Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/covered-0.7.10/src/arc.c Examining data/covered-0.7.10/src/arc.h Examining data/covered-0.7.10/src/assertion.c Examining data/covered-0.7.10/src/assertion.h Examining data/covered-0.7.10/src/attr.c Examining data/covered-0.7.10/src/attr.h Examining data/covered-0.7.10/src/binding.c Examining data/covered-0.7.10/src/binding.h Examining data/covered-0.7.10/src/cexcept.h Examining data/covered-0.7.10/src/cli.c Examining data/covered-0.7.10/src/cli.h Examining data/covered-0.7.10/src/codegen.c Examining data/covered-0.7.10/src/codegen.h Examining data/covered-0.7.10/src/comb.c Examining data/covered-0.7.10/src/comb.h Examining data/covered-0.7.10/src/db.c Examining data/covered-0.7.10/src/db.h Examining data/covered-0.7.10/src/defines.h Examining data/covered-0.7.10/src/devel_doc.h Examining data/covered-0.7.10/src/enumerate.c Examining data/covered-0.7.10/src/enumerate.h Examining data/covered-0.7.10/src/exclude.c Examining data/covered-0.7.10/src/exclude.h Examining data/covered-0.7.10/src/expr.c Examining data/covered-0.7.10/src/expr.h Examining data/covered-0.7.10/src/fastlz.c Examining data/covered-0.7.10/src/fastlz.h Examining data/covered-0.7.10/src/fsm.c Examining data/covered-0.7.10/src/fsm.h Examining data/covered-0.7.10/src/fsm_arg.c Examining data/covered-0.7.10/src/fsm_arg.h Examining data/covered-0.7.10/src/fsm_var.c Examining data/covered-0.7.10/src/fsm_var.h Examining data/covered-0.7.10/src/fst.c Examining data/covered-0.7.10/src/fst.h Examining data/covered-0.7.10/src/fstapi.c Examining data/covered-0.7.10/src/fstapi.h Examining data/covered-0.7.10/src/func_iter.c Examining data/covered-0.7.10/src/func_iter.h Examining data/covered-0.7.10/src/func_unit.c Examining data/covered-0.7.10/src/func_unit.h Examining data/covered-0.7.10/src/gen_item.c Examining data/covered-0.7.10/src/gen_item.h Examining data/covered-0.7.10/src/genprof.c Examining data/covered-0.7.10/src/genprof.h Examining data/covered-0.7.10/src/info.c Examining data/covered-0.7.10/src/info.h Examining data/covered-0.7.10/src/instance.c Examining data/covered-0.7.10/src/instance.h Examining data/covered-0.7.10/src/keywords.h Examining data/covered-0.7.10/src/line.c Examining data/covered-0.7.10/src/line.h Examining data/covered-0.7.10/src/link.c Examining data/covered-0.7.10/src/link.h Examining data/covered-0.7.10/src/lxt.c Examining data/covered-0.7.10/src/lxt.h Examining data/covered-0.7.10/src/lxt2_read.c Examining data/covered-0.7.10/src/main.c Examining data/covered-0.7.10/src/memory.c Examining data/covered-0.7.10/src/memory.h Examining data/covered-0.7.10/src/merge.c Examining data/covered-0.7.10/src/merge.h Examining data/covered-0.7.10/src/obfuscate.c Examining data/covered-0.7.10/src/obfuscate.h Examining data/covered-0.7.10/src/ovl.c Examining data/covered-0.7.10/src/ovl.h Examining data/covered-0.7.10/src/param.c Examining data/covered-0.7.10/src/param.h Examining data/covered-0.7.10/src/parse.c Examining data/covered-0.7.10/src/parse.h Examining data/covered-0.7.10/src/parser_misc.c Examining data/covered-0.7.10/src/parser_misc.h Examining data/covered-0.7.10/src/perf.c Examining data/covered-0.7.10/src/perf.h Examining data/covered-0.7.10/src/profiler.c Examining data/covered-0.7.10/src/profiler.h Examining data/covered-0.7.10/src/race.c Examining data/covered-0.7.10/src/race.h Examining data/covered-0.7.10/src/rank.c Examining data/covered-0.7.10/src/rank.h Examining data/covered-0.7.10/src/reentrant.c Examining data/covered-0.7.10/src/reentrant.h Examining data/covered-0.7.10/src/report.h Examining data/covered-0.7.10/src/scope.c Examining data/covered-0.7.10/src/scope.h Examining data/covered-0.7.10/src/score.c Examining data/covered-0.7.10/src/score.h Examining data/covered-0.7.10/src/search.c Examining data/covered-0.7.10/src/search.h Examining data/covered-0.7.10/src/sim.c Examining data/covered-0.7.10/src/sim.h Examining data/covered-0.7.10/src/stat.c Examining data/covered-0.7.10/src/stat.h Examining data/covered-0.7.10/src/statement.c Examining data/covered-0.7.10/src/statement.h Examining data/covered-0.7.10/src/static.c Examining data/covered-0.7.10/src/static.h Examining data/covered-0.7.10/src/stmt_blk.c Examining data/covered-0.7.10/src/stmt_blk.h Examining data/covered-0.7.10/src/struct_union.c Examining data/covered-0.7.10/src/struct_union.h Examining data/covered-0.7.10/src/symtable.c Examining data/covered-0.7.10/src/symtable.h Examining data/covered-0.7.10/src/sys_tasks.c Examining data/covered-0.7.10/src/sys_tasks.h Examining data/covered-0.7.10/src/tcl_funcs.c Examining data/covered-0.7.10/src/tcl_funcs.h Examining data/covered-0.7.10/src/toggle.c Examining data/covered-0.7.10/src/toggle.h Examining data/covered-0.7.10/src/tree.c Examining data/covered-0.7.10/src/tree.h Examining data/covered-0.7.10/src/util.c Examining data/covered-0.7.10/src/util.h Examining data/covered-0.7.10/src/vcd.c Examining data/covered-0.7.10/src/vcd.h Examining data/covered-0.7.10/src/vector.c Examining data/covered-0.7.10/src/vector.h Examining data/covered-0.7.10/src/vpi.c Examining data/covered-0.7.10/src/vpi.h Examining data/covered-0.7.10/src/vsignal.c Examining data/covered-0.7.10/src/vsignal.h Examining data/covered-0.7.10/src/lxt2_read.h