/sqlite3.c:67100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, MEMCELLSIZE);
data/charybdis-4.1.2/bandb/sqlite3.c:67121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, MEMCELLSIZE);
data/charybdis-4.1.2/bandb/sqlite3.c:67145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, sizeof(Mem));
data/charybdis-4.1.2/bandb/sqlite3.c:67220:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMem->z, z, nAlloc);
data/charybdis-4.1.2/bandb/sqlite3.c:68318:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( p4copy ) memcpy(p4copy, zP4, 8);
data/charybdis-4.1.2/bandb/sqlite3.c:69445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zPtr[50];
data/charybdis-4.1.2/bandb/sqlite3.c:69446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zCom[100];
data/charybdis-4.1.2/bandb/sqlite3.c:69749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[1000];
data/charybdis-4.1.2/bandb/sqlite3.c:70858:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *out = fopen("vdbe_profile.out", "a");
data/charybdis-4.1.2/bandb/sqlite3.c:70877:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zHdr[100];
data/charybdis-4.1.2/bandb/sqlite3.c:71311:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( len>0 ) memcpy(buf, pMem->z, len);
data/charybdis-4.1.2/bandb/sqlite3.c:71368:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pMem->u.r, &x, sizeof(x));
data/charybdis-4.1.2/bandb/sqlite3.c:72774:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, pOrig, MEMCELLSIZE);
data/charybdis-4.1.2/bandb/sqlite3.c:74277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[100]; /* Initial working space */
data/charybdis-4.1.2/bandb/sqlite3.c:74854:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[200];
data/charybdis-4.1.2/bandb/sqlite3.c:75895:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut->z, pIn2->z, pIn2->n);
data/charybdis-4.1.2/bandb/sqlite3.c:75897:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pOut->z[pIn2->n], pIn1->z, pIn1->n);
data/charybdis-4.1.2/bandb/sqlite3.c:77064:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDest->z, zData, len);
data/charybdis-4.1.2/bandb/sqlite3.c:77357:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zName, zName, nName+1);
data/charybdis-4.1.2/bandb/sqlite3.c:78413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aTempRec[ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*4 + 7];
data/charybdis-4.1.2/bandb/sqlite3.c:82387:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aAlloc, &p->aBuffer[iBuf], nAvail);
data/charybdis-4.1.2/bandb/sqlite3.c:82403:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->aAlloc[nByte - nRem], aNext, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:82811:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pKeyInfo, pCsr->pKeyInfo, szKeyInfo);
data/charybdis-4.1.2/bandb/sqlite3.c:83310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->aBuffer[p->iBufEnd], &pData[nData-nRem], nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:83687:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SRVAL(pNew), pVal->z, pVal->n);
data/charybdis-4.1.2/bandb/sqlite3.c:84520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut->z, pKey, nKey);
data/charybdis-4.1.2/bandb/sqlite3.c:84693:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, (u8*)pChunk->zChunk + iChunkOffset, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:84790:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((u8*)p->pFirst->zChunk, zBuf, iAmt);
data/charybdis-4.1.2/bandb/sqlite3.c:84818:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((u8*)p->endpoint.pChunk->zChunk + iChunkOffset, zWrite, iSpace);
data/charybdis-4.1.2/bandb/sqlite3.c:85250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pExpr, pDup, sizeof(*pExpr));
data/charybdis-4.1.2/bandb/sqlite3.c:87130:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( pToken->n ) memcpy(pNew->u.zToken, pToken->z, pToken->n);
data/charybdis-4.1.2/bandb/sqlite3.c:87547:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAlloc, p, nNewSize);
data/charybdis-4.1.2/bandb/sqlite3.c:87550:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAlloc, p, nSize);
data/charybdis-4.1.2/bandb/sqlite3.c:87564:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zToken, p->u.zToken, nToken);
data/charybdis-4.1.2/bandb/sqlite3.c:91716:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->aCol, pTab->aCol, sizeof(Column)*pNew->nCol);
data/charybdis-4.1.2/bandb/sqlite3.c:92059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->u.aRowid, pData, n);
data/charybdis-4.1.2/bandb/sqlite3.c:92086:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->anEq, pFrom->anEq, sizeof(tRowcnt)*p->nCol);
data/charybdis-4.1.2/bandb/sqlite3.c:92087:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->anLt, pFrom->anLt, sizeof(tRowcnt)*p->nCol);
data/charybdis-4.1.2/bandb/sqlite3.c:92088:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->anDLt, pFrom->anDLt, sizeof(tRowcnt)*p->nCol);
data/charybdis-4.1.2/bandb/sqlite3.c:93509:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSample->p, sqlite3_column_blob(pStmt, 4), pSample->n);
data/charybdis-4.1.2/bandb/sqlite3.c:93705:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zFile = (const char *)sqlite3_value_text(argv[0]);
data/charybdis-4.1.2/bandb/sqlite3.c:93706:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zName = (const char *)sqlite3_value_text(argv[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:93741:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aNew, db->aDb, sizeof(db->aDb[0])*2);
data/charybdis-4.1.2/bandb/sqlite3.c:93815:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zKey = (char *)sqlite3_value_blob(argv[2]);
data/charybdis-4.1.2/bandb/sqlite3.c:93893:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zName = (const char *)sqlite3_value_text(argv[0]);
data/charybdis-4.1.2/bandb/sqlite3.c:93897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zErr[128];
data/charybdis-4.1.2/bandb/sqlite3.c:94738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveBuf[SAVE_SZ];
data/charybdis-4.1.2/bandb/sqlite3.c:94749:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saveBuf, &pParse->nVar, SAVE_SZ);
data/charybdis-4.1.2/bandb/sqlite3.c:94754:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pParse->nVar, saveBuf, SAVE_SZ);
data/charybdis-4.1.2/bandb/sqlite3.c:94978:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db->aDbStatic, db->aDb, 2*sizeof(db->aDb[0]));
data/charybdis-4.1.2/bandb/sqlite3.c:95530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pName->z, pName->n);
data/charybdis-4.1.2/bandb/sqlite3.c:95561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zType, pType->z, pType->n);
data/charybdis-4.1.2/bandb/sqlite3.c:96055:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zStmt[k], zType, len);
data/charybdis-4.1.2/bandb/sqlite3.c:96075:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, pIdx->azColl, sizeof(char*)*pIdx->nColumn);
data/charybdis-4.1.2/bandb/sqlite3.c:96078:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, pIdx->aiColumn, sizeof(i16)*pIdx->nColumn);
data/charybdis-4.1.2/bandb/sqlite3.c:96081:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, pIdx->aSortOrder, pIdx->nColumn);
data/charybdis-4.1.2/bandb/sqlite3.c:96864:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zTab[24];
data/charybdis-4.1.2/bandb/sqlite3.c:97115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pTo->z, pTo->n);
data/charybdis-4.1.2/bandb/sqlite3.c:97143:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pToCol->a[i].zName, n);
data/charybdis-4.1.2/bandb/sqlite3.c:97552:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIndex->zName, zName, nName+1);
data/charybdis-4.1.2/bandb/sqlite3.c:97625:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, zColl, nColl);
data/charybdis-4.1.2/bandb/sqlite3.c:97901:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a[1], aVal, nCopy*sizeof(LogEst));
data/charybdis-4.1.2/bandb/sqlite3.c:98943:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pColl, pColl2, sizeof(CollSeq));
data/charybdis-4.1.2/bandb/sqlite3.c:99053:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pColl[0].zName, zName, nName);
data/charybdis-4.1.2/bandb/sqlite3.c:99294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&pBest[1], zName, nName+1);
data/charybdis-4.1.2/bandb/sqlite3.c:101249:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[50];
data/charybdis-4.1.2/bandb/sqlite3.c:101493:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zOut[j], zRep, nRep);
data/charybdis-4.1.2/bandb/sqlite3.c:101499:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zOut[j], &zStr[i], nStr-i);
data/charybdis-4.1.2/bandb/sqlite3.c:101607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zResult[8];
data/charybdis-4.1.2/bandb/sqlite3.c:101656:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zFile = (const char *)sqlite3_value_text(argv[0]);
data/charybdis-4.1.2/bandb/sqlite3.c:101662:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zProc = (const char *)sqlite3_value_text(argv[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:101956:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aWc, pDef->pUserData, 3);
data/charybdis-4.1.2/bandb/sqlite3.c:103381:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)pStep->zTarget, zFrom, nFrom);
data/charybdis-4.1.2/bandb/sqlite3.c:105815:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pzErrMsg, sqlite3_errmsg(db), nErrMsg);
data/charybdis-4.1.2/bandb/sqlite3.c:105965:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(const char*,sqlite3**);
data/charybdis-4.1.2/bandb/sqlite3.c:106225:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define sqlite3_open sqlite3_api->open
data/charybdis-4.1.2/bandb/sqlite3.c:106901:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAltEntry, "sqlite3_", 8);
data/charybdis-4.1.2/bandb/sqlite3.c:106910:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAltEntry+iEntry, "_init", 6);
data/charybdis-4.1.2/bandb/sqlite3.c:106945:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aHandle, db->aExtension, sizeof(handle)*db->nExtension);
data/charybdis-4.1.2/bandb/sqlite3.c:107941:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aFcntl[4]; /* Argument to SQLITE_FCNTL_PRAGMA */
data/charybdis-4.1.2/bandb/sqlite3.c:109590:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zKey[40];
data/charybdis-4.1.2/bandb/sqlite3.c:109770:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *azArg[4];
data/charybdis-4.1.2/bandb/sqlite3.c:116247:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, argv[i], n);
data/charybdis-4.1.2/bandb/sqlite3.c:116732:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pName->z, pName->n);
data/charybdis-4.1.2/bandb/sqlite3.c:118702:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCopy, zName, nName+1);
data/charybdis-4.1.2/bandb/sqlite3.c:119703:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&pNew[1], pDef->zName, sqlite3Strlen30(pDef->zName)+1);
data/charybdis-4.1.2/bandb/sqlite3.c:119763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTab->zName, pMod->zName, nName);
data/charybdis-4.1.2/bandb/sqlite3.c:120520:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100]; /* Initial space for EQP output string */
data/charybdis-4.1.2/bandb/sqlite3.c:121833:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOrTab->a, pTabItem, sizeof(*pTabItem));
data/charybdis-4.1.2/bandb/sqlite3.c:122238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pWC->a, pOld, sizeof(pWC->a[0])*pWC->nTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:122364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wc[3]; /* Wildcard characters */
data/charybdis-4.1.2/bandb/sqlite3.c:123616:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aiCur, pWInfo->aiCurOnePass, sizeof(int)*2);
data/charybdis-4.1.2/bandb/sqlite3.c:123632:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDest->a, pSrc->a, pDest->n*sizeof(pDest->a[0]));
data/charybdis-4.1.2/bandb/sqlite3.c:125161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zType[4];
data/charybdis-4.1.2/bandb/sqlite3.c:125162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zType, "...", 4);
data/charybdis-4.1.2/bandb/sqlite3.c:125272:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paNew, p->aLTerm, sizeof(p->aLTerm[0])*p->nLSlot);
data/charybdis-4.1.2/bandb/sqlite3.c:125288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, WHERE_LOOP_XFER_SZ);
data/charybdis-4.1.2/bandb/sqlite3.c:125289:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->aLTerm, pFrom->aLTerm, pTo->nLTerm*sizeof(pTo->aLTerm[0]));
data/charybdis-4.1.2/bandb/sqlite3.c:127041:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zName[65];
data/charybdis-4.1.2/bandb/sqlite3.c:127333:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->aLoop, pFrom->aLoop, sizeof(WhereLoop*)*iLoop);
data/charybdis-4.1.2/bandb/sqlite3.c:132089:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char zText[553] = {
data/charybdis-4.1.2/bandb/sqlite3.c:132122:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aHash[127] = {
data/charybdis-4.1.2/bandb/sqlite3.c:132134:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aNext[124] = {
data/charybdis-4.1.2/bandb/sqlite3.c:132146:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aLen[124] = {
data/charybdis-4.1.2/bandb/sqlite3.c:132170:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aCode[124] = {
data/charybdis-4.1.2/bandb/sqlite3.c:133468:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&y, &x, 8);
data/charybdis-4.1.2/bandb/sqlite3.c:134556:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zBuf[50];
data/charybdis-4.1.2/bandb/sqlite3.c:135862:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zFile, zUri, nUri);
data/charybdis-4.1.2/bandb/sqlite3.c:136202:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zKey[40];
data/charybdis-4.1.2/bandb/sqlite3.c:137426:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, aArg, nArg*sizeof(void *));
data/charybdis-4.1.2/bandb/sqlite3.c:139482:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, zCol, n);
data/charybdis-4.1.2/bandb/sqlite3.c:139778:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aIndex, aIndex, sizeof(struct Fts3Index) * nIndex);
data/charybdis-4.1.2/bandb/sqlite3.c:139788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCsr, argv[2], nName);
data/charybdis-4.1.2/bandb/sqlite3.c:139791:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCsr, argv[1], nDb);
data/charybdis-4.1.2/bandb/sqlite3.c:139798:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
z = (char *)sqlite3Fts3NextToken(aCol[iCol], &n);
data/charybdis-4.1.2/bandb/sqlite3.c:139799:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCsr, z, n);
data/charybdis-4.1.2/bandb/sqlite3.c:139804:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert( zCsr <= &((char *)p)[nByte] );
data/charybdis-4.1.2/bandb/sqlite3.c:140239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuffer[nPrefix], zCsr, nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:140391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, *ppPoslist, n);
data/charybdis-4.1.2/bandb/sqlite3.c:140429:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, *ppPoslist, n);
data/charybdis-4.1.2/bandb/sqlite3.c:140754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aaOutput[16]; /* Malloc'd output buffers */
data/charybdis-4.1.2/bandb/sqlite3.c:141146:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTS->aaOutput[0], aDoclist, nDoclist);
data/charybdis-4.1.2/bandb/sqlite3.c:141943:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pRet, sqlite3_value_blob(pVal), sizeof(Fts3Cursor *));
data/charybdis-4.1.2/bandb/sqlite3.c:142064:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zArg = (const char *)sqlite3_value_text(apVal[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:142963:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aDoclist, a[p->nToken-1].pList, nByte+1);
data/charybdis-4.1.2/bandb/sqlite3.c:144438:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)p->pFts3Tab->zDb, zDb, nDb);
data/charybdis-4.1.2/bandb/sqlite3.c:144439:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)p->pFts3Tab->zName, zFts3, nFts3);
data/charybdis-4.1.2/bandb/sqlite3.c:145096:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->pPhrase->aToken[0].z, zToken, nToken);
data/charybdis-4.1.2/bandb/sqlite3.c:145211:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zTemp[nTemp], zByte, nByte);
data/charybdis-4.1.2/bandb/sqlite3.c:145239:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zBuf, zTemp, nTemp);
data/charybdis-4.1.2/bandb/sqlite3.c:146012:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)pp, sqlite3_column_blob(pStmt, 0), sizeof(*pp));
data/charybdis-4.1.2/bandb/sqlite3.c:146111:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *)sqlite3_value_text(argv[0]), &pModule);
data/charybdis-4.1.2/bandb/sqlite3.c:146128:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zExpr = (const char *)sqlite3_value_text(argv[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:146137:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
azCol[ii] = (char *)sqlite3_value_text(argv[ii+2]);
data/charybdis-4.1.2/bandb/sqlite3.c:146561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)new_elem->pKey, pKey, nKey);
data/charybdis-4.1.2/bandb/sqlite3.c:146921:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zReverse[28];
data/charybdis-4.1.2/bandb/sqlite3.c:147515:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *azArg[64];
data/charybdis-4.1.2/bandb/sqlite3.c:147532:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zName = (const char *)sqlite3_value_text(argv[0]);
data/charybdis-4.1.2/bandb/sqlite3.c:147534:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zInput = (const char *)sqlite3_value_text(argv[argc-1]);
data/charybdis-4.1.2/bandb/sqlite3.c:147550:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
azArg[i-1] = (const char *)sqlite3_value_text(argv[i]);
data/charybdis-4.1.2/bandb/sqlite3.c:147631:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)pp, sqlite3_column_blob(pStmt, 0), sizeof(*pp));
data/charybdis-4.1.2/bandb/sqlite3.c:147795:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[128]; /* flag ASCII delimiters */
data/charybdis-4.1.2/bandb/sqlite3.c:148128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSpace, argv[i], n+1);
data/charybdis-4.1.2/bandb/sqlite3.c:148342:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
data/charybdis-4.1.2/bandb/sqlite3.c:148348:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pCsr->zInput, zByte, nByte);
data/charybdis-4.1.2/bandb/sqlite3.c:149378:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zText = (const char *)sqlite3_value_text(apVal[i]);
data/charybdis-4.1.2/bandb/sqlite3.c:149788:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aCopy, pList->aData, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:149847:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pReader->zTerm[nPrefix], pNext, nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:150079:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pReader->aNode, zRoot, nRoot);
data/charybdis-4.1.2/bandb/sqlite3.c:150202:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pReader->ppNextElem, aElem, nElem*sizeof(Fts3HashElem *));
data/charybdis-4.1.2/bandb/sqlite3.c:150493:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pTree->aData[nData], &zTerm[nPrefix], nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:150507:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTree->zTerm, zTerm, nTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:150757:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWriter->aData[nData], &zTerm[nPrefix], nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:150760:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWriter->aData[nData], aDoclist, nDoclist);
data/charybdis-4.1.2/bandb/sqlite3.c:150779:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pWriter->zTerm, zTerm, nTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:151087:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMsr->aBuffer, pList, nList);
data/charybdis-4.1.2/bandb/sqlite3.c:151431:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pCsr->aBuffer[nDoclist], pList, nList);
data/charybdis-4.1.2/bandb/sqlite3.c:152183:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:152287:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBlk->a[pBlk->n], &zTerm[nPrefix], nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:152290:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->key.a, zTerm, nTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:152363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPrev->a, zTerm, nTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:152370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNode->a[pNode->n], &zTerm[nPrefix], nSuffix);
data/charybdis-4.1.2/bandb/sqlite3.c:152375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNode->a[pNode->n], aDoclist, nDoclist);
data/charybdis-4.1.2/bandb/sqlite3.c:152706:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->block.a, aRoot, nRoot);
data/charybdis-4.1.2/bandb/sqlite3.c:152718:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->key.a, reader.term.a, reader.term.n);
data/charybdis-4.1.2/bandb/sqlite3.c:152728:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->block.a, aBlock, nBlock);
data/charybdis-4.1.2/bandb/sqlite3.c:153192:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pHint->a, aHint, nHint);
data/charybdis-4.1.2/bandb/sqlite3.c:153755:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->nNodeSize = atoi(&zVal[9]);
data/charybdis-4.1.2/bandb/sqlite3.c:153758:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->nMaxPendingData = atoi(&zVal[11]);
data/charybdis-4.1.2/bandb/sqlite3.c:153761:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->bNoIncrDoclist = atoi(&zVal[21]);
data/charybdis-4.1.2/bandb/sqlite3.c:153883:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet, &p->pList->aData[nSkip], *pnData);
data/charybdis-4.1.2/bandb/sqlite3.c:154276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->zMatchinfo, zMatchinfo, nStr+1);
data/charybdis-4.1.2/bandb/sqlite3.c:154317:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( p->bGlobal ) memcpy(aOut, &p->aMatchinfo[1], p->nElem*sizeof(u32));
data/charybdis-4.1.2/bandb/sqlite3.c:154327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->aMatchinfo[2+p->nElem], &p->aMatchinfo[1], p->nElem*sizeof(u32));
data/charybdis-4.1.2/bandb/sqlite3.c:154751:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pStr->z[pStr->n], zAppend, nAppend);
data/charybdis-4.1.2/bandb/sqlite3.c:155781:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aBuffer[64];
data/charybdis-4.1.2/bandb/sqlite3.c:157153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->zData, zBlob, pRtree->iNodeSize);
data/charybdis-4.1.2/bandb/sqlite3.c:157531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c.u,a,4); \
data/charybdis-4.1.2/bandb/sqlite3.c:157539:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c.u,a,4); \
data/charybdis-4.1.2/bandb/sqlite3.c:158101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBlob, sqlite3_value_blob(pValue), nBlob);
data/charybdis-4.1.2/bandb/sqlite3.c:158283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zIdxStr[RTREE_MAX_DIMENSIONS*8+1];
data/charybdis-4.1.2/bandb/sqlite3.c:158425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cell, p, sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:158607:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aSpare, aLeft, sizeof(int)*nLeft);
data/charybdis-4.1.2/bandb/sqlite3.c:158676:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aSpare, aLeft, sizeof(int)*nLeft);
data/charybdis-4.1.2/bandb/sqlite3.c:158767:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&left, &aCell[aaSorted[ii][0]], sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:158768:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&right, &aCell[aaSorted[ii][nCell-1]], sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:158797:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBboxLeft, &aCell[aaSorted[iBestDim][0]], sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:158798:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBboxRight, &aCell[aaSorted[iBestDim][iBestSplit]], sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:158865:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aCell[nCell], pCell, sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:159157:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aCell[ii], pCell, sizeof(RtreeCell));
data/charybdis-4.1.2/bandb/sqlite3.c:159635:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *azSql[N_STATEMENT] = {
data/charybdis-4.1.2/bandb/sqlite3.c:159824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRtree->zDb, argv[1], nDb);
data/charybdis-4.1.2/bandb/sqlite3.c:159825:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRtree->zName, argv[2], nName);
data/charybdis-4.1.2/bandb/sqlite3.c:159901:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zCell[512];
data/charybdis-4.1.2/bandb/sqlite3.c:160360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/charybdis-4.1.2/bandb/sqlite3.c:160488:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zLocale = (const char *)sqlite3_value_text(apArg[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:160584:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zLocale = (const char *)sqlite3_value_text(apArg[0]);
data/charybdis-4.1.2/bandb/sqlite3.c:160585:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zName = (const char *)sqlite3_value_text(apArg[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:160737:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zLocale, argv[0], n);
data/charybdis-4.1.2/bandb/sqlite3.c:161786:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zStateDb[5]; /* Db name for state ("stat" or "main") */
data/charybdis-4.1.2/bandb/sqlite3.c:161980:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, &zSrc[ofst], cnt);
data/charybdis-4.1.2/bandb/sqlite3.c:161995:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, zDelta, cnt);
data/charybdis-4.1.2/bandb/sqlite3.c:162467:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zRet, zStr, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:162620:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIter->abIndexed, pIter->abTblPk, sizeof(u8)*pIter->nTblCol);
data/charybdis-4.1.2/bandb/sqlite3.c:163587:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pUp->zMask, zMask, pIter->nTblCol);
data/charybdis-4.1.2/bandb/sqlite3.c:163640:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zStateDb, "stat", 4);
data/charybdis-4.1.2/bandb/sqlite3.c:163642:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zStateDb, "main", 4);
data/charybdis-4.1.2/bandb/sqlite3.c:163890:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
nChar = MultiByteToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0);
data/charybdis-4.1.2/bandb/sqlite3.c:163899:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
nChar = MultiByteToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename,
data/charybdis-4.1.2/bandb/sqlite3.c:164527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zRnd[64];
data/charybdis-4.1.2/bandb/sqlite3.c:164670:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zTarget, zTarget, nTarget+1);
data/charybdis-4.1.2/bandb/sqlite3.c:164672:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zRbu, zRbu, nRbu+1);
data/charybdis-4.1.2/bandb/sqlite3.c:164675:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zState, zState, nState+1);
data/charybdis-4.1.2/bandb/sqlite3.c:165448:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCopy, zName, nCopy);
data/charybdis-4.1.2/bandb/sqlite3.c:165692:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNew->base, &vfs_template, sizeof(sqlite3_vfs));
data/charybdis-4.1.2/bandb/sqlite3.c:165697:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zSpace, zName, nName);
data/charybdis-4.1.2/bandb/sqlite3.c:166538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSpace[100]; /* Initial static space */
data/charybdis-4.1.2/bandb/sqlite3.c:166650:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zNew, p->zBuf, (size_t)p->nUsed);
data/charybdis-4.1.2/bandb/sqlite3.c:166669:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zBuf+p->nUsed, zIn, N);
data/charybdis-4.1.2/bandb/sqlite3.c:168419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zJson, z, (size_t)n+1);
data/charybdis-4.1.2/bandb/sqlite3.c:168441:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zRoot, zRoot, (size_t)n+1);
data/charybdis-4.1.2/bandb/sqlite3.c:171877:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBuf->p[pBuf->n], pData, nData);
data/charybdis-4.1.2/bandb/sqlite3.c:172080:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zRet, pIn, nIn);
data/charybdis-4.1.2/bandb/sqlite3.c:172175:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pEntry->pTerm, pTerm, nTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:172515:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSpace, p2, p-p2);
data/charybdis-4.1.2/bandb/sqlite3.c:172637:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, zIn, nIn+1);
data/charybdis-4.1.2/bandb/sqlite3.c:172981:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( zRank ) memcpy(zRank, pRank, p-pRank);
data/charybdis-4.1.2/bandb/sqlite3.c:173001:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( zRankArgs ) memcpy(zRankArgs, pArgs, p-pArgs);
data/charybdis-4.1.2/bandb/sqlite3.c:173509:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aNew, aIter, sizeof(Fts5PoslistReader) * nIter);
data/charybdis-4.1.2/bandb/sqlite3.c:174668:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSyn->zTerm, pToken, nToken);
data/charybdis-4.1.2/bandb/sqlite3.c:175034:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->apChild[p->nChild], pSub->apChild, nByte);
data/charybdis-4.1.2/bandb/sqlite3.c:175890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zKey[8]; /* Nul-terminated entry key */
data/charybdis-4.1.2/bandb/sqlite3.c:176093:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zKey[1], pToken, nToken);
data/charybdis-4.1.2/bandb/sqlite3.c:177434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pBuf)->p[(pBuf)->n], pBlob, nBlob); \
data/charybdis-4.1.2/bandb/sqlite3.c:177532:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut->aSeg, &pLvl->aSeg[is], sizeof(Fts5StructureSegment));
data/charybdis-4.1.2/bandb/sqlite3.c:181412:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData->p, doclist.p, doclist.n);
data/charybdis-4.1.2/bandb/sqlite3.c:181651:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf.p[1], pToken, nToken);
data/charybdis-4.1.2/bandb/sqlite3.c:182582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, aBlob, n);
data/charybdis-4.1.2/bandb/sqlite3.c:185255:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pAux->zFunc, zName, nName);
data/charybdis-4.1.2/bandb/sqlite3.c:185293:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zName, zName, nName);
data/charybdis-4.1.2/bandb/sqlite3.c:185409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/charybdis-4.1.2/bandb/sqlite3.c:185413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (void*)&pGlobal, sizeof(pGlobal));
data/charybdis-4.1.2/bandb/sqlite3.c:186698:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aAsciiTokenChar[128] = {
data/charybdis-4.1.2/bandb/sqlite3.c:186711:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aTokenChar[128];
data/charybdis-4.1.2/bandb/sqlite3.c:186754:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aTokenChar, aAsciiTokenChar, sizeof(aAsciiTokenChar));
data/charybdis-4.1.2/bandb/sqlite3.c:186802:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aFold[64];
data/charybdis-4.1.2/bandb/sqlite3.c:186907:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aTokenChar[128]; /* ASCII range token characters */
data/charybdis-4.1.2/bandb/sqlite3.c:187018:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aTokenChar, aAsciiTokenChar, sizeof(aAsciiTokenChar));
data/charybdis-4.1.2/bandb/sqlite3.c:187126:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aFold, p->aFold, nFold);
data/charybdis-4.1.2/bandb/sqlite3.c:187180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aBuf[FTS5_PORTER_MAX_TOKEN + 64];
data/charybdis-4.1.2/bandb/sqlite3.c:187267:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nStem], p->zOutput, p->nOutput);
data/charybdis-4.1.2/bandb/sqlite3.c:187506:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-2], "ate", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187514:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-2], "ble", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187522:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-2], "ize", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187541:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ate", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187546:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-6], "tion", 4);
data/charybdis-4.1.2/bandb/sqlite3.c:187555:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ence", 4);
data/charybdis-4.1.2/bandb/sqlite3.c:187560:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ance", 4);
data/charybdis-4.1.2/bandb/sqlite3.c:187569:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ize", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187578:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "log", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187587:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-3], "ble", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187592:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "al", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187597:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ent", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187602:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-3], "e", 1);
data/charybdis-4.1.2/bandb/sqlite3.c:187607:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ous", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187616:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ize", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187621:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ate", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187626:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ate", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187635:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "al", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187640:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ive", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187645:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ful", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187650:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-7], "ous", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187659:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "al", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187664:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ive", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187669:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-6], "ble", 3);
data/charybdis-4.1.2/bandb/sqlite3.c:187688:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-4], "ic", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187705:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ic", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187710:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "ic", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187735:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-5], "al", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187754:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aBuf[nBuf-3], "ee", 2);
data/charybdis-4.1.2/bandb/sqlite3.c:187817:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aBuf, pToken, nBuf);
data/charybdis-4.1.2/bandb/sqlite3.c:188822:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->zFts5Tbl, zTab, nTab);
data/charybdis-4.1.2/bandb/sqlite3.c:188823:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->zFts5Db, zDb, nDb);
data/charybdis-4.1.2/bandb/sqlite3.c:189155:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
data/charybdis-4.1.2/extensions/extb_combi.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *child_data, child_data_buf[BANLEN];
data/charybdis-4.1.2/extensions/extb_extgecos.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/extensions/extb_hostmask.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_host[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/extensions/extb_hostmask.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_iphost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/extensions/extb_hostmask.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_althost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/extensions/extb_hostmask.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_ip4host[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/extensions/helpops.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *fakeparv[4];
data/charybdis-4.1.2/extensions/hurt.c:280:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((expire_time = atoi(parv[1])) < 1)
data/charybdis-4.1.2/extensions/ip_cloaking_3.0.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HOSTLEN + 1] = { 0 };
data/charybdis-4.1.2/extensions/m_findforwards.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[414];
data/charybdis-4.1.2/extensions/m_findforwards.c:100:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "<truncated> ");
data/charybdis-4.1.2/extensions/m_mkpasswd.c:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/extensions/m_mkpasswd.c:155:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/extensions/m_mkpasswd.c:173:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/extensions/m_mkpasswd.c:205:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open("/dev/urandom", O_RDONLY)) < 0)
data/charybdis-4.1.2/extensions/m_okick.c:72:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/extensions/m_omode.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char params[512];
data/charybdis-4.1.2/extensions/m_remove.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char part_buf[REASONLEN + 1];
data/charybdis-4.1.2/extensions/m_remove.c:78:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/extensions/m_roleplay.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick2[NICKLEN+1];
data/charybdis-4.1.2/extensions/m_roleplay.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick3[NICKLEN+1];
data/charybdis-4.1.2/extensions/m_roleplay.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text3[BUFSIZE];
data/charybdis-4.1.2/extensions/m_roleplay.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text2[BUFSIZE];
data/charybdis-4.1.2/extensions/m_sendbans.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/charybdis-4.1.2/extensions/override.c:101:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *parv[4] = {session_p->client->name, session_p->client->name, "-p", NULL};
data/charybdis-4.1.2/include/authproc.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[16]; /* Type of proxy */
data/charybdis-4.1.2/include/authproc.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[HOSTIPLEN]; /* Listener address */
data/charybdis-4.1.2/include/cache.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[CACHEFILELEN];
data/charybdis-4.1.2/include/cache.h:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char user_motd_changed[MAX_DATE_STRING];
data/charybdis-4.1.2/include/channel.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[KEYLEN];
data/charybdis-4.1.2/include/channel.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forward[LOC_CHANNELLEN + 1];
data/charybdis-4.1.2/include/chmode.h:77:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cflagsbuf[256];
data/charybdis-4.1.2/include/chmode.h:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cflagsmyinfo[256];
data/charybdis-4.1.2/include/client.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suser[NICKLEN+1];
data/charybdis-4.1.2/include/client.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char by[NICKLEN];
data/charybdis-4.1.2/include/client.h:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN + 1];
data/charybdis-4.1.2/include/client.h:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[USERLEN + 1]; /* client's username */
data/charybdis-4.1.2/include/client.h:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HOSTLEN + 1]; /* client's hostname */
data/charybdis-4.1.2/include/client.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orighost[HOSTLEN + 1]; /* original hostname (before dynamic spoofing) */
data/charybdis-4.1.2/include/client.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sockhost[HOSTIPLEN + 1]; /* clients ip */
data/charybdis-4.1.2/include/client.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[REALLEN + 1]; /* Free form additional client info */
data/charybdis-4.1.2/include/client.h:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[IDLEN]; /* UID/SID, unique on the network */
data/charybdis-4.1.2/include/client.h:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sasl_agent[IDLEN];
data/charybdis-4.1.2/include/client.h:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spoofnick[NICKLEN + 1];
data/charybdis-4.1.2/include/client.h:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spoofuser[USERLEN + 1];
data/charybdis-4.1.2/include/client.h:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spoofhost[HOSTLEN + 1];
data/charybdis-4.1.2/include/client.h:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[IDLEN]; /* UID/SID, unique on the network (unverified) */
data/charybdis-4.1.2/include/defaults.h:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *ircd_paths[IRCD_PATH_COUNT];
data/charybdis-4.1.2/include/ircd.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char operstring[REALLEN];
data/charybdis-4.1.2/include/ircd.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adminstring[REALLEN];
data/charybdis-4.1.2/include/listener.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vhost[(HOSTLEN * 2) + 1]; /* virtual name of listener */
data/charybdis-4.1.2/include/monitor.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NICKLEN];
data/charybdis-4.1.2/include/msgbuf.h:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *para[MAXPARA]; /* parameters vector (starting with cmd as para[0]) */
data/charybdis-4.1.2/include/msgbuf.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[DATALEN + 1];
data/charybdis-4.1.2/include/s_conf.h:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char conf_line_in[256];
data/charybdis-4.1.2/include/s_conf.h:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[4];
data/charybdis-4.1.2/include/s_conf.h:386:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char conffilebuf[BUFSIZE + 1];
data/charybdis-4.1.2/include/s_newconf.h:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NICKLEN+1];
data/charybdis-4.1.2/include/whowas.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NICKLEN + 1];
data/charybdis-4.1.2/include/whowas.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[USERLEN + 1];
data/charybdis-4.1.2/include/whowas.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOSTLEN + 1];
data/charybdis-4.1.2/include/whowas.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sockhost[HOSTIPLEN + 1];
data/charybdis-4.1.2/include/whowas.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realname[REALLEN + 1];
data/charybdis-4.1.2/include/whowas.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suser[NICKLEN + 1];
data/charybdis-4.1.2/ircd/authproc.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX + 1];
data/charybdis-4.1.2/ircd/authproc.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[READBUF_SIZE];
data/charybdis-4.1.2/ircd/authproc.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *parv[MAXPARA];
data/charybdis-4.1.2/ircd/authproc.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_ipaddr[HOSTIPLEN+1];
data/charybdis-4.1.2/ircd/authproc.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listen_ipaddr[HOSTIPLEN+1];
data/charybdis-4.1.2/ircd/authproc.c:590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filterbuf[BUFSIZE] = "*";
data/charybdis-4.1.2/ircd/authproc.c:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipbuf[HOSTIPLEN];
data/charybdis-4.1.2/ircd/authproc.c:702:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipbuf[HOSTIPLEN];
data/charybdis-4.1.2/ircd/bandbi.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bandb_add_letter[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/ircd/bandbi.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX + 1];
data/charybdis-4.1.2/ircd/bandbi.c:129:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/bandbi.c:145:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bandb_del_letter[LAST_BANDB_TYPE] = {
data/charybdis-4.1.2/ircd/bandbi.c:155:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/bandbi.c:400:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[READBUF_SIZE];
data/charybdis-4.1.2/ircd/bandbi.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *parv[MAXPARA];
data/charybdis-4.1.2/ircd/cache.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_motd_changed[MAX_DATE_STRING];
data/charybdis-4.1.2/ircd/cache.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BUFSIZE];
data/charybdis-4.1.2/ircd/cache.c:119:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((in = fopen(filename, "r")) == NULL)
data/charybdis-4.1.2/ircd/cache.c:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untabline[BUFSIZE];
data/charybdis-4.1.2/ircd/cache.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/charybdis-4.1.2/ircd/capability.c:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/capability.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/channel.c:195:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[3];
data/charybdis-4.1.2/ircd/channel.c:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[BUFSIZE];
data/charybdis-4.1.2/ircd/channel.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_host[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_iphost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_althost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:545:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_ip4host[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_host[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_iphost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_althost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_host[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_iphost[NAMELEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/channel.c:1182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZE];
data/charybdis-4.1.2/ircd/channel.c:1183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[BUFSIZE];
data/charybdis-4.1.2/ircd/channel.c:1184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char final[BUFSIZE];
data/charybdis-4.1.2/ircd/channel.c:1204:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pbuf += sprintf(pbuf, " %d", chptr->mode.limit);
data/charybdis-4.1.2/ircd/channel.c:1220:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pbuf += sprintf(pbuf, " %d:%d", chptr->mode.join_num,
data/charybdis-4.1.2/ircd/channel.c:1259:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modebuf[BUFSIZE];
data/charybdis-4.1.2/ircd/channel.c:1260:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parabuf[BUFSIZE];
data/charybdis-4.1.2/ircd/chmode.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cflagsbuf[256];
data/charybdis-4.1.2/ircd/chmode.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cflagsmyinfo[256];
data/charybdis-4.1.2/ircd/chmode.c:247:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char who[USERHOST_REPLYLEN];
data/charybdis-4.1.2/ircd/chmode.c:372:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mask_buf[BUFSIZE];
data/charybdis-4.1.2/ircd/chmode.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask_buf + mask_pos, mask, masklen + 1);
data/charybdis-4.1.2/ircd/chmode.c:469:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask_buf + mask_pos, nick, nl), mask_pos += nl;
data/charybdis-4.1.2/ircd/chmode.c:471:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask_buf + mask_pos, user, ul), mask_pos += ul;
data/charybdis-4.1.2/ircd/chmode.c:473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask_buf + mask_pos, host, hl), mask_pos += hl;
data/charybdis-4.1.2/ircd/chmode.c:476:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask_buf + mask_pos, forward, fl), mask_pos += fl;
data/charybdis-4.1.2/ircd/chmode.c:847:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BANLEN];
data/charybdis-4.1.2/ircd/chmode.c:970:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BANLEN * MAXMODEPARAMS];
data/charybdis-4.1.2/ircd/chmode.c:1145:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char limitstr[30];
data/charybdis-4.1.2/ircd/chmode.c:1162:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(EmptyString(lstr) || (limit = atoi(lstr)) <= 0)
data/charybdis-4.1.2/ircd/chmode.c:1165:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(limitstr, "%d", limit);
data/charybdis-4.1.2/ircd/chmode.c:1673:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modebuf[BUFSIZE];
data/charybdis-4.1.2/ircd/chmode.c:1674:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parabuf[BUFSIZE];
data/charybdis-4.1.2/ircd/client.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char current_uid[IDLEN];
data/charybdis-4.1.2/ircd/client.c:92:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notice[REASONLEN];
data/charybdis-4.1.2/ircd/client.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[32]; /* way too generous but... */
data/charybdis-4.1.2/ircd/client.c:743:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[NICKLEN+10];
data/charybdis-4.1.2/ircd/client.c:1021:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[HOSTLEN * 2 + USERLEN + 5];
data/charybdis-4.1.2/ircd/client.c:1071:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[HOSTLEN * 2 + USERLEN + 5];
data/charybdis-4.1.2/ircd/client.c:1449:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char comment1[(HOSTLEN*2)+2];
data/charybdis-4.1.2/ircd/client.c:1450:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newcomment[BUFSIZE];
data/charybdis-4.1.2/ircd/client.c:1454:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment1, "*.net *.split");
data/charybdis-4.1.2/ircd/client.c:1524:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char comment1[(HOSTLEN*2)+2];
data/charybdis-4.1.2/ircd/client.c:1525:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newcomment[BUFSIZE];
data/charybdis-4.1.2/ircd/client.c:1557:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(comment1, "*.net *.split");
data/charybdis-4.1.2/ircd/client.c:1597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[26];
data/charybdis-4.1.2/ircd/client.c:2115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[255];
data/charybdis-4.1.2/ircd/extban.c:96:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e[256];
data/charybdis-4.1.2/ircd/getopt.c:78:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *) opts[i].argloc) = atoi((*argv)[1]);
data/charybdis-4.1.2/ircd/getopt.c:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*((char **) opts[i].argloc) =
data/charybdis-4.1.2/ircd/getopt.c:94:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy(*((char **) opts[i].argloc), (*argv)[1]);
data/charybdis-4.1.2/ircd/hook.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newhooks, hooks, sizeof(hook) * num_hooks);
data/charybdis-4.1.2/ircd/hostmask.c:72:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*b = atoi(ptr);
data/charybdis-4.1.2/ircd/hostmask.c:90:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*b = atoi(ptr);
data/charybdis-4.1.2/ircd/hostmask.c:687:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prefix_of_host[USERLEN + 15];
data/charybdis-4.1.2/ircd/ircd.c:120:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ircd_paths[IRCD_PATH_COUNT] = {
data/charybdis-4.1.2/ircd/ircd.c:139:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ircd_pathnames[IRCD_PATH_COUNT] = {
data/charybdis-4.1.2/ircd/ircd.c:228:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((nullfd = open("/dev/null", O_RDWR)) < 0)
data/charybdis-4.1.2/ircd/ircd.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[PATH_MAX], workbuf[PATH_MAX];
data/charybdis-4.1.2/ircd/ircd.c:465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[32];
data/charybdis-4.1.2/ircd/ircd.c:466:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fb = fopen(filename, "w")))
data/charybdis-4.1.2/ircd/ircd.c:498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[32];
data/charybdis-4.1.2/ircd/ircd.c:502:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fb = fopen(filename, "r")))
data/charybdis-4.1.2/ircd/ircd.c:506:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pidfromfile = atoi(buff);
data/charybdis-4.1.2/ircd/ircd.c:584:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/charybdis-4.1.2/ircd/ircd.c:715:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR);
data/charybdis-4.1.2/ircd/listener.c:109:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/listener.c:331:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in6 *)&vaddr[0])->sin6_addr, &in6addr_any, sizeof(struct in6_addr));
data/charybdis-4.1.2/ircd/listener.c:411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in6 *)&vaddr[0])->sin6_addr, &in6addr_any, sizeof(struct in6_addr));
data/charybdis-4.1.2/ircd/listener.c:505:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage));
data/charybdis-4.1.2/ircd/listener.c:506:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage));
data/charybdis-4.1.2/ircd/listener.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/listener.c:635:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "ERROR :You have been D-lined.\r\n");
data/charybdis-4.1.2/ircd/logger.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/ircd/logger.c:122:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_main = fopen(logFileName, "a");
data/charybdis-4.1.2/ircd/logger.c:133:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_main = fopen(logFileName, "a");
data/charybdis-4.1.2/ircd/logger.c:142:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*log_table[i].logfile = fopen(*log_table[i].name, "a");
data/charybdis-4.1.2/ircd/logger.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/logger.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[BUFSIZE];
data/charybdis-4.1.2/ircd/logger.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/logger.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/logger.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/logger.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/logger.c:287:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_DATE_STRING];
data/charybdis-4.1.2/ircd/match.c:317:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (mask % 8 == 0 || (((unsigned char *) addr)[n] & m) == (((unsigned char *) dest)[n] & m))
data/charybdis-4.1.2/ircd/match.c:317:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (mask % 8 == 0 || (((unsigned char *) addr)[n] & m) == (((unsigned char *) dest)[n] & m))
data/charybdis-4.1.2/ircd/match.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[BUFSIZE];
data/charybdis-4.1.2/ircd/match.c:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[HOSTLEN + 1];
data/charybdis-4.1.2/ircd/match.c:368:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cidrlen = atoi(len);
data/charybdis-4.1.2/ircd/match.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[BUFSIZE];
data/charybdis-4.1.2/ircd/match.c:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[NICKLEN + USERLEN + HOSTLEN + 6];
data/charybdis-4.1.2/ircd/match.c:441:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cidrlen = atoi(len);
data/charybdis-4.1.2/ircd/modules.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_ext[PATH_MAX + 1];
data/charybdis-4.1.2/ircd/modules.c:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module_fq_name[PATH_MAX + 1];
data/charybdis-4.1.2/ircd/modules.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module_name[PATH_MAX];
data/charybdis-4.1.2/ircd/modules.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modpath[PATH_MAX];
data/charybdis-4.1.2/ircd/monitor.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[USERHOST_REPLYLEN];
data/charybdis-4.1.2/ircd/msgbuf.c:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tag_escape_table[256] = {
data/charybdis-4.1.2/ircd/msgbuf.c:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tag_unescape_table[256] = {
data/charybdis-4.1.2/ircd/newconf.c:835:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *listener_address[2];
data/charybdis-4.1.2/ircd/newconf.c:2121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[HOSTIPLEN];
data/charybdis-4.1.2/ircd/newconf.c:2135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[HOSTIPLEN];
data/charybdis-4.1.2/ircd/newconf.c:2376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[BUFSIZE + 1] = { 0 };
data/charybdis-4.1.2/ircd/newconf.c:2396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[BUFSIZE + 1] = { 0 };
data/charybdis-4.1.2/ircd/operhash.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ohash->name, name, len);
data/charybdis-4.1.2/ircd/packet.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char readBuf[READBUF_SIZE];
data/charybdis-4.1.2/ircd/parse.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/charybdis-4.1.2/ircd/parse.c:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[BUFSIZE]; int i;
data/charybdis-4.1.2/ircd/parse.c:129:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numeric = atoi(msgbuf.cmd);
data/charybdis-4.1.2/ircd/parse.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[80];
data/charybdis-4.1.2/ircd/parse.c:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[4];
data/charybdis-4.1.2/ircd/parse.c:399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sid, lsender, 3);
data/charybdis-4.1.2/ircd/restart.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX+1];
data/charybdis-4.1.2/ircd/s_conf.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char yy_linebuf[16384]; /* defined in ircd_lexer.l */
data/charybdis-4.1.2/ircd/s_conf.c:266:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ipaddr[HOSTIPLEN];
data/charybdis-4.1.2/ircd/s_conf.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char non_ident[USERLEN + 1];
data/charybdis-4.1.2/ircd/s_conf.c:1030:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitlen = atoi(p + 1);
data/charybdis-4.1.2/ircd/s_conf.c:1263:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[NAMELEN + USERLEN + HOSTLEN + HOSTLEN + 5];
data/charybdis-4.1.2/ircd/s_conf.c:1313:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char reasonbuf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_conf.c:1343:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char operreasonbuf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_conf.c:1387:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((conf_fbfile_in = fopen(filename, "r")) == NULL)
data/charybdis-4.1.2/ircd/s_conf.c:1643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newlinebuf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_newconf.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/charybdis-4.1.2/ircd/s_newconf.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/charybdis-4.1.2/ircd/s_newconf.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[HOSTLEN+1];
data/charybdis-4.1.2/ircd/s_serv.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_serv.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char operbuf[NICKLEN + USERLEN + HOSTLEN + HOSTLEN + 5];
data/charybdis-4.1.2/ircd/s_serv.c:512:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, me.name, melen);
data/charybdis-4.1.2/ircd/s_serv.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_serv.c:765:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_serv.c:799:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[HOSTLEN + 15];
data/charybdis-4.1.2/ircd/s_serv.c:1036:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[HOSTLEN + 10];
data/charybdis-4.1.2/ircd/s_serv.c:1081:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[HOSTLEN + 1];
data/charybdis-4.1.2/ircd/s_serv.c:1184:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(client_p->serv->by, "AutoConn.");
data/charybdis-4.1.2/ircd/s_user.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char umodebuf[128];
data/charybdis-4.1.2/ircd/s_user.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr2[BUFSIZE];
data/charybdis-4.1.2/ircd/s_user.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[HOSTIPLEN];
data/charybdis-4.1.2/ircd/s_user.c:353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myusername[USERLEN+1];
data/charybdis-4.1.2/ircd/s_user.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[NAMELEN + 10];
data/charybdis-4.1.2/ircd/s_user.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_user.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_user.c:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_user.c:1316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/s_user.c:1515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[10], modeval[NICKLEN * 2 + 2], reason[256], *mptr;
data/charybdis-4.1.2/ircd/scache.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HOSTLEN + 1];
data/charybdis-4.1.2/ircd/scache.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[REALLEN + 1];
data/charybdis-4.1.2/ircd/send.c:499:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/send.c:986:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/send.c:1054:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/send.c:1266:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/send.c:1450:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/snomask.c:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char snobuf[BUFSIZE];
data/charybdis-4.1.2/ircd/sslproc.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuf[READBUF_SIZE];
data/charybdis-4.1.2/ircd/sslproc.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[256];
data/charybdis-4.1.2/ircd/sslproc.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &x, sizeof(x));
data/charybdis-4.1.2/ircd/sslproc.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX + 1];
data/charybdis-4.1.2/ircd/sslproc.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdarg[6];
data/charybdis-4.1.2/ircd/sslproc.c:259:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *parv[2];
data/charybdis-4.1.2/ircd/sslproc.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/charybdis-4.1.2/ircd/sslproc.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_pid[10];
data/charybdis-4.1.2/ircd/sslproc.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *parv[6];
data/charybdis-4.1.2/ircd/sslproc.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[256];
data/charybdis-4.1.2/ircd/sslproc.c:713:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctl_buf->buf, buf, buflen);
data/charybdis-4.1.2/ircd/sslproc.c:769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/charybdis-4.1.2/ircd/sslproc.c:804:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/charybdis-4.1.2/ircd/sslproc.c:823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/charybdis-4.1.2/ircd/sslproc.c:952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(uint8_t) + sizeof(uint32_t) + HOSTLEN];
data/charybdis-4.1.2/ircd/substitution.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/ircd/substitution.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[BUFSIZE] = { 0 };
data/charybdis-4.1.2/ircd/supported.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char allowed_chantypes[BUFSIZE];
data/charybdis-4.1.2/ircd/supported.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/ircd/supported.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/charybdis-4.1.2/ircd/supported.c:239:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[80];
data/charybdis-4.1.2/ircd/supported.c:252:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[30];
data/charybdis-4.1.2/ircd/supported.c:261:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[30];
data/charybdis-4.1.2/ircd/supported.c:273:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[200];
data/charybdis-4.1.2/ircd/supported.c:285:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[200];
data/charybdis-4.1.2/ircd/supported.c:297:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[200];
data/charybdis-4.1.2/ircd/wsproc.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &x, sizeof(x));
data/charybdis-4.1.2/ircd/wsproc.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX + 1];
data/charybdis-4.1.2/ircd/wsproc.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdarg[6];
data/charybdis-4.1.2/ircd/wsproc.c:244:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *parv[2];
data/charybdis-4.1.2/ircd/wsproc.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/charybdis-4.1.2/ircd/wsproc.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_pid[10];
data/charybdis-4.1.2/ircd/wsproc.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[256];
data/charybdis-4.1.2/ircd/wsproc.c:502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctl_buf->buf, buf, buflen);
data/charybdis-4.1.2/ircd/wsproc.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/charybdis-4.1.2/librb/include/rb_commio.h:167:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int rb_get_ssl_certfp_file(const char *filename, uint8_t certfp[RB_SSL_CERTFP_LEN], int method);
data/charybdis-4.1.2/librb/include/rb_linebuf.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINEBUF_SIZE + CRLF_LEN + 1];
data/charybdis-4.1.2/librb/src/arc4random.c:121:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/charybdis-4.1.2/librb/src/commio.c:366:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int opt_mapped = env_mapped != NULL ? atoi(env_mapped) : opt_zero;
data/charybdis-4.1.2/librb/src/commio.c:421:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&paddrparams.spp_address, &in6addr_any, sizeof(in6addr_any));
data/charybdis-4.1.2/librb/src/commio.c:693:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &dest[i], sizeof(struct sockaddr_in6));
data/charybdis-4.1.2/librb/src/commio.c:697:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &dest[i], sizeof(struct sockaddr_in));
data/charybdis-4.1.2/librb/src/commio.c:813:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &F->connect->hostaddr, len);
data/charybdis-4.1.2/librb/src/commio.c:1032:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, &in4, sizeof(struct sockaddr_in));
data/charybdis-4.1.2/librb/src/commio.c:1424:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/charybdis-4.1.2/librb/src/commio.c:1491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
data/charybdis-4.1.2/librb/src/commio.c:1568:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tp += sprintf(tp, "%x", words[i]);
data/charybdis-4.1.2/librb/src/commio.c:1583:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dst, tmp, tp - tmp);
data/charybdis-4.1.2/librb/src/commio.c:1682:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[INADDRSZ], *tp;
data/charybdis-4.1.2/librb/src/commio.c:1716:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, INADDRSZ);
data/charybdis-4.1.2/librb/src/commio.c:1738:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/charybdis-4.1.2/librb/src/commio.c:1829:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN6ADDRSZ);
data/charybdis-4.1.2/librb/src/commio.c:1844:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[HOSTIPLEN];
data/charybdis-4.1.2/librb/src/commio.c:2065:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iotype[25];
data/charybdis-4.1.2/librb/src/commio.c:2481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len];
data/charybdis-4.1.2/librb/src/commio.c:2525:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip4->sin_addr, ip6->sin6_addr.s6_addr + 2, 4);
data/charybdis-4.1.2/librb/src/crypt.c:650:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[21];
data/charybdis-4.1.2/librb/src/crypt.c:762:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/charybdis-4.1.2/librb/src/crypt.c:771:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Encode memcpy
data/charybdis-4.1.2/librb/src/crypt.c:772:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Decode memcpy
data/charybdis-4.1.2/librb/src/crypt.c:806:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/charybdis-4.1.2/librb/src/crypt.c:890:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&context->buffer[idx], (const void *)input,
data/charybdis-4.1.2/librb/src/crypt.c:903:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void *)&context->buffer[idx], (const void *)&input[i],
data/charybdis-4.1.2/librb/src/crypt.c:915:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/charybdis-4.1.2/librb/src/crypt.c:937:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/charybdis-4.1.2/librb/src/crypt.c:955:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char block[64];
data/charybdis-4.1.2/librb/src/crypt.c:1069:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char final[MD5_SIZE];
data/charybdis-4.1.2/librb/src/crypt.c:1071:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char passwd[120], *p;
data/charybdis-4.1.2/librb/src/crypt.c:1184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128]; /* NB: always correctly aligned for uint32_t. */
data/charybdis-4.1.2/librb/src/crypt.c:1196:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char SHA256_fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
data/charybdis-4.1.2/librb/src/crypt.c:1356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[bytes], SHA256_fillbuf, pad);
data/charybdis-4.1.2/librb/src/crypt.c:1385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[left_over], buffer, add);
data/charybdis-4.1.2/librb/src/crypt.c:1394:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~63], ctx->buflen);
data/charybdis-4.1.2/librb/src/crypt.c:1414:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
rb_sha256_process_block(memcpy(ctx->buffer, buffer, 64), 64, ctx);
data/charybdis-4.1.2/librb/src/crypt.c:1431:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[left_over], buffer, len);
data/charybdis-4.1.2/librb/src/crypt.c:1437:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, &ctx->buffer[64], left_over);
data/charybdis-4.1.2/librb/src/crypt.c:1462:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alt_result[32] __attribute__ ((__aligned__(__alignof__(uint32_t))));
data/charybdis-4.1.2/librb/src/crypt.c:1463:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp_result[32] __attribute__ ((__aligned__(__alignof__(uint32_t))));
data/charybdis-4.1.2/librb/src/crypt.c:1504:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + __alignof__(uint32_t)
data/charybdis-4.1.2/librb/src/crypt.c:1512:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + __alignof__(uint32_t)
data/charybdis-4.1.2/librb/src/crypt.c:1575:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, 32);
data/charybdis-4.1.2/librb/src/crypt.c:1578:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, cnt);
data/charybdis-4.1.2/librb/src/crypt.c:1594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, 32);
data/charybdis-4.1.2/librb/src/crypt.c:1597:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, cnt);
data/charybdis-4.1.2/librb/src/crypt.c:1727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256]; /* NB: always correctly aligned for uint64_t. */
data/charybdis-4.1.2/librb/src/crypt.c:1748:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char SHA512_fillbuf[128] = { 0x80, 0 /* , 0, 0, ... */ };
data/charybdis-4.1.2/librb/src/crypt.c:1932:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[bytes], SHA512_fillbuf, pad);
data/charybdis-4.1.2/librb/src/crypt.c:1961:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[left_over], buffer, add);
data/charybdis-4.1.2/librb/src/crypt.c:1970:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, &ctx->buffer[(left_over + add) & ~127], ctx->buflen);
data/charybdis-4.1.2/librb/src/crypt.c:1991:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
rb_sha512_process_block(memcpy(ctx->buffer, buffer, 128), 128, ctx);
data/charybdis-4.1.2/librb/src/crypt.c:2009:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[left_over], buffer, len);
data/charybdis-4.1.2/librb/src/crypt.c:2015:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, &ctx->buffer[128], left_over);
data/charybdis-4.1.2/librb/src/crypt.c:2040:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alt_result[64] __attribute__ ((__aligned__(__alignof__(uint64_t))));
data/charybdis-4.1.2/librb/src/crypt.c:2041:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp_result[64] __attribute__ ((__aligned__(__alignof__(uint64_t))));
data/charybdis-4.1.2/librb/src/crypt.c:2082:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + __alignof__(uint64_t)
data/charybdis-4.1.2/librb/src/crypt.c:2090:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + __alignof__(uint64_t)
data/charybdis-4.1.2/librb/src/crypt.c:2153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, 64);
data/charybdis-4.1.2/librb/src/crypt.c:2156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, cnt);
data/charybdis-4.1.2/librb/src/crypt.c:2172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, 64);
data/charybdis-4.1.2/librb/src/crypt.c:2175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, temp_result, cnt);
data/charybdis-4.1.2/librb/src/devpoll.c:147:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dpfd = open("/dev/poll", O_RDWR);
data/charybdis-4.1.2/librb/src/dictionary.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/charybdis-4.1.2/librb/src/epoll.c:466:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[FD_DESC_SZ + 8];
data/charybdis-4.1.2/librb/src/event.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_event_ran[EV_NAME_LEN];
data/charybdis-4.1.2/librb/src/event.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/librb/src/gnutls.c:325:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int datum_fd = open(file, O_RDONLY);
data/charybdis-4.1.2/librb/src/gnutls.c:427:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char derkey[262144]; // Should be big enough to hold any SubjectPublicKeyInfo structure
data/charybdis-4.1.2/librb/src/gnutls.c:692:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rb_get_ssl_certfp_file(const char *const filename, uint8_t certfp[const RB_SSL_CERTFP_LEN], const int method)
data/charybdis-4.1.2/librb/src/gnutls.c:732:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/charybdis-4.1.2/librb/src/gnutls.c:861:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(&cli_F->accept->S, st, (size_t) addrlen);
data/charybdis-4.1.2/librb/src/helper.c:71:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x = open("/dev/null", O_RDWR);
data/charybdis-4.1.2/librb/src/helper.c:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *parv[2];
data/charybdis-4.1.2/librb/src/helper.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/charybdis-4.1.2/librb/src/helper.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fx[16], fy[16];
data/charybdis-4.1.2/librb/src/helper.c:248:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32768];
data/charybdis-4.1.2/librb/src/linebuf.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufch, ch, cpylen);
data/charybdis-4.1.2/librb/src/linebuf.c:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufch, ch, cpylen);
data/charybdis-4.1.2/librb/src/linebuf.c:293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufch, ch, clen);
data/charybdis-4.1.2/librb/src/linebuf.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufch, ch, cpylen);
data/charybdis-4.1.2/librb/src/linebuf.c:446:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, cpylen);
data/charybdis-4.1.2/librb/src/mbedtls.c:321:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[512];
data/charybdis-4.1.2/librb/src/mbedtls.c:327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbed_errbuf[512];
data/charybdis-4.1.2/librb/src/mbedtls.c:379:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char der_pubkey[8192];
data/charybdis-4.1.2/librb/src/mbedtls.c:649:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rb_get_ssl_certfp_file(const char *const filename, uint8_t certfp[const RB_SSL_CERTFP_LEN], const int method)
data/charybdis-4.1.2/librb/src/mbedtls.c:669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_str[512];
data/charybdis-4.1.2/librb/src/mbedtls.c:683:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/charybdis-4.1.2/librb/src/mbedtls.c:851:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(&cli_F->accept->S, st, (size_t) addrlen);
data/charybdis-4.1.2/librb/src/mbedtls_ratbox.h:175:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rb_mbedtls_dummy_ca_certificate[825] = {
data/charybdis-4.1.2/librb/src/nossl.c:102:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rb_get_ssl_certfp_file(const char *filename, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
data/charybdis-4.1.2/librb/src/openssl.c:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[512];
data/charybdis-4.1.2/librb/src/openssl.c:395:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const dhf = fopen(dhfile, "r");
data/charybdis-4.1.2/librb/src/openssl.c:553:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rb_get_ssl_certfp_file(const char *const filename, uint8_t certfp[const RB_SSL_CERTFP_LEN], const int method)
data/charybdis-4.1.2/librb/src/openssl.c:555:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen(filename, "r");
data/charybdis-4.1.2/librb/src/openssl.c:597:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/charybdis-4.1.2/librb/src/openssl.c:722:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(&cli_F->accept->S, st, (size_t) addrlen);
data/charybdis-4.1.2/librb/src/patricia.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[6];
data/charybdis-4.1.2/librb/src/patricia.c:95:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[INET6_ADDRSTRLEN + 6];
data/charybdis-4.1.2/librb/src/patricia.c:114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prefix->add.sin6, dest, 16);
data/charybdis-4.1.2/librb/src/patricia.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prefix->add.sin, dest, 4);
data/charybdis-4.1.2/librb/src/patricia.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save[MAXLINE];
data/charybdis-4.1.2/librb/src/patricia.c:179:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bitlen = atol(cp + 1);
data/charybdis-4.1.2/librb/src/patricia.c:183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save, string, cp - string);
data/charybdis-4.1.2/librb/src/radixtree.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckey_store[256];
data/charybdis-4.1.2/librb/src/radixtree.c:1071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/charybdis-4.1.2/librb/src/rawbuf.c:203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data, clen);
data/charybdis-4.1.2/librb/src/rawbuf.c:222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data, data, clen);
data/charybdis-4.1.2/librb/src/rawbuf.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ptr, cpylen);
data/charybdis-4.1.2/librb/src/rb_lib.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[512];
data/charybdis-4.1.2/librb/src/rb_lib.c:64:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timex[128];
data/charybdis-4.1.2/librb/src/rb_lib.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rb_time, &newtime, sizeof(struct timeval));
data/charybdis-4.1.2/librb/src/rb_lib.c:191:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version_info[512];
data/charybdis-4.1.2/librb/src/rb_lib.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssl_info[512];
data/charybdis-4.1.2/librb/src/select.c:193:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpreadfds, &select_readfds, sizeof(fd_set));
data/charybdis-4.1.2/librb/src/select.c:194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmpwritefds, &select_writefds, sizeof(fd_set));
data/charybdis-4.1.2/librb/src/tools.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len);
data/charybdis-4.1.2/librb/src/tools.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len);
data/charybdis-4.1.2/librb/src/unix.c:85:13: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
if(!(pid = vfork()))
data/charybdis-4.1.2/librb/src/unix.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path_buf[4096];
data/charybdis-4.1.2/librb/src/unix.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[4096];
data/charybdis-4.1.2/librb/src/win32.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAX_PATH];
data/charybdis-4.1.2/librb/src/win32.c:199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inf, &info, sizeof(WSAPROTOCOL_INFO));
data/charybdis-4.1.2/librb/src/win32.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &magic, sizeof(magic));
data/charybdis-4.1.2/librb/src/win32.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &datasize, sizeof(size_t));
data/charybdis-4.1.2/librb/src/win32.c:256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data, datasize);
data/charybdis-4.1.2/librb/src/win32.c:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&magic, ptr, sizeof(uint32_t));
data/charybdis-4.1.2/librb/src/win32.c:295:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&count, ptr, sizeof(uint8_t));
data/charybdis-4.1.2/librb/src/win32.c:305:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&datalen, ptr, sizeof(size_t));
data/charybdis-4.1.2/librb/src/win32.c:308:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ptr, datalen);
data/charybdis-4.1.2/librb/src/win32.c:604:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/charybdis-4.1.2/librb/src/win32.c:612:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path_buf[MAX_PATH];
data/charybdis-4.1.2/modules/cap_server_time.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/chm_nocolour.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_ban.c:123:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
created = atol(parv[4]);
data/charybdis-4.1.2/modules/core/m_ban.c:124:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hold = created + atoi(parv[5]);
data/charybdis-4.1.2/modules/core/m_ban.c:125:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lifetime = created + atoi(parv[6]);
data/charybdis-4.1.2/modules/core/m_error.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix2[100];
data/charybdis-4.1.2/modules/core/m_join.c:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char jbuf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_join.c:234:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(*name == '0' && !atoi(name))
data/charybdis-4.1.2/modules/core/m_join.c:396:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modebuf[MODEBUFLEN];
data/charybdis-4.1.2/modules/core/m_join.c:397:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parabuf[MODEBUFLEN];
data/charybdis-4.1.2/modules/core/m_join.c:431:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[1]);
data/charybdis-4.1.2/modules/core/m_join.c:508:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modebuf[MODEBUFLEN];
data/charybdis-4.1.2/modules/core/m_join.c:509:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parabuf[MODEBUFLEN];
data/charybdis-4.1.2/modules/core/m_join.c:510:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_uid[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_join.c:535:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *para[MAXMODEPARAMS];
data/charybdis-4.1.2/modules/core/m_join.c:557:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[1]);
data/charybdis-4.1.2/modules/core/m_join.c:585:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode.limit = atoi(parv[4 + args]);
data/charybdis-4.1.2/modules/core/m_join.c:1124:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(pbuf, "%d ", mode->limit);
data/charybdis-4.1.2/modules/core/m_join.c:1146:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(pbuf, "%d:%d ", mode->join_num, mode->join_time);
data/charybdis-4.1.2/modules/core/m_join.c:1178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lmodebuf[MODEBUFLEN];
data/charybdis-4.1.2/modules/core/m_join.c:1179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lpara[MAXMODEPARAMS];
data/charybdis-4.1.2/modules/core/m_join.c:1274:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lmodebuf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_join.c:1275:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lparabuf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_kick.c:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_kill.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_kill.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_message.c:149:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cmdname[MESSAGE_TYPE_COUNT] = {
data/charybdis-4.1.2/modules/core/m_mode.c:192:5: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atol(parv[1]) > chptr->channelts)
data/charybdis-4.1.2/modules/core/m_mode.c:229:5: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atol(parv[1]) > chptr->channelts)
data/charybdis-4.1.2/modules/core/m_mode.c:268:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modebuf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_mode.c:269:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parabuf[BUFSIZE];
data/charybdis-4.1.2/modules/core/m_mode.c:293:5: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atol(parv[1]) > chptr->channelts)
data/charybdis-4.1.2/modules/core/m_nick.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick[NICKLEN];
data/charybdis-4.1.2/modules/core/m_nick.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick[NICKLEN];
data/charybdis-4.1.2/modules/core/m_nick.c:261:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[2]);
data/charybdis-4.1.2/modules/core/m_nick.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[120];
data/charybdis-4.1.2/modules/core/m_nick.c:324:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[3]);
data/charybdis-4.1.2/modules/core/m_nick.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[120];
data/charybdis-4.1.2/modules/core/m_nick.c:413:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[3]);
data/charybdis-4.1.2/modules/core/m_nick.c:512:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (target_p->tsinfo == atol(parv[2]))
data/charybdis-4.1.2/modules/core/m_nick.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[NICKLEN + 10];
data/charybdis-4.1.2/modules/core/m_nick.c:625:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[NICKLEN + 10];
data/charybdis-4.1.2/modules/core/m_nick.c:1044:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
source_p->hopcount = atoi(parv[2]);
data/charybdis-4.1.2/modules/core/m_nick.c:1202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[100];
data/charybdis-4.1.2/modules/core/m_part.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[REASONLEN + 1];
data/charybdis-4.1.2/modules/core/m_quit.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[REASONLEN + 1];
data/charybdis-4.1.2/modules/core/m_server.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[REALLEN + 1];
data/charybdis-4.1.2/modules/core/m_server.c:83:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hop = atoi(parv[2]);
data/charybdis-4.1.2/modules/core/m_server.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[REALLEN + 1];
data/charybdis-4.1.2/modules/core/m_server.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[160];
data/charybdis-4.1.2/modules/core/m_server.c:353:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hop = atoi(parv[2]);
data/charybdis-4.1.2/modules/core/m_server.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[160];
data/charybdis-4.1.2/modules/core/m_server.c:662:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
target_p->hopcount = atoi(parv[2]);
data/charybdis-4.1.2/modules/m_accept.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char addbuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_accept.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char delbuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_accept.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nicks[BUFSIZE];
data/charybdis-4.1.2/modules/m_alias.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message->handlers, alias_msgtab, sizeof(alias_msgtab));
data/charybdis-4.1.2/modules/m_cap.c:95:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_cap.c:155:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_prefix[DATALEN + 1];
data/charybdis-4.1.2/modules/m_cap.c:156:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_list[DATALEN + 1];
data/charybdis-4.1.2/modules/m_cap.c:284:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
caps_version = atoi(arg);
data/charybdis-4.1.2/modules/m_cap.c:299:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_prefix[DATALEN + 1];
data/charybdis-4.1.2/modules/m_cap.c:300:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_list[2][DATALEN + 1];
data/charybdis-4.1.2/modules/m_challenge.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chal_line[CHALLENGE_WIDTH];
data/charybdis-4.1.2/modules/m_challenge.c:147:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
b_response = rb_base64_decode((const unsigned char *)parv[1], strlen(parv[1]), &len);
data/charybdis-4.1.2/modules/m_challenge.c:287:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char secret[CHALLENGE_SECRET_LENGTH], *tmp;
data/charybdis-4.1.2/modules/m_connect.c:117:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(parv[2]);
data/charybdis-4.1.2/modules/m_connect.c:210:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(parv[2]);
data/charybdis-4.1.2/modules/m_dline.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cidr_form_host[HOSTLEN + 1];
data/charybdis-4.1.2/modules/m_dline.c:179:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tdline_time = atoi(parv[1]);
data/charybdis-4.1.2/modules/m_dline.c:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_encap.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/charybdis-4.1.2/modules/m_etrace.c:386:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/modules/m_info.c:744:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[26]; /* this needs to be 26 - see ctime_r manpage */
data/charybdis-4.1.2/modules/m_info.c:803:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *option = *((char **) info_table[i].option);
data/charybdis-4.1.2/modules/m_info.c:819:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *option = (char *) info_table[i].option;
data/charybdis-4.1.2/modules/m_invite.c:184:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atol(parv[3]) > chptr->channelts)
data/charybdis-4.1.2/modules/m_ison.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_ison.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[BUFSIZE];
data/charybdis-4.1.2/modules/m_ison.c:99:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) current_insert_point,
data/charybdis-4.1.2/modules/m_kline.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[USERLEN + 2];
data/charybdis-4.1.2/modules/m_kline.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HOSTLEN + 2];
data/charybdis-4.1.2/modules/m_kline.c:233:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tkline_time = atoi(parv[2]);
data/charybdis-4.1.2/modules/m_kline.c:261:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle_remote_kline(source_p, atoi(parv[1]), parv[2], parv[3], parv[4]);
data/charybdis-4.1.2/modules/m_kline.c:719:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(bits > 0 && (p == NULL || bits < atoi(p + 1)))
data/charybdis-4.1.2/modules/m_links.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clean_mask[2 * HOSTLEN + 4];
data/charybdis-4.1.2/modules/m_list.c:223:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->users_max = atoi(args);
data/charybdis-4.1.2/modules/m_list.c:234:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->users_min = atoi(args) + 1;
data/charybdis-4.1.2/modules/m_list.c:247:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->created_max = rb_current_time() - (60 * atoi(args));
data/charybdis-4.1.2/modules/m_list.c:256:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->created_min = rb_current_time() - (60 * atoi(args));
data/charybdis-4.1.2/modules/m_list.c:269:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->topic_max = rb_current_time() - (60 * atoi(args));
data/charybdis-4.1.2/modules/m_list.c:278:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->topic_min = rb_current_time() - (60 * atoi(args));
data/charybdis-4.1.2/modules/m_list.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topic[TOPICLEN + 1];
data/charybdis-4.1.2/modules/m_map.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_map.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_monitor.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char onbuf[BUFSIZE], offbuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_monitor.c:100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/charybdis-4.1.2/modules/m_monitor.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_monitor.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char onbuf[BUFSIZE], offbuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_names.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_operspy.c:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[BUFSIZE];
data/charybdis-4.1.2/modules/m_pass.c:99:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(parc == 5 && atoi(parv[3]) >= 6)
data/charybdis-4.1.2/modules/m_privs.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/modules/m_rehash.c:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[100];
data/charybdis-4.1.2/modules/m_restart.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_resv.c:180:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
parse_resv(source_p, parv[2], parv[4], atoi(parv[1]), 0);
data/charybdis-4.1.2/modules/m_sasl.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mechlist_buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_scan.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/modules/m_scan.c:173:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list_max = atoi(parv[++i]);
data/charybdis-4.1.2/modules/m_scan.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maskbuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_scan.c:249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modebuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_services.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[NAMELEN + 10];
data/charybdis-4.1.2/modules/m_services.c:181:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curts = atol(parv[4]);
data/charybdis-4.1.2/modules/m_services.c:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_services.c:222:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[3]);
data/charybdis-4.1.2/modules/m_services.c:277:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration = atoi(parv[1]);
data/charybdis-4.1.2/modules/m_set.c:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *names[4];
data/charybdis-4.1.2/modules/m_set.c:519:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newval = atoi(intarg);
data/charybdis-4.1.2/modules/m_signon.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick[NICKLEN+1], login[NICKLEN+1];
data/charybdis-4.1.2/modules/m_signon.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[USERLEN+1], host[HOSTLEN+1];
data/charybdis-4.1.2/modules/m_signon.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_signon.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note[NAMELEN + 10];
data/charybdis-4.1.2/modules/m_signon.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[NICKLEN+1];
data/charybdis-4.1.2/modules/m_signon.c:289:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newts = atol(parv[4]);
data/charybdis-4.1.2/modules/m_stats.c:318:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_stats.c:998:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sp, &ServerStats, sizeof(struct ServerStatistics));
data/charybdis-4.1.2/modules/m_stats.c:1121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(shared_flagtable)/sizeof(shared_flagtable[0])];
data/charybdis-4.1.2/modules/m_stats.c:1492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], buf1[128];
data/charybdis-4.1.2/modules/m_stats.c:1499:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.2f%%", zipstats->out_ratio);
data/charybdis-4.1.2/modules/m_stats.c:1500:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "%.2f%%", zipstats->in_ratio);
data/charybdis-4.1.2/modules/m_stats.c:1525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/charybdis-4.1.2/modules/m_svinfo.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char squitreason[120];
data/charybdis-4.1.2/modules/m_svinfo.c:67:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(TS_CURRENT < atoi(parv[2]) || atoi(parv[1]) < TS_MIN)
data/charybdis-4.1.2/modules/m_svinfo.c:67:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(TS_CURRENT < atoi(parv[2]) || atoi(parv[1]) < TS_MIN)
data/charybdis-4.1.2/modules/m_svinfo.c:83:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
theirtime = atol(parv[4]);
data/charybdis-4.1.2/modules/m_tb.c:84:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newtopicts = atol(parv[2]);
data/charybdis-4.1.2/modules/m_tb.c:144:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
channelts = atol(parv[1]);
data/charybdis-4.1.2/modules/m_tb.c:150:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newtopicts = atol(parv[3]);
data/charybdis-4.1.2/modules/m_testline.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_trunc[USERLEN + 1], notildeuser_trunc[USERLEN + 1];
data/charybdis-4.1.2/modules/m_testline.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reasonbuf[BUFSIZE];
data/charybdis-4.1.2/modules/m_testline.c:179:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[HOSTLEN+USERLEN+2];
data/charybdis-4.1.2/modules/m_tginfo.c:64:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int remaining = atoi(parv[1]);
data/charybdis-4.1.2/modules/m_time.c:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/charybdis-4.1.2/modules/m_time.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &gmbuf, (void *) gm, sizeof(gmbuf));
data/charybdis-4.1.2/modules/m_topic.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topic[TOPICLEN + 1];
data/charybdis-4.1.2/modules/m_topic.c:129:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topic_info[USERHOST_REPLYLEN];
data/charybdis-4.1.2/modules/m_topic.c:198:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_channel_topic(chptr, parv[4], parv[2], atoi(parv[3]));
data/charybdis-4.1.2/modules/m_trace.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[HOSTIPLEN];
data/charybdis-4.1.2/modules/m_user.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_userhost.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_userhost.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[NICKLEN * 2 + USERLEN + HOSTLEN + 30];
data/charybdis-4.1.2/modules/m_version.c:118:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[15];
data/charybdis-4.1.2/modules/m_who.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maskcopy[512];
data/charybdis-4.1.2/modules/m_who.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[16];
data/charybdis-4.1.2/modules/m_who.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[510 + 1]; /* linebuf.c will add \r\n */
data/charybdis-4.1.2/modules/m_whois.c:195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/charybdis-4.1.2/modules/m_whois.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/modules/m_whois.c:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/charybdis-4.1.2/modules/m_whois.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[256] = "is using a secure connection";
data/charybdis-4.1.2/modules/m_whowas.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[26];
data/charybdis-4.1.2/modules/m_whowas.c:91:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max = atoi(parv[2]);
data/charybdis-4.1.2/modules/m_xline.c:210:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
handle_remote_xline(source_p, atoi(parv[1]), parv[2], parv[4]);
data/charybdis-4.1.2/ssld/ssld.c:48:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &x, sizeof(x));
data/charybdis-4.1.2/ssld/ssld.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[128]; /* must always be under 250 bytes */
data/charybdis-4.1.2/ssld/ssld.c:376:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctl_buf->buf, data, len);
data/charybdis-4.1.2/ssld/ssld.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[READBUF_SIZE];
data/charybdis-4.1.2/ssld/ssld.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[READBUF_SIZE];
data/charybdis-4.1.2/ssld/ssld.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/ssld/ssld.c:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/ssld/ssld.c:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/ssld/ssld.c:662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cstring[256];
data/charybdis-4.1.2/ssld/ssld.c:810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstat[512];
data/charybdis-4.1.2/ssld/ssld.c:950:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[256] = { 'V', 0 };
data/charybdis-4.1.2/ssld/ssld.c:1146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/ssld/ssld.c:1178:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctlfd = atoi(s_ctlfd);
data/charybdis-4.1.2/ssld/ssld.c:1179:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pipefd = atoi(s_pipe);
data/charybdis-4.1.2/ssld/ssld.c:1180:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppid = atoi(s_pid);
data/charybdis-4.1.2/ssld/ssld.c:1191:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x = open("/dev/null", O_RDWR);
data/charybdis-4.1.2/tests/client_util.c:202:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[EXT_BUFSIZE + sizeof(CRLF)];
data/charybdis-4.1.2/tests/ircd_util.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char argv0[BUFSIZE];
data/charybdis-4.1.2/tests/ircd_util.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char configfile[BUFSIZE];
data/charybdis-4.1.2/tests/ircd_util.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logfile[BUFSIZE];
data/charybdis-4.1.2/tests/ircd_util.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pidfile[BUFSIZE];
data/charybdis-4.1.2/tests/ircd_util.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:55:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:77:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:102:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:130:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:161:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:195:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=val=ue0;tag1=val=ue1;tag2=val=ue2;tag3=val=ue3;tag4=val=ue4 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:229:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:287:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:348:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:412:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14;tag15=value15 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:476:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14;tag15=value15;tag16=value16 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:540:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:543:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:607:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:610:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:614:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:680:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14;tag15=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:683:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:747:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14;tag15=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:750:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:814:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14;tag15=value15;tag16=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:817:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:881:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=value14;tag15=value15;tag16=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:884:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:948:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag= PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:970:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:992:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@=value PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1011:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@= PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1030:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@=value;tag2=value2 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1052:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@=;tag2=value2 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1074:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@ta g=value PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1097:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=va lue PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1120:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@ta g=va lue PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1144:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag =value PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1167:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag= value PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1192:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "= PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1216:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1242:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1268:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "=PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1293:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1325:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ";PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1353:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ";PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1380:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1413:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1441:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test :");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1463:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test :test D E F G H I J K");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1485:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1517:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1550:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M :N");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1583:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M :N O P");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1616:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1650:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N :O");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1684:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1718:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N :O ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1752:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O P");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1786:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O :P");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1820:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N :O P");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1854:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O P Q");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1888:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O P :Q");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1922:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N O :P Q");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1956:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test test D E F G H I J K L M N :O P Q");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1990:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2014:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2016:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " :");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2040:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2065:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2067:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " :x");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2091:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test :");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2096:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2121:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value PRIVMSG #test :");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2151:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2153:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K L ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2231:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2233:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K L ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2312:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2314:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2316:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " :");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2393:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2395:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2397:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " :");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2475:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2477:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K L ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2563:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2565:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K L ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2652:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2654:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2732:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2734:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2813:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2815:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2817:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " :L");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2894:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag0=value0;tag1=value1;tag2=value2;tag3=value3;tag4=value4;tag5=value5;tag6=value6;tag7=value7;tag8=value8;tag9=value9;tag10=value10;tag11=value11;tag12=value12;tag13=value13;tag14=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2896:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " PRIVMSG #test A B C D E F G H I J K ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2898:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, " :L");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2976:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2986:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2996:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3006:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3016:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value :origin. PRIVMSG");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3038:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value :origin. PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3062:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value :origin");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3072:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value :origin ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3082:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value :origin ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3092:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=value :origin ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3102:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag1=:\\:\\s\\\\\\r\\n;tag2=^:^\\:^\\s^\\\\^\\r^\\n^;tag3=\\:;tag4=\\\\;tag5=\\s PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3136:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag1=\\ PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3158:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag1=\\; PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3180:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag1=\\;tag2=value2 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3205:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag1\\=value1;ta\\g2=val\\=ue2 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3230:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag1=\\v\\a\\l\\u\\e\\1;tag2=\\va\\lu\\e2;tag3=v\\al\\ue\\3 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3258:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@\\=value1;tag2=value2 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3283:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@tag=\176\177\178\376\377 PRIVMSG #test :test");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:3303:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(me.name, "me.name.");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:275:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:309:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:343:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:377:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:411:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:445:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:479:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:511:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ";tag2=value2 ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:513:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:539:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:547:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:581:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:604:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:615:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:641:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:649:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:672:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:683:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:709:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:717:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:751:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:777:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:783:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ";a=b ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:785:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:815:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:836:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:839:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:843:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "= ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:845:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:869:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:873:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "=x ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:875:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:896:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:901:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@x=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:905:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:926:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:970:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1015:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1018:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1020:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1024:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1046:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1051:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1055:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1077:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1080:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1082:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=b;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1086:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1113:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1115:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "= ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1117:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1144:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1146:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "= ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1148:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1175:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=b;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1177:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "= ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1179:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1206:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1208:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "=x ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1210:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1237:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1239:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "=x ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1241:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1268:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=b;");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1270:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, "=x ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1272:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1299:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a;x=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1303:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1330:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=;x=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1334:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1361:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "@a=b;x=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1365:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp, ":origin PRIVMSG #test test test :test test");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1617:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1708:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1713:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1738:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1767:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1769:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1791:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1798:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1800:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1827:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1852:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1863:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1874:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1881:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1883:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1914:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1941:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1961:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1964:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1966:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1995:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1997:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2019:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2026:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2028:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2053:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2055:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 test12 test13 test14 ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2080:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 test12 test13 test14 ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2091:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2111:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 test12 test13 test14 :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2142:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, ":origin PRIVMSG #test test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 test12 test13 test14 :");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[100];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[99];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[98];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[97];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[3];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[4];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[5];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[6];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[7];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[8];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[9];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[10];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[11];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[12];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[13];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[14];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[15];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[TAGSLEN + 0 + 1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2539:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[TAGSLEN + 1 + 1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[TAGSLEN + 2 + 1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[TAGSLEN + 3 + 1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[TAGSLEN + 4 + 1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[TAGSLEN + 5 + 1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[1];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[3];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[4];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[5];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[6];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2681:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2700:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2776:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[OUTPUT_BUFSIZE];
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2805:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(me.name, "me.name.");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:50:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:62:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[5] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:74:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[12] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:86:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[11] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:98:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[5] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[4] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:130:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "testing");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:142:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "testing");
data/charybdis-4.1.2/tests/rb_snprintf_append1.c:160:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(me.name, "me.name.");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:50:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:62:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[5] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:74:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[12] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:86:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[11] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:98:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "test");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[5] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[4] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:130:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "testing");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2048] = { 0 };
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:142:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output, "testing");
data/charybdis-4.1.2/tests/rb_snprintf_try_append1.c:160:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(me.name, "me.name.");
data/charybdis-4.1.2/tests/runtests.c:391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, len);
data/charybdis-4.1.2/tests/runtests.c:436:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + offset, string, strlen(string));
data/charybdis-4.1.2/tests/runtests.c:525:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = open("/dev/null", O_RDONLY);
data/charybdis-4.1.2/tests/runtests.c:536:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errfd = open("/dev/null", O_WRONLY);
data/charybdis-4.1.2/tests/runtests.c:1038:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/charybdis-4.1.2/tests/runtests.c:1179:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *bases[3], *suffix, *base;
data/charybdis-4.1.2/tests/runtests.c:1181:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *suffixes[3] = { "-t", ".t", "" };
data/charybdis-4.1.2/tests/runtests.c:1220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/charybdis-4.1.2/tests/runtests.c:1232:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/charybdis-4.1.2/tests/send1.c:298:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:299:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote->user->suser, "rtest");
data/charybdis-4.1.2/tests/send1.c:592:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:593:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote->user->suser, "rtest");
data/charybdis-4.1.2/tests/send1.c:594:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote2->user->suser, "r2test");
data/charybdis-4.1.2/tests/send1.c:595:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote3->user->suser, "r3test");
data/charybdis-4.1.2/tests/send1.c:737:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:772:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote_chan_p->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:1220:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:1346:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote2_chan_d->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:1495:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:1740:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:1976:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:1977:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test_p");
data/charybdis-4.1.2/tests/send1.c:2177:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:2178:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_ov->user->suser, "test_ov");
data/charybdis-4.1.2/tests/send1.c:2179:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_v->user->suser, "test_v");
data/charybdis-4.1.2/tests/send1.c:2180:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test_p");
data/charybdis-4.1.2/tests/send1.c:2391:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:2392:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_no_chan->user->suser, "test_n");
data/charybdis-4.1.2/tests/send1.c:2643:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:2644:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_no_chan->user->suser, "test_n");
data/charybdis-4.1.2/tests/send1.c:2887:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:2888:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote->user->suser, "rtest");
data/charybdis-4.1.2/tests/send1.c:3094:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:3095:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote->user->suser, "rtest");
data/charybdis-4.1.2/tests/send1.c:3224:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:3225:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:3226:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_ov->user->suser, "test_ov");
data/charybdis-4.1.2/tests/send1.c:3227:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_v->user->suser, "test_v");
data/charybdis-4.1.2/tests/send1.c:3228:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test_p");
data/charybdis-4.1.2/tests/send1.c:3229:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_d->user->suser, "test_d");
data/charybdis-4.1.2/tests/send1.c:3279:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:3368:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:3369:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:3370:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_ov->user->suser, "test_ov");
data/charybdis-4.1.2/tests/send1.c:3371:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_v->user->suser, "test_v");
data/charybdis-4.1.2/tests/send1.c:3372:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test_p");
data/charybdis-4.1.2/tests/send1.c:3480:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:3481:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_o->user->suser, "test_o");
data/charybdis-4.1.2/tests/send1.c:3482:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_ov->user->suser, "test_ov");
data/charybdis-4.1.2/tests/send1.c:3483:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_v->user->suser, "test_v");
data/charybdis-4.1.2/tests/send1.c:3484:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(local_chan_p->user->suser, "test_p");
data/charybdis-4.1.2/tests/send1.c:3740:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(user->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:3741:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote->user->suser, "rtest");
data/charybdis-4.1.2/tests/send1.c:4108:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper1->user->suser, "test1");
data/charybdis-4.1.2/tests/send1.c:4109:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper2->user->suser, "test2");
data/charybdis-4.1.2/tests/send1.c:4110:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper3->user->suser, "test3");
data/charybdis-4.1.2/tests/send1.c:4111:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper4->user->suser, "test4");
data/charybdis-4.1.2/tests/send1.c:4443:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper1->user->suser, "test1");
data/charybdis-4.1.2/tests/send1.c:4444:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper2->user->suser, "test2");
data/charybdis-4.1.2/tests/send1.c:4445:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper3->user->suser, "test3");
data/charybdis-4.1.2/tests/send1.c:4446:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper4->user->suser, "test4");
data/charybdis-4.1.2/tests/send1.c:4620:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper1->user->suser, "test1");
data/charybdis-4.1.2/tests/send1.c:4621:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper2->user->suser, "test2");
data/charybdis-4.1.2/tests/send1.c:4622:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper3->user->suser, "test3");
data/charybdis-4.1.2/tests/send1.c:4623:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oper4->user->suser, "test4");
data/charybdis-4.1.2/tests/send1.c:4697:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:4748:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote2->user->suser, "test");
data/charybdis-4.1.2/tests/send1.c:4749:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote2->user->suser, "test2");
data/charybdis-4.1.2/tests/substitution1.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2048];
data/charybdis-4.1.2/tests/substitution1.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[2048];
data/charybdis-4.1.2/tests/substitution1.c:276:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(input, "${");
data/charybdis-4.1.2/tests/substitution1.c:286:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(me.name, "me.name.");
data/charybdis-4.1.2/tests/substitution1.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2048];
data/charybdis-4.1.2/tests/tap/basic.c:177:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + offset, string, strlen(string));
data/charybdis-4.1.2/tests/tap/basic.c:695:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->file = fopen(file->name, "r");
data/charybdis-4.1.2/tests/tap/basic.c:818:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, len);
data/charybdis-4.1.2/tests/tap/basic.c:842:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, s, length);
data/charybdis-4.1.2/tools/mkpasswd.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char getpassbuf[PASS_MAX + 1];
data/charybdis-4.1.2/tools/mkpasswd.c:114:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(optarg);
data/charybdis-4.1.2/tools/mkpasswd.c:118:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rounds = atoi(optarg);
data/charybdis-4.1.2/tools/mkpasswd.c:228:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/tools/mkpasswd.c:247:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/tools/mkpasswd.c:265:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/tools/mkpasswd.c:284:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/tools/mkpasswd.c:304:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/tools/mkpasswd.c:322:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[21];
data/charybdis-4.1.2/tools/mkpasswd.c:340:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[31];
data/charybdis-4.1.2/tools/mkpasswd.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[3];
data/charybdis-4.1.2/tools/mkpasswd.c:347:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%02d", rounds);
data/charybdis-4.1.2/tools/mkpasswd.c:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char salt[31];
data/charybdis-4.1.2/tools/mkpasswd.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[3];
data/charybdis-4.1.2/tools/mkpasswd.c:368:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%02d", rounds);
data/charybdis-4.1.2/tools/mkpasswd.c:393:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open("/dev/random", O_RDONLY)) < 0)
data/charybdis-4.1.2/wsockd/sha1.c:42:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block, buffer, SHA1_BLOCK_LENGTH);
data/charybdis-4.1.2/wsockd/sha1.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sha1->buffer[j], data, i);
data/charybdis-4.1.2/wsockd/sha1.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sha1->buffer[j], &data[i], length - i);
data/charybdis-4.1.2/wsockd/wsockd.c:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &x, sizeof(x));
data/charybdis-4.1.2/wsockd/wsockd.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_key[37]; /* maximum 36 bytes + nul */
data/charybdis-4.1.2/wsockd/wsockd.c:412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctl_buf->buf, data, len);
data/charybdis-4.1.2/wsockd/wsockd.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[128]; /* must always be under 250 bytes */
data/charybdis-4.1.2/wsockd/wsockd.c:490:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ws_frame_unmask(char *msg, int length, uint8_t maskval[WEBSOCKET_MASK_LENGTH])
data/charybdis-4.1.2/wsockd/wsockd.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[WEBSOCKET_MAX_UNEXTENDED_PAYLOAD_DATA_LENGTH];
data/charybdis-4.1.2/wsockd/wsockd.c:532:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:612:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:676:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[READBUF_SIZE];
data/charybdis-4.1.2/wsockd/wsockd.c:970:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctlfd = atoi(s_ctlfd);
data/charybdis-4.1.2/wsockd/wsockd.c:971:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pipefd = atoi(s_pipe);
data/charybdis-4.1.2/wsockd/wsockd.c:972:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppid = atoi(s_pid);
data/charybdis-4.1.2/wsockd/wsockd.c:981:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
x = open("/dev/null", O_RDWR);
data/charybdis-4.1.2/authd/dns.c:142:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&ip[1], ip, strlen(ip));
data/charybdis-4.1.2/authd/dns.c:287:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrlen = strlen(addr) + 1;
data/charybdis-4.1.2/authd/getnameinfo.c:126:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sp->s_name) + 1 > servlen)
data/charybdis-4.1.2/authd/getnameinfo.c:131:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(numserv) + 1 > servlen)
data/charybdis-4.1.2/authd/getnameinfo.c:203:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numaddrlen = strlen(numaddr);
data/charybdis-4.1.2/authd/getnameinfo.c:224:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numaddrlen = strlen(numaddr);
data/charybdis-4.1.2/authd/providers/ident.c:107:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authlen = strlen(authbuf);
data/charybdis-4.1.2/authd/providers/opm.c:172:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(proxy->note, readbuf, strlen(proxy->note)) == 0)
data/charybdis-4.1.2/authd/providers/opm.c:322:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) < 0)
data/charybdis-4.1.2/authd/providers/opm.c:360:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
data/charybdis-4.1.2/authd/providers/opm.c:373:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(rb_write(scan->F, sendbuf, strlen(sendbuf)) <= 0)
data/charybdis-4.1.2/authd/providers/opm.c:377:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
data/charybdis-4.1.2/authd/providers/rdns.c:64:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(res) > HOSTLEN)
data/charybdis-4.1.2/authd/res.c:255:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(hname);
data/charybdis-4.1.2/authd/res.c:257:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(irc_domain) + len + 2) < size)
data/charybdis-4.1.2/authd/reslist.c:92:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(fi->DnsServerList.IpAddress.String) > 0 &&
data/charybdis-4.1.2/authd/reslist.c:273:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(namelist) > 0)
data/charybdis-4.1.2/bandb/bantool.c:401:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stdout, "%*s", strlen(bandb_suffix[id]) > 0 ? 10 : 15,
data/charybdis-4.1.2/bandb/bantool.c:475:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_time = strip_quotes(f_oper + strlen(f_oper) + 2);
data/charybdis-4.1.2/bandb/bantool.c:537:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stdout, "%*s\n", strlen(bandb_suffix[id]) > 0 ? 10 : 15, "imported.");
data/charybdis-4.1.2/bandb/bantool.c:578:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = line + strlen(line);
data/charybdis-4.1.2/bandb/rsdb_sqlite3.c:102:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(src) >= (sizeof(buf) / 2))
data/charybdis-4.1.2/bandb/sqlite3.c:25499:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return 0x3fffffff & (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:25511:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return pCol->zName + strlen(pCol->zName) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:27901:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ "read", (sqlite3_syscall_ptr)read, 0 },
data/charybdis-4.1.2/bandb/sqlite3.c:28419:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(zAbsoluteName);
data/charybdis-4.1.2/bandb/sqlite3.c:31022:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ii=(int)strlen(zDirname); ii>0 && zDirname[ii]!='/'; ii--);
data/charybdis-4.1.2/bandb/sqlite3.c:31778:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nShmFilename = 6 + (int)strlen(zBasePath);
data/charybdis-4.1.2/bandb/sqlite3.c:32854:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nFilename = (int)strlen(zFilename) + 6;
data/charybdis-4.1.2/bandb/sqlite3.c:33229:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( (flags & SQLITE_OPEN_URI) || zName[strlen(zName)+1]==0 );
data/charybdis-4.1.2/bandb/sqlite3.c:33242:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( zName[strlen(zName)+1]==0 );
data/charybdis-4.1.2/bandb/sqlite3.c:33701:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(microseconds);
data/charybdis-4.1.2/bandb/sqlite3.c:33997:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbLen = (int)strlen(dbPath);
data/charybdis-4.1.2/bandb/sqlite3.c:34018:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(lockPath);
data/charybdis-4.1.2/bandb/sqlite3.c:34274:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); /* wait 0.5 sec and try the lock again*/
data/charybdis-4.1.2/bandb/sqlite3.c:34300:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000000); /* wait 10 sec and try the lock again */
data/charybdis-4.1.2/bandb/sqlite3.c:34449:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeSize = PROXY_PATHINDEX + strlen(&writeBuffer[PROXY_PATHINDEX]);
data/charybdis-4.1.2/bandb/sqlite3.c:34580:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(dbPath); /* Length of database filename - dbPath */
data/charybdis-4.1.2/bandb/sqlite3.c:34606:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( (int)strlen(conchPath) == len+7 );
data/charybdis-4.1.2/bandb/sqlite3.c:34656:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( (int)strlen((char*)pFile->lockingContext)<=MAXPATHLEN );
data/charybdis-4.1.2/bandb/sqlite3.c:34664:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((char *)pFile->lockingContext) - strlen(DOTLOCK_SUFFIX);
data/charybdis-4.1.2/bandb/sqlite3.c:34664:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((char *)pFile->lockingContext) - strlen(DOTLOCK_SUFFIX);
data/charybdis-4.1.2/bandb/sqlite3.c:34668:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen((char*)pFile->lockingContext)<=MAXPATHLEN );
data/charybdis-4.1.2/bandb/sqlite3.c:120916:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( zAff==0 || (int)strlen(zAff)>=nEq );
data/charybdis-4.1.2/bandb/sqlite3.c:139199:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nRet = 2 + (int)strlen(zInput)*2 + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:139470:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nStr += (int)strlen(zCol) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:139481:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(zCol)+1;
data/charybdis-4.1.2/bandb/sqlite3.c:139547:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(argv[0])==4 );
data/charybdis-4.1.2/bandb/sqlite3.c:139552:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(argv[1]) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:139553:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(argv[2]) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:139587:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(z)>8
data/charybdis-4.1.2/bandb/sqlite3.c:139626:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(zVal)!=4 || sqlite3_strnicmp(zVal, "fts3", 4) ){
data/charybdis-4.1.2/bandb/sqlite3.c:139652:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(zVal)!=3 || sqlite3_strnicmp(zVal, "asc", 3))
data/charybdis-4.1.2/bandb/sqlite3.c:139653:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(zVal)!=4 || sqlite3_strnicmp(zVal, "desc", 4))
data/charybdis-4.1.2/bandb/sqlite3.c:139686:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nString += (int)(strlen(z) + 1);
data/charybdis-4.1.2/bandb/sqlite3.c:139809:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(p->azColumn[iCol]);
data/charybdis-4.1.2/bandb/sqlite3.c:139812:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( zNot && n==(int)strlen(zNot)
data/charybdis-4.1.2/bandb/sqlite3.c:144410:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(zDb);
data/charybdis-4.1.2/bandb/sqlite3.c:144414:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(zDb);
data/charybdis-4.1.2/bandb/sqlite3.c:144422:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nFts3 = (int)strlen(zFts3);
data/charybdis-4.1.2/bandb/sqlite3.c:145406:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStr = (int)strlen(zStr);
data/charybdis-4.1.2/bandb/sqlite3.c:145866:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:146292:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nKey<=0 ) nKey = (int) strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:146683:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->nInput = (int)strlen(zInput);
data/charybdis-4.1.2/bandb/sqlite3.c:147145:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pnOut = i = (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:147421:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zEnd = &zCopy[strlen(zCopy)];
data/charybdis-4.1.2/bandb/sqlite3.c:147431:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = (sqlite3_tokenizer_module *)sqlite3Fts3HashFind(pHash,z,(int)strlen(z)+1);
data/charybdis-4.1.2/bandb/sqlite3.c:147835:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, n = (int)strlen(argv[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:147887:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->nBytes = (int)strlen(pInput);
data/charybdis-4.1.2/bandb/sqlite3.c:148079:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nName = (int)strlen(zName);
data/charybdis-4.1.2/bandb/sqlite3.c:148117:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += (int)(strlen(argv[i]) + 1);
data/charybdis-4.1.2/bandb/sqlite3.c:148126:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(argv[i]);
data/charybdis-4.1.2/bandb/sqlite3.c:154267:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStr = (int)strlen(zMatchinfo);
data/charybdis-4.1.2/bandb/sqlite3.c:154732:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nAppend = (int)strlen(zAppend);
data/charybdis-4.1.2/bandb/sqlite3.c:156076:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:156128:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pCsr->nInput = (int)strlen(aInput);
data/charybdis-4.1.2/bandb/sqlite3.c:158181:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (idxStr && (int)strlen(idxStr)==argc*2) );
data/charybdis-4.1.2/bandb/sqlite3.c:159810:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(argv[1]);
data/charybdis-4.1.2/bandb/sqlite3.c:159811:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(argv[2]);
data/charybdis-4.1.2/bandb/sqlite3.c:159908:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCell = (int)strlen(zCell);
data/charybdis-4.1.2/bandb/sqlite3.c:159917:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCell = (int)strlen(zCell);
data/charybdis-4.1.2/bandb/sqlite3.c:160727:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(argv[0])+1;
data/charybdis-4.1.2/bandb/sqlite3.c:160783:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nInput = strlen(zInput);
data/charybdis-4.1.2/bandb/sqlite3.c:162313:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( zIn && strlen(zIn)>4 && memcmp("data", zIn, 4)==0 ){
data/charybdis-4.1.2/bandb/sqlite3.c:162464:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nCopy = strlen(zStr) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:163025:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int)strlen(zMask)!=pIter->nTblCol ){
data/charybdis-4.1.2/bandb/sqlite3.c:164654:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nTarget = strlen(zTarget);
data/charybdis-4.1.2/bandb/sqlite3.c:164655:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nRbu = strlen(zRbu);
data/charybdis-4.1.2/bandb/sqlite3.c:164656:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nState = zState ? strlen(zState) : 0;
data/charybdis-4.1.2/bandb/sqlite3.c:164798:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nErrmsg = strlen(p->zErrmsg);
data/charybdis-4.1.2/bandb/sqlite3.c:165419:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(zName);
data/charybdis-4.1.2/bandb/sqlite3.c:165445:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nCopy = strlen(zName);
data/charybdis-4.1.2/bandb/sqlite3.c:165679:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = strlen(zName);
data/charybdis-4.1.2/bandb/sqlite3.c:166681:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->nUsed += (int)strlen(p->zBuf+p->nUsed);
data/charybdis-4.1.2/bandb/sqlite3.c:168310:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jsonAppendRaw(&x, p->zRoot, (int)strlen(p->zRoot));
data/charybdis-4.1.2/bandb/sqlite3.c:171383:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( n<0 ) n = (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:171891:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStr = (int)strlen(zStr);
data/charybdis-4.1.2/bandb/sqlite3.c:172076:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nIn = (int)strlen(pIn);
data/charybdis-4.1.2/bandb/sqlite3.c:172409:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nEnum = (int)strlen(zEnum);
data/charybdis-4.1.2/bandb/sqlite3.c:172441:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nCmd = (int)strlen(zCmd);
data/charybdis-4.1.2/bandb/sqlite3.c:172497:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nArg = (int)strlen(zArg) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:172627:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nIn = (int)strlen(zIn);
data/charybdis-4.1.2/bandb/sqlite3.c:173932:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pExpr->pIndex, p->zTerm, (int)strlen(p->zTerm),
data/charybdis-4.1.2/bandb/sqlite3.c:174752:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:174825:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = fts5ParseTokenize((void*)&sCtx, tflags, zTerm, (int)strlen(zTerm),
data/charybdis-4.1.2/bandb/sqlite3.c:175192:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += (int)strlen(pTerm->zTerm) * 2 + 3 + 2;
data/charybdis-4.1.2/bandb/sqlite3.c:175666:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTerm = (int)strlen(pTerm->zTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:175995:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iHash = fts5HashKey(nNew, (u8*)p->zKey, (int)strlen(p->zKey));
data/charybdis-4.1.2/bandb/sqlite3.c:176335:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTerm = (int)strlen(p->zKey);
data/charybdis-4.1.2/bandb/sqlite3.c:178272:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3Fts5BufferSet(&p->rc,&pIter->term, (int)strlen(zTerm), (u8*)zTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:178352:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlite3Fts5BufferSet(&p->rc, &pIter->term, (int)strlen(zTerm),
data/charybdis-4.1.2/bandb/sqlite3.c:178789:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (z ? (int)strlen((const char*)z) : 0);
data/charybdis-4.1.2/bandb/sqlite3.c:180820:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fts5WriteAppendTerm(p, &writer, (int)strlen(zTerm), (const u8*)zTerm);
data/charybdis-4.1.2/bandb/sqlite3.c:185249:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(zName) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:185287:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(zName) + 1;
data/charybdis-4.1.2/bandb/sqlite3.c:185843:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iOff = (int)strlen(zDefn);
data/charybdis-4.1.2/bandb/sqlite3.c:185846:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iOff += (int)strlen(&zDefn[iOff]);
data/charybdis-4.1.2/bandb/sqlite3.c:186921:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(z);
data/charybdis-4.1.2/bandb/sqlite3.c:187258:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(p->zSuffix)==p->nSuffix );
data/charybdis-4.1.2/bandb/sqlite3.c:187259:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(p->zOutput)==p->nOutput );
data/charybdis-4.1.2/bandb/sqlite3.c:188794:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bDb = (argc==6 && strlen(argv[1])==4 && memcmp("temp", argv[1], 4)==0);
data/charybdis-4.1.2/bandb/sqlite3.c:188804:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nDb = (int)strlen(zDb)+1;
data/charybdis-4.1.2/bandb/sqlite3.c:188805:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTab = (int)strlen(zTab)+1;
data/charybdis-4.1.2/extensions/extb_combi.c:106:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = strlen(data);
data/charybdis-4.1.2/extensions/extb_hostmask.c:60:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s4 = src_ip4host + strlen(src_ip4host);
data/charybdis-4.1.2/extensions/ip_cloaking_3.0.c:109:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, inbuf, HOSTLEN);
data/charybdis-4.1.2/extensions/ip_cloaking_3.0.c:120:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outbuf, inbuf, HOSTLEN);
data/charybdis-4.1.2/extensions/ip_cloaking_3.0.c:143:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outbuf, inbuf, HOSTLEN);
data/charybdis-4.1.2/extensions/ip_cloaking_old.c:77:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int maxcycle = strlen(inbuf);
data/charybdis-4.1.2/extensions/ip_cloaking_old.c:99:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(outbuf);
data/charybdis-4.1.2/extensions/ip_cloaking_old.c:104:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL)
data/charybdis-4.1.2/extensions/m_findforwards.c:98:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(p + strlen(chptr->chname) >= end - 13)
data/charybdis-4.1.2/extensions/m_findforwards.c:105:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(chptr->chname);
data/charybdis-4.1.2/extensions/m_mkpasswd.c:208:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, salt, (size_t)length) != length)
data/charybdis-4.1.2/extensions/m_okick.c:84:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(comment) > (size_t) TOPICLEN)
data/charybdis-4.1.2/extensions/m_remove.c:186:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(comment) > (size_t) REASONLEN)
data/charybdis-4.1.2/extensions/m_sendbans.c:72:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mask) > 250)
data/charybdis-4.1.2/extensions/m_webirc.c:125:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parv[3]) <= HOSTLEN)
data/charybdis-4.1.2/include/stdinc.h:156:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define LOCAL_COPY(s) __extension__({ char *_s = alloca(strlen(s) + 1); strcpy(_s, s); _s; })
data/charybdis-4.1.2/include/stdinc.h:158:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define LOCAL_COPY(s) strcpy(alloca(strlen(s) + 1), s) /* XXX Is that allowed? */
data/charybdis-4.1.2/ircd/authproc.c:602:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t filterlen = strlen(filter) + 1;
data/charybdis-4.1.2/ircd/bandbi.c:288:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hash_find_resv(aconf->host) || strlen(aconf->host) > CHANNELLEN)
data/charybdis-4.1.2/ircd/channel.c:467:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cur_len + strlen(target_p->name) + strlen(target_p->username) + strlen(target_p->host) + 5 >= BUFSIZE - 5)
data/charybdis-4.1.2/ircd/channel.c:467:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cur_len + strlen(target_p->name) + strlen(target_p->username) + strlen(target_p->host) + 5 >= BUFSIZE - 5)
data/charybdis-4.1.2/ircd/channel.c:467:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cur_len + strlen(target_p->name) + strlen(target_p->username) + strlen(target_p->host) + 5 >= BUFSIZE - 5)
data/charybdis-4.1.2/ircd/channel.c:481:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_len + strlen(target_p->name) + 3 >= BUFSIZE - 3)
data/charybdis-4.1.2/ircd/channel.c:585:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s4 = src_ip4host + strlen(src_ip4host);
data/charybdis-4.1.2/ircd/channel.c:1153:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(topic) > 0)
data/charybdis-4.1.2/ircd/channel.c:1296:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arglen = strlen(arg);
data/charybdis-4.1.2/ircd/chmode.c:383:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
masklen = strlen(mask);
data/charybdis-4.1.2/ircd/chmode.c:413:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host = t, hl = strlen(t);
data/charybdis-4.1.2/ircd/chmode.c:446:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user = t, ul = strlen(t);
data/charybdis-4.1.2/ircd/chmode.c:497:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(MyClient(source_p) && (strlen(forward) > LOC_CHANNELLEN || hash_find_resv(forward))))
data/charybdis-4.1.2/ircd/chmode.c:890:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(mask) > MIN(BANLEN, MODEBUFLEN - 5))
data/charybdis-4.1.2/ircd/chmode.c:1763:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arglen = strlen(mode_changes[i].arg);
data/charybdis-4.1.2/ircd/client.c:296:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(client_p->localClient->passwd));
data/charybdis-4.1.2/ircd/client.c:1458:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment1, " ");
data/charybdis-4.1.2/ircd/client.c:1561:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comment1, " ");
data/charybdis-4.1.2/ircd/getopt.c:93:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
malloc(strlen((*argv)[1]) + 1);
data/charybdis-4.1.2/ircd/hash.c:345:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IsDigit(*name) && strlen(name) == 3)
data/charybdis-4.1.2/ircd/hash.c:417:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/charybdis-4.1.2/ircd/hostmask.c:191:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = text + strlen(text) - 1; p >= text; p--)
data/charybdis-4.1.2/ircd/hostmask.c:706:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix_ptr, name, USERLEN);
data/charybdis-4.1.2/ircd/ircd.c:587:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &seed, sizeof(seed)) == sizeof(seed))
data/charybdis-4.1.2/ircd/ircd.c:656:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077); /* better safe than sorry --SRB */
data/charybdis-4.1.2/ircd/listener.c:175:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(listener->vhost, "&", sizeof(listener->vhost));
data/charybdis-4.1.2/ircd/listener.c:176:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_inet_ntop(AF_INET6, &in6->sin6_addr, &listener->vhost[strlen(listener->vhost)], sizeof(listener->vhost) - strlen(listener->vhost));
data/charybdis-4.1.2/ircd/listener.c:176:112: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_inet_ntop(AF_INET6, &in6->sin6_addr, &listener->vhost[strlen(listener->vhost)], sizeof(listener->vhost) - strlen(listener->vhost));
data/charybdis-4.1.2/ircd/listener.c:179:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(listener->vhost, "&", sizeof(listener->vhost));
data/charybdis-4.1.2/ircd/listener.c:180:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_inet_ntop(AF_INET, &in->sin_addr, &listener->vhost[strlen(listener->vhost)], sizeof(listener->vhost) - strlen(listener->vhost));
data/charybdis-4.1.2/ircd/listener.c:180:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_inet_ntop(AF_INET, &in->sin_addr, &listener->vhost[strlen(listener->vhost)], sizeof(listener->vhost) - strlen(listener->vhost));
data/charybdis-4.1.2/ircd/listener.c:637:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_write(F, buf, strlen(buf));
data/charybdis-4.1.2/ircd/listener.c:650:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_write(F, toofast, strlen(toofast));
data/charybdis-4.1.2/ircd/modules.c:186:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t module_ext_len = strlen(LT_MODULE_EXT);
data/charybdis-4.1.2/ircd/modules.c:198:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(ldirent->d_name);
data/charybdis-4.1.2/ircd/msgbuf.c:99:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ch != NULL && (ch - line) + 1 > TAGSLEN) || (ch == NULL && strlen(line) >= TAGSLEN)) {
data/charybdis-4.1.2/ircd/msgbuf.c:138:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ch) > DATALEN) {
data/charybdis-4.1.2/ircd/msgbuf.c:196:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msgbuf->tags[i].key);
data/charybdis-4.1.2/ircd/msgbuf.c:210:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(msgbuf->tags[i].value);
data/charybdis-4.1.2/ircd/msgbuf.c:345:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixlen = strlen(buf);
data/charybdis-4.1.2/ircd/newconf.c:208:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) <= HOSTLEN)
data/charybdis-4.1.2/ircd/newconf.c:488:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1);
data/charybdis-4.1.2/ircd/newconf.c:488:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
privs = rb_malloc(strlen(privs_old) + 1 + strlen(args->v.string) + 1);
data/charybdis-4.1.2/ircd/newconf.c:490:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(privs, " ");
data/charybdis-4.1.2/ircd/newconf.c:555:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(conf_cur_block_name) > OPERNICKLEN)
data/charybdis-4.1.2/ircd/newconf.c:703:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(yy_oper->passwd, 0, strlen(yy_oper->passwd));
data/charybdis-4.1.2/ircd/newconf.c:1074:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(yy_aconf->spasswd, 0, strlen(yy_aconf->spasswd));
data/charybdis-4.1.2/ircd/newconf.c:1083:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(yy_aconf->passwd, 0, strlen(yy_aconf->passwd));
data/charybdis-4.1.2/ircd/newconf.c:1110:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(user) > USERLEN)
data/charybdis-4.1.2/ircd/newconf.c:1132:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(host) > HOSTLEN)
data/charybdis-4.1.2/ircd/newconf.c:1412:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(yy_server->spasswd, 0, strlen(yy_server->spasswd));
data/charybdis-4.1.2/ircd/newconf.c:1424:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(yy_server->passwd, 0, strlen(yy_server->passwd));
data/charybdis-4.1.2/ircd/newconf.c:1979:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > HOSTIPLEN)
data/charybdis-4.1.2/ircd/newconf.c:2014:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 3)
data/charybdis-4.1.2/ircd/newconf.c:2043:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((64 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
data/charybdis-4.1.2/ircd/newconf.c:2056:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((16 + strlen(yy_blacklist_host)) > IRCD_RES_HOSTLEN)
data/charybdis-4.1.2/ircd/newconf.c:2457:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(len && strlen(input) > (unsigned int)len)
data/charybdis-4.1.2/ircd/operhash.c:69:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1;
data/charybdis-4.1.2/ircd/parse.c:370:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(lsender);
data/charybdis-4.1.2/ircd/privilege.c:116:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set->privs = rb_malloc(strlen(parent->privs) + 1 + strlen(privs) + 1);
data/charybdis-4.1.2/ircd/privilege.c:116:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set->privs = rb_malloc(strlen(parent->privs) + 1 + strlen(privs) + 1);
data/charybdis-4.1.2/ircd/privilege.c:118:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(set->privs, " ");
data/charybdis-4.1.2/ircd/reject.c:83:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_write(ddata->F, errbuf, strlen(errbuf));
data/charybdis-4.1.2/ircd/s_conf.c:144:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(aconf->passwd, 0, strlen(aconf->passwd));
data/charybdis-4.1.2/ircd/s_conf.c:146:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(aconf->spasswd, 0, strlen(aconf->spasswd));
data/charybdis-4.1.2/ircd/s_conf.c:1659:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(lbuf));
data/charybdis-4.1.2/ircd/s_newconf.c:270:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(oper_p->passwd, 0, strlen(oper_p->passwd));
data/charybdis-4.1.2/ircd/s_newconf.c:354:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(server_p->passwd, 0, strlen(server_p->passwd));
data/charybdis-4.1.2/ircd/s_newconf.c:360:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(server_p->spasswd, 0, strlen(server_p->spasswd));
data/charybdis-4.1.2/ircd/s_serv.c:358:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > HOSTLEN)
data/charybdis-4.1.2/ircd/s_serv.c:482:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
melen = strlen(me.name);
data/charybdis-4.1.2/ircd/s_serv.c:557:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(banptr->banstr) + (banptr->forward ? strlen(banptr->forward) + 1 : 0) + 1;
data/charybdis-4.1.2/ircd/s_serv.c:557:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(banptr->banstr) + (banptr->forward ? strlen(banptr->forward) + 1 : 0) + 1;
data/charybdis-4.1.2/ircd/s_serv.c:693:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(use_id(msptr->client_p)) + 1;
data/charybdis-4.1.2/ircd/s_serv.c:820:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(client_p->localClient->passwd, 0, strlen(client_p->localClient->passwd));
data/charybdis-4.1.2/ircd/s_user.c:522:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(source_p->localClient->passwd, 0, strlen(source_p->localClient->passwd));
data/charybdis-4.1.2/ircd/s_user.c:777:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(source_p->localClient->passwd, 0, strlen(source_p->localClient->passwd));
data/charybdis-4.1.2/ircd/s_user.c:1547:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(modeval, " ");
data/charybdis-4.1.2/ircd/sslproc.c:527:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
method_len = strlen(method_string);
data/charybdis-4.1.2/ircd/sslproc.c:589:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctl->version, &ctl_buf->buf[1], len);
data/charybdis-4.1.2/ircd/sslproc.c:732:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ServerInfo.ssl_cert);
data/charybdis-4.1.2/ircd/sslproc.c:737:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ServerInfo.ssl_private_key);
data/charybdis-4.1.2/ircd/sslproc.c:740:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ServerInfo.ssl_dh_params);
data/charybdis-4.1.2/ircd/sslproc.c:743:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ServerInfo.ssl_cipher_list);
data/charybdis-4.1.2/ircd/sslproc.c:970:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(odata) + 1; /* Get the \0 as well */
data/charybdis-4.1.2/ircd/substitution.c:129:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bptr += strlen(val->value);
data/charybdis-4.1.2/ircd/supported.c:162:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_space = strlen(client_p->name);
data/charybdis-4.1.2/ircd/supported.c:168:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_space += strlen(me.name) + 1 + strlen(form_str(RPL_ISUPPORT));
data/charybdis-4.1.2/ircd/supported.c:168:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_space += strlen(me.name) + 1 + strlen(form_str(RPL_ISUPPORT));
data/charybdis-4.1.2/ircd/supported.c:177:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(item->name) + (EmptyString(value) ? 0 : 1 + strlen(value));
data/charybdis-4.1.2/ircd/supported.c:177:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(item->name) + (EmptyString(value) ? 0 : 1 + strlen(value));
data/charybdis-4.1.2/librb/include/rb_memory.h:70:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = malloc(strlen(x) + 1);
data/charybdis-4.1.2/librb/src/arc4random.c:124:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, rnd, sizeof(rnd));
data/charybdis-4.1.2/librb/src/commio.c:1286:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(F->fd, buf, count);
data/charybdis-4.1.2/librb/src/commio.c:1565:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/charybdis-4.1.2/librb/src/crypt.c:1078:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(sp, magic, strlen(magic)))
data/charybdis-4.1.2/librb/src/crypt.c:1079:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp += strlen(magic);
data/charybdis-4.1.2/librb/src/crypt.c:1091:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx, (const unsigned char *)pw, strlen(pw));
data/charybdis-4.1.2/librb/src/crypt.c:1094:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx, (const unsigned char *)magic, strlen(magic));
data/charybdis-4.1.2/librb/src/crypt.c:1101:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx1, (const unsigned char *)pw, strlen(pw));
data/charybdis-4.1.2/librb/src/crypt.c:1103:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx1, (const unsigned char *)pw, strlen(pw));
data/charybdis-4.1.2/librb/src/crypt.c:1105:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(pl = (int)strlen(pw); pl > 0; pl -= MD5_SIZE)
data/charybdis-4.1.2/librb/src/crypt.c:1113:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(pw); i; i >>= 1)
data/charybdis-4.1.2/librb/src/crypt.c:1121:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(passwd, sp, (unsigned int)sl);
data/charybdis-4.1.2/librb/src/crypt.c:1134:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx1, (const unsigned char *)pw, strlen(pw));
data/charybdis-4.1.2/librb/src/crypt.c:1142:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx1, (const unsigned char *)pw, strlen(pw));
data/charybdis-4.1.2/librb/src/crypt.c:1147:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx1, (const unsigned char *)pw, strlen(pw));
data/charybdis-4.1.2/librb/src/crypt.c:1151:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = passwd + strlen(passwd);
data/charybdis-4.1.2/librb/src/crypt.c:1498:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/charybdis-4.1.2/librb/src/crypt.c:1633:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, sha256_salt_prefix, MAX(0, buflen));
data/charybdis-4.1.2/librb/src/crypt.c:1647:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, salt, MIN((size_t) MAX(0, buflen), salt_len));
data/charybdis-4.1.2/librb/src/crypt.c:1708:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ sizeof(sha256_rounds_prefix) + 9 + 1 + strlen(salt) + 1 + 43 + 1);
data/charybdis-4.1.2/librb/src/crypt.c:2076:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_len = strlen(key);
data/charybdis-4.1.2/librb/src/crypt.c:2211:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, sha512_salt_prefix, MAX(0, buflen));
data/charybdis-4.1.2/librb/src/crypt.c:2225:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, salt, MIN((size_t) MAX(0, buflen), salt_len));
data/charybdis-4.1.2/librb/src/crypt.c:2298:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ sizeof(sha512_rounds_prefix) + 9 + 1 + strlen(salt) + 1 + 86 + 1);
data/charybdis-4.1.2/librb/src/gnutls.c:358:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(datum_fd, ((unsigned char *)datum->data) + data_read, datum_size - data_read);
data/charybdis-4.1.2/librb/src/mbedtls.c:123:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int ret = (int) read(fd, buf, count);
data/charybdis-4.1.2/librb/src/mbedtls.c:549:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cipher_len = strlen(cipher_str);
data/charybdis-4.1.2/librb/src/radixtree.c:574:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/charybdis-4.1.2/librb/src/radixtree.c:686:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/charybdis-4.1.2/librb/src/rb_lib.c:274:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*save = (token + strlen(token));
data/charybdis-4.1.2/librb/src/tools.c:214:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/charybdis-4.1.2/librb/src/tools.c:237:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dsize = strlen(dest);
data/charybdis-4.1.2/librb/src/tools.c:238:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(src);
data/charybdis-4.1.2/librb/src/tools.c:261:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ret = strlen(src);
data/charybdis-4.1.2/librb/src/tools.c:308:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int orig_len = strlen(str);
data/charybdis-4.1.2/librb/src/tools.c:339:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int orig_len = strlen(str);
data/charybdis-4.1.2/librb/src/win32.c:137:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 0)
data/charybdis-4.1.2/librb/src/win32.c:145:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + strlen(value) + 5;
data/charybdis-4.1.2/librb/src/win32.c:145:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + strlen(value) + 5;
data/charybdis-4.1.2/modules/core/m_ban.c:95:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parv[1]) != 1)
data/charybdis-4.1.2/modules/core/m_error.c:63:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(message, prefix2, strlen(prefix2)))
data/charybdis-4.1.2/modules/core/m_join.c:166:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!check_channel_name_loc(source_p, name) || (strlen(name) > LOC_CHANNELLEN))
data/charybdis-4.1.2/modules/core/m_join.c:218:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(jbuf, ",");
data/charybdis-4.1.2/modules/core/m_join.c:1294:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(banptr->banstr) +
data/charybdis-4.1.2/modules/core/m_join.c:1295:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(banptr->forward ? strlen(banptr->forward) + 1 : 0) + 2;
data/charybdis-4.1.2/modules/core/m_kick.c:159:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(comment) > (size_t) REASONLEN)
data/charybdis-4.1.2/modules/core/m_kill.c:91:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) > (size_t) KILLLEN)
data/charybdis-4.1.2/modules/core/m_mode.c:361:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(s);
data/charybdis-4.1.2/modules/core/m_nick.c:125:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(client_p->id) == 3 || (source_p->preClient && !EmptyString(source_p->preClient->id)))
data/charybdis-4.1.2/modules/core/m_nick.c:367:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parv[9]) > REALLEN)
data/charybdis-4.1.2/modules/core/m_nick.c:466:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parv[11]) > REALLEN)
data/charybdis-4.1.2/modules/core/m_nick.c:575:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(uid, sid, strlen(sid)))
data/charybdis-4.1.2/modules/core/m_quit.c:63:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(comment) > (size_t) REASONLEN)
data/charybdis-4.1.2/modules/core/m_quit.c:95:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(comment) > (size_t) REASONLEN)
data/charybdis-4.1.2/modules/core/m_server.c:491:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > HOSTLEN)
data/charybdis-4.1.2/modules/core/m_server.c:581:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(bogus_host(parv[1]) || strlen(parv[1]) > HOSTLEN)
data/charybdis-4.1.2/modules/m_accept.c:179:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(delbuf, ",");
data/charybdis-4.1.2/modules/m_accept.c:181:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(delbuf, name, BUFSIZE - lendel - 1);
data/charybdis-4.1.2/modules/m_accept.c:182:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lendel += strlen(name) + 1;
data/charybdis-4.1.2/modules/m_accept.c:188:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void) strcat(addbuf, ",");
data/charybdis-4.1.2/modules/m_accept.c:190:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void) strncat(addbuf, name, BUFSIZE - lenadd - 1);
data/charybdis-4.1.2/modules/m_accept.c:191:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenadd += strlen(name) + 1;
data/charybdis-4.1.2/modules/m_accept.c:230:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(source_p->name) + 10;
data/charybdis-4.1.2/modules/m_accept.c:239:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len + strlen(target_p->name) + len2 > BUFSIZE) || count > 14)
data/charybdis-4.1.2/modules/m_alias.c:64:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct Message *message = rb_malloc(sizeof(*message) + strlen(alias->name) + 1);
data/charybdis-4.1.2/modules/m_cap.c:178:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_list = sizeof(buf_prefix) - len_prefix - strlen(str_cont);
data/charybdis-4.1.2/modules/m_cap.c:324:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_list = sizeof(buf_prefix) - len_prefix - strlen(str_cont);
data/charybdis-4.1.2/modules/m_challenge.c:147:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b_response = rb_base64_decode((const unsigned char *)parv[1], strlen(parv[1]), &len);
data/charybdis-4.1.2/modules/m_dline.c:283:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(reason) > BANREASONLEN)
data/charybdis-4.1.2/modules/m_encap.c:76:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(parv[i]) + 1;
data/charybdis-4.1.2/modules/m_encap.c:87:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(parv[i]);
data/charybdis-4.1.2/modules/m_ison.c:81:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/charybdis-4.1.2/modules/m_ison.c:96:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(target_p->name);
data/charybdis-4.1.2/modules/m_kline.c:198:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(reason) > BANREASONLEN)
data/charybdis-4.1.2/modules/m_kline.c:300:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(reason) > BANREASONLEN)
data/charybdis-4.1.2/modules/m_kline.c:623:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(luser, "*");
data/charybdis-4.1.2/modules/m_kline.c:627:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lhost, "*");
data/charybdis-4.1.2/modules/m_links.c:90:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parv[2]) > HOSTLEN)
data/charybdis-4.1.2/modules/m_map.c:99:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/charybdis-4.1.2/modules/m_map.c:164:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/charybdis-4.1.2/modules/m_map.c:202:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/charybdis-4.1.2/modules/m_monitor.c:94:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(EmptyString(name) || strlen(name) > NICKLEN-1)
data/charybdis-4.1.2/modules/m_monitor.c:132:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_onlen + strlen(target_p->name) +
data/charybdis-4.1.2/modules/m_monitor.c:133:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(target_p->username) + strlen(target_p->host) + 3 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_monitor.c:133:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(target_p->username) + strlen(target_p->host) + 3 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_monitor.c:154:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_offlen + strlen(name) + 1 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_monitor.c:232:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_len + strlen(monptr->name) + 1 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_monitor.c:280:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_onlen + strlen(target_p->name) +
data/charybdis-4.1.2/modules/m_monitor.c:281:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(target_p->username) + strlen(target_p->host) + 3 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_monitor.c:281:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(target_p->username) + strlen(target_p->host) + 3 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_monitor.c:302:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cur_offlen + strlen(monptr->name) + 1 >= BUFSIZE-3)
data/charybdis-4.1.2/modules/m_operspy.c:86:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(parv[i]) + 1;
data/charybdis-4.1.2/modules/m_resv.c:211:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > CHANNELLEN)
data/charybdis-4.1.2/modules/m_resv.c:279:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > NICKLEN * 2)
data/charybdis-4.1.2/modules/m_sasl.c:149:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(client_p->id) == 3 || (source_p->preClient && !EmptyString(source_p->preClient->id)))
data/charybdis-4.1.2/modules/m_sasl.c:174:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parv[1]) > 400)
data/charybdis-4.1.2/modules/m_signon.c:145:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nick, "*");
data/charybdis-4.1.2/modules/m_stats.c:1336:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
away_memory += (strlen(target_p->user->away) + 1);
data/charybdis-4.1.2/modules/m_stats.c:1346:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
channel_memory += (strlen(chptr->chname) + sizeof(struct Channel));
data/charybdis-4.1.2/modules/m_user.c:66:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(client_p->id) == 3 || (source_p->preClient && !EmptyString(source_p->preClient->id)))
data/charybdis-4.1.2/modules/m_who.c:143:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/charybdis-4.1.2/modules/m_who.c:148:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (EmptyString(fmt.querytype) || strlen(fmt.querytype) > 3)
data/charybdis-4.1.2/modules/m_whois.c:258:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_space = strlen(source_p->name) - 9;
data/charybdis-4.1.2/modules/m_whois.c:261:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_space += strlen(me.name) - 2; /* make sure >= 0 */
data/charybdis-4.1.2/modules/m_whois.c:284:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((cur_len + strlen(chptr->chname) + 3) > (BUFSIZE - 5))
data/charybdis-4.1.2/ssld/ssld.c:258:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (strlen(reason) + 1) + 5;
data/charybdis-4.1.2/ssld/ssld.c:677:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (strlen(cstring) + 1) + 5;
data/charybdis-4.1.2/ssld/ssld.c:832:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_cmd_write_queue(ctl, outstat, strlen(outstat) + 1); /* +1 is so we send the \0 as well */
data/charybdis-4.1.2/ssld/ssld.c:902:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(cert) + 1;
data/charybdis-4.1.2/ssld/ssld.c:904:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(key) + 1;
data/charybdis-4.1.2/ssld/ssld.c:906:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(dhparam) + 1;
data/charybdis-4.1.2/ssld/ssld.c:908:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(key) == 0)
data/charybdis-4.1.2/ssld/ssld.c:910:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dhparam) == 0)
data/charybdis-4.1.2/ssld/ssld.c:912:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cipher_list) == 0)
data/charybdis-4.1.2/ssld/ssld.c:918:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_cmd_write_queue(ctl, invalid, strlen(invalid));
data/charybdis-4.1.2/ssld/ssld.c:937:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_cmd_write_queue(ctl, nossl_cmd, strlen(nossl_cmd));
data/charybdis-4.1.2/ssld/ssld.c:944:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_cmd_write_queue(ctl, useless, strlen(useless));
data/charybdis-4.1.2/ssld/ssld.c:951:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&version[1], rb_lib_version(), sizeof(version) - 2);
data/charybdis-4.1.2/ssld/ssld.c:952:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_cmd_write_queue(ctl, version, strlen(version));
data/charybdis-4.1.2/ssld/ssld.c:968:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mod_cmd_write_queue(ctl, nozlib_cmd, strlen(nozlib_cmd));
data/charybdis-4.1.2/tests/client_util.c:138:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id))
data/charybdis-4.1.2/tests/client_util.c:224:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parse(client, copy, copy+strlen(copy));
data/charybdis-4.1.2/tests/msgbuf_parse1.c:542:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:609:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:618:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2[strlen(tmp2) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_parse1.c:682:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:749:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:816:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:883:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1190:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1214:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1238:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1240:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1264:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1266:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1290:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1292:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1300:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2[strlen(tmp2) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1321:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1323:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1347:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1349:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1351:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1375:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1377:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1379:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1387:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2[strlen(tmp2) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1408:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1410:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1412:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(513, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1420:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2[strlen(tmp2) - 2] = 0;
data/charybdis-4.1.2/tests/msgbuf_parse1.c:1992:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(strchr(tmp, ' ')+1), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2017:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(strchr(tmp, ' ')+1), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2042:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2043:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(strchr(tmp, ' ')+1), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2068:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(strchr(tmp, ' ')+1), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2093:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(511, strlen(strchr(tmp, ' ')+1), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2100:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2[strlen(tmp2) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2123:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(strchr(tmp, ' ')+1), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2130:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2[strlen(tmp2) - 2] = 0;
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2155:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2235:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "X");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2236:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2317:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2398:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "X");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2399:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2479:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2480:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2488:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp2, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2567:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2568:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "X");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2569:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2577:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp2, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2656:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2657:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2736:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2737:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "X");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2738:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2818:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2899:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "X");
data/charybdis-4.1.2/tests/msgbuf_parse1.c:2900:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512+511, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:269:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:271:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:273:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:274:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:303:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:305:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:307:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:308:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 1, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:337:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:339:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:341:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:342:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 2, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:371:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:373:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:375:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:376:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 3, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:405:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:407:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:409:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:410:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 9, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:439:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:441:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:443:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:444:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 10, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:473:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:475:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:477:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:478:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 11, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:507:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:509:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:512:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:541:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:543:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:545:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:546:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:575:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:577:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:579:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:580:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 1, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:609:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:611:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:613:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:614:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 2, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:643:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:645:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:647:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:648:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 3, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:677:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:679:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:681:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:682:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 1, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:711:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:713:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:715:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:716:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 2, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:745:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:747:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:749:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:750:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512 - 3, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:779:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:781:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "=");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:784:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:811:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:813:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:814:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:841:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:844:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:871:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "@");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:874:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:903:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:904:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1022:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1023:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1053:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1054:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1084:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1085:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1116:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1147:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1178:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1209:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1240:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1271:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1301:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1302:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1332:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1333:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1363:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, " ");
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1364:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(512, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1715:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1740:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1741:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1764:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1771:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1772:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1795:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1802:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1803:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1804:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1829:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1854:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1855:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1878:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1885:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1886:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1909:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1916:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1917:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1918:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1943:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1968:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1969:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1992:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:1999:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2000:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2023:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2030:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2031:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2032:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2057:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2082:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2083:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2106:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2113:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 2] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2114:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2137:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input[strlen(input) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2144:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 3] = ' ';
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp) - 1] = 0;
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2146:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(510, strlen(tmp), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2256:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2262:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2273:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2279:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2290:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2296:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2307:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2313:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2324:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2330:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2341:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2347:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2358:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2364:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2375:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2381:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2392:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2398:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2409:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2415:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2426:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2432:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2443:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2449:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2460:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2466:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2477:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2483:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2494:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2500:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2532:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2543:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2554:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2565:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2576:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2587:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2609:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2620:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2631:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2642:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2653:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/msgbuf_unparse1.c:2664:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
is_int(sizeof(output) - 1, strlen(output), MSG);
data/charybdis-4.1.2/tests/runtests.c:386:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/charybdis-4.1.2/tests/runtests.c:422:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length >= UINT_MAX - strlen(string)) {
data/charybdis-4.1.2/tests/runtests.c:426:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(string);
data/charybdis-4.1.2/tests/runtests.c:436:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + offset, string, strlen(string));
data/charybdis-4.1.2/tests/runtests.c:437:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(string);
data/charybdis-4.1.2/tests/runtests.c:668:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ts->reason[strlen(ts->reason) - 1] = '\0';
data/charybdis-4.1.2/tests/runtests.c:731:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bail = skip_whitespace(bail + strlen("Bail out!"));
data/charybdis-4.1.2/tests/runtests.c:735:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(bail);
data/charybdis-4.1.2/tests/runtests.c:751:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] != '\n')
data/charybdis-4.1.2/tests/runtests.c:1238:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(buffer) - 1;
data/charybdis-4.1.2/tests/runtests.c:1247:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(testname) == 0)
data/charybdis-4.1.2/tests/runtests.c:1357:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(current->ts->file);
data/charybdis-4.1.2/tests/runtests.c:1382:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(ts->file); i < longest; i++)
data/charybdis-4.1.2/tests/substitution1.c:278:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(input, "}");
data/charybdis-4.1.2/tests/tap/basic.c:165:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (length >= UINT_MAX - strlen(string))
data/charybdis-4.1.2/tests/tap/basic.c:167:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(string);
data/charybdis-4.1.2/tests/tap/basic.c:177:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + offset, string, strlen(string));
data/charybdis-4.1.2/tests/tap/basic.c:178:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(string);
data/charybdis-4.1.2/tests/tap/basic.c:232:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(file->buffer);
data/charybdis-4.1.2/tests/tap/basic.c:814:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/charybdis-4.1.2/tools/mkpasswd.c:229:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(saltpara && (strlen(saltpara) <= 16))
data/charybdis-4.1.2/tools/mkpasswd.c:266:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(saltpara && (strlen(saltpara) <= 16))
data/charybdis-4.1.2/tools/mkpasswd.c:285:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(saltpara && (strlen(saltpara) <= 16))
data/charybdis-4.1.2/tools/mkpasswd.c:342:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(saltpara && (strlen(saltpara) <= 22))
data/charybdis-4.1.2/tools/mkpasswd.c:398:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, buf, length) != length)
data/charybdis-4.1.2/wsockd/wsockd.c:455:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (strlen(reason) + 1) + 5;
data/charybdis-4.1.2/wsockd/wsockd.c:628:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = p + strlen("Sec-WebSocket-Key:");
data/charybdis-4.1.2/wsockd/wsockd.c:657:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_update(&sha1, (uint8_t *) conn->client_key, strlen(conn->client_key));
data/charybdis-4.1.2/wsockd/wsockd.c:658:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_update(&sha1, (uint8_t *) WEBSOCKET_SERVER_KEY, strlen(WEBSOCKET_SERVER_KEY));
data/charybdis-4.1.2/wsockd/wsockd.c:663:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn_mod_write(conn, WEBSOCKET_ANSWER_STRING_1, strlen(WEBSOCKET_ANSWER_STRING_1));
data/charybdis-4.1.2/wsockd/wsockd.c:664:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn_mod_write(conn, resp, strlen(resp));
data/charybdis-4.1.2/wsockd/wsockd.c:665:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn_mod_write(conn, WEBSOCKET_ANSWER_STRING_2, strlen(WEBSOCKET_ANSWER_STRING_2));
ANALYSIS SUMMARY:
Hits = 2707
Lines analyzed = 311816 in approximately 9.01 seconds (34602 lines/second)
Physical Source Lines of Code (SLOC) = 197237
Hits@level = [0] 557 [1] 616 [2] 1674 [3] 42 [4] 373 [5] 2
Hits@level+ = [0+] 3264 [1+] 2707 [2+] 2091 [3+] 417 [4+] 375 [5+] 2
Hits/KSLOC@level+ = [0+] 16.5486 [1+] 13.7246 [2+] 10.6015 [3+] 2.11421 [4+] 1.90127 [5+] 0.0101401
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.