Examining data/covered-0.7.10/src/report.c FINAL RESULTS: data/covered-0.7.10/src/assertion.c:149:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/assertion.c:151:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/assertion.c:305:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/assertion.c:307:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/cli.c:518:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s%n", arg, &chars_read ) == 1 ) { data/covered-0.7.10/src/cli.c:572:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s%n", arg, &chars_read ) == 1 ) { data/covered-0.7.10/src/cli.c:593:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s%n", arg, &chars_read ) == 1 ) { data/covered-0.7.10/src/cli.c:616:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s%n", arg, &chars_read ) == 1 ) { data/covered-0.7.10/src/cli.c:644:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/cli.c:664:24: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. } else if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/cli.c:666:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( targ, arg ); data/covered-0.7.10/src/cli.c:702:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/cli.c:738:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/cli.c:768:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/cli.c:805:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. } else if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/cli.c:819:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( line, "%s", arg ) == 1 ) { data/covered-0.7.10/src/comb.c:652:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent ); data/covered-0.7.10/src/comb.c:654:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/comb.c:785:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( line, str_exp_id ); data/covered-0.7.10/src/comb.c:831:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( line, str_exp_id ); data/covered-0.7.10/src/comb.c:869:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( *new_code_format, pre_code_format ); data/covered-0.7.10/src/comb.c:1286:20: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( (*lines)[i], (*size + 1), code_fmt, l_lines[i], r_lines[i] ); data/covered-0.7.10/src/comb.c:1299:20: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( (*lines)[i], (*size + 1), code_fmt, l_lines[i], exp_sp ); data/covered-0.7.10/src/comb.c:1309:22: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( (*lines)[i], (*size + 1), code_fmt, r_lines[i] ); data/covered-0.7.10/src/comb.c:1319:22: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( (*lines)[i], (*size + 1), code_fmt, exp_sp, r_lines[i] ); data/covered-0.7.10/src/comb.c:2669:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent ); data/covered-0.7.10/src/comb.c:2671:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/db.c:957:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( exclusion_id, size, tmp, type, id ); data/covered-0.7.10/src/db.c:2837:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( scope, curr_inst_scope[0] ); data/covered-0.7.10/src/db.c:2840:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( scope, curr_inst_scope[i] ); data/covered-0.7.10/src/exclude.c:1052:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( orig_er->reason, new_reason ); data/covered-0.7.10/src/exclude.c:1314:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( msg, str ); data/covered-0.7.10/src/exclude.c:1327:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( msg, str ); data/covered-0.7.10/src/exclude.c:1378:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( msg, str ); data/covered-0.7.10/src/exclude.c:1387:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( msg, str ); data/covered-0.7.10/src/exclude.c:1892:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( user_msg, USER_MSG_LENGTH, COVERED_HEADER ); data/covered-0.7.10/src/fsm.c:706:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/fsm.c:708:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/fsm.c:978:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, fstr, spaces, "From State", " ", "To State" ); data/covered-0.7.10/src/fsm.c:979:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, fstr, spaces, "==========", " ", "==========" ); data/covered-0.7.10/src/fsm.c:999:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, fstr, eid, tmpfst, "->", tmptst ); data/covered-0.7.10/src/fsm.c:1110:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/fsm.c:1112:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/fst.c:167:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( str, "%s \[%d:%d]", str2, &msb, &lsb ) != 3 ) { data/covered-0.7.10/src/fst.c:168:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( str, "%s \[%d]", str2, &lsb ) == 2 ) { data/covered-0.7.10/src/fst.c:170:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( str, str2 ); data/covered-0.7.10/src/fst.c:173:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( str, str2 ); data/covered-0.7.10/src/fst.c:188:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( str, "%s \[%d:%d]", str2, &msb, &lsb ) != 3 ) { data/covered-0.7.10/src/fst.c:189:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( str, "%s \[%d]", str2, &lsb ) == 2 ) { data/covered-0.7.10/src/fst.c:191:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( str, str2 ); data/covered-0.7.10/src/fst.c:194:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( str, str2 ); data/covered-0.7.10/src/fstapi.c:578:1: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vbuf, FST_WRITER_STR); data/covered-0.7.10/src/fstapi.c:584:1: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dbuf, asctime(localtime(&walltime))); data/covered-0.7.10/src/fstapi.c:868:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fnam, "%s.hier", xc->filename); data/covered-0.7.10/src/fstapi.c:900:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hf, xc->filename); data/covered-0.7.10/src/fstapi.c:963:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hf, xc->filename); data/covered-0.7.10/src/fstapi.c:2058:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xc->curr_flat_hier_nam + chl + 1, nam); data/covered-0.7.10/src/fstapi.c:2062:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xc->curr_flat_hier_nam, nam); data/covered-0.7.10/src/fstapi.c:2381:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fnam, "%s.hier_%d_%p", xc->filename, getpid(), (void *)xc); data/covered-0.7.10/src/fstapi.c:2814:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(hf, "%s.upk_%d_%p", xc->filename, getpid(), (void *)xc); data/covered-0.7.10/src/func_unit.c:564:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( modname, funit->name ); data/covered-0.7.10/src/func_unit.c:568:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( modname, inst->name ); data/covered-0.7.10/src/func_unit.c:573:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( modname, tmp ); data/covered-0.7.10/src/func_unit.c:578:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( modname, tmp ); data/covered-0.7.10/src/func_unit.c:722:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( (params = sscanf( *line, "%d %s \"%[^\"]\" %d %s %d %d %" FMT64 "u%n", data/covered-0.7.10/src/func_unit.c:1035:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( rest_line, "%s", name ) == 1 ) { data/covered-0.7.10/src/func_unit.c:1213:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmp, rest ); data/covered-0.7.10/src/func_unit.c:1219:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( fscope, front ); data/covered-0.7.10/src/func_unit.c:1221:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmp, rest ); data/covered-0.7.10/src/gen_item.c:104:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( str, tmp ); data/covered-0.7.10/src/gen_item.c:108:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( str, tmp ); data/covered-0.7.10/src/gen_item.c:113:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( str, tmp ); data/covered-0.7.10/src/info.c:258:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%x %" FMT64 "u %s%n", &(info.all), &num_timesteps, tmp, &chars_read ) == 3 ) { data/covered-0.7.10/src/info.c:328:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s%n", score_run_path, &chars_read ) == 1 ) { data/covered-0.7.10/src/info.c:335:30: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( (arg_num == 1) && (sscanf( *line, "%s%n", tmp1, &chars_read ) == 1) ) { data/covered-0.7.10/src/info.c:337:37: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. } else if( (arg_num == 2) && (sscanf( *line, "%s (%[^)])%n", tmp1, tmp2, &chars_read ) == 2) ) { data/covered-0.7.10/src/info.c:381:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s %s%n", tmp1, tmp2, &chars_read ) == 2 ) { data/covered-0.7.10/src/instance.c:197:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( scope, leaf->name ); data/covered-0.7.10/src/instance.c:199:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( scope, leaf->name ); data/covered-0.7.10/src/instance.c:1034:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( leading_hierarchy, root->name ); data/covered-0.7.10/src/instance.c:1045:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( leading_hierarchy, root->name ); data/covered-0.7.10/src/instance.c:1270:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s %d%n", scope, (int*)&name_diff, &chars_read ) == 2 ) { data/covered-0.7.10/src/instance.c:1330:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s %d%n", scope, (int*)&name_diff, &chars_read ) == 2 ) { data/covered-0.7.10/src/line.c:290:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/line.c:292:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/line.c:504:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/line.c:506:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/lxt2_read.c:342:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( (lt->value[idx] + lendelta), (char*)b->string_pointers[vch] ); data/covered-0.7.10/src/lxt2_read.c:486:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( (lt->value[idx] + lendelta), (char*)b->string_pointers[vch] ); data/covered-0.7.10/src/memory.c:226:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *str, prefix ); data/covered-0.7.10/src/memory.c:228:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *str, name ); data/covered-0.7.10/src/memory.c:244:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *str, prefix ); data/covered-0.7.10/src/memory.c:246:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *str, name ); data/covered-0.7.10/src/memory.c:364:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *mem_str, entry_str ); data/covered-0.7.10/src/memory.c:449:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *pdim_str, tmp1 ); data/covered-0.7.10/src/memory.c:451:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *pdim_str, tmp2 ); data/covered-0.7.10/src/memory.c:471:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *udim_str, tmp1 ); data/covered-0.7.10/src/memory.c:473:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( *udim_str, tmp2 ); data/covered-0.7.10/src/memory.c:605:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/memory.c:607:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/memory.c:703:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/memory.c:705:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/memory.c:1116:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/memory.c:1118:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/merge.c:362:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( user_msg, USER_MSG_LENGTH, COVERED_HEADER ); data/covered-0.7.10/src/rank.c:374:20: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while( fscanf( file, "%s", fname ) == 1 ) { data/covered-0.7.10/src/rank.c:1656:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, fmt, comp_cdd_num, i, (((comp_cdd_num - i) / (float)comp_cdd_num) * 100), (comp_cdd_num / (float)i) ); data/covered-0.7.10/src/rank.c:1661:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, fmt, total_timesteps, ranked_timesteps, (((total_timesteps - ranked_timesteps) / (double)total_timesteps) * 100), (total_timesteps / (double)ranked_timesteps) ); data/covered-0.7.10/src/rank.c:1687:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf( ofile, format, data/covered-0.7.10/src/rank.c:1742:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( user_msg, USER_MSG_LENGTH, COVERED_HEADER ); data/covered-0.7.10/src/report.c:1096:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( user_msg, USER_MSG_LENGTH, COVERED_HEADER ); data/covered-0.7.10/src/scope.c:78:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tscope, scope ); data/covered-0.7.10/src/scope.c:393:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( curr_scope, rest ); data/covered-0.7.10/src/score.c:1075:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmp, argv[i] ); data/covered-0.7.10/src/score.c:1185:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rv = snprintf( user_msg, USER_MSG_LENGTH, COVERED_HEADER ); data/covered-0.7.10/src/search.c:127:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy( tmp1, lhier ); data/covered-0.7.10/src/search.c:132:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy( tmp1, tmp3 ); data/covered-0.7.10/src/symtable.c:310:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( curr->value, value ); data/covered-0.7.10/src/tcl_funcs.c:121:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( user_msg, race_msgs[i] ); data/covered-0.7.10/src/tcl_funcs.c:2213:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( incpath, argv[1] ); data/covered-0.7.10/src/toggle.c:305:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/toggle.c:307:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/toggle.c:566:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, parent_inst ); data/covered-0.7.10/src/toggle.c:568:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( tmpname, pname ); data/covered-0.7.10/src/util.c:401:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( orig, rest ); data/covered-0.7.10/src/util.c:620:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( trel, (abs_path + save_i) ); data/covered-0.7.10/src/util.c:880:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( newvalue, env_value ); data/covered-0.7.10/src/util.c:1018:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( back, (scope + strlen( front ) + 1) ); data/covered-0.7.10/src/util.c:1688:60: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while( get_quoted_string( cmd_handle, tmp_str ) || fscanf( cmd_handle, "%s", tmp_str ) == 1 ) { data/covered-0.7.10/src/vcd.c:57:24: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while( !end_seen && (fscanf( vcd, "%s%n", token, &chars_read ) == 1) ) { data/covered-0.7.10/src/vcd.c:89:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( fscanf( vcd, "%s %d %s %s %s", type, &size, id_code, ref, tmp ) == 5 ) { data/covered-0.7.10/src/vcd.c:118:14: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( (fscanf( vcd, "%s", tmp ) != 1) || (strncmp( "$end", tmp, 4 ) != 0) ) { data/covered-0.7.10/src/vcd.c:123:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. } else if( sscanf( ref, "%[a-zA-Z0-9_]\[%s].", reftmp, tmp ) == 2 ) { data/covered-0.7.10/src/vcd.c:129:18: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. } else if( sscanf( ref, "%[a-zA-Z0-9_]\[%s]", reftmp, tmp ) == 2 ) { data/covered-0.7.10/src/vcd.c:131:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ref, reftmp ); data/covered-0.7.10/src/vcd.c:177:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( fscanf( vcd, "%s %s $end", type, id ) == 2 ) { data/covered-0.7.10/src/vcd.c:210:28: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while( !enddef_found && (fscanf( vcd, "%s%n", keyword, &chars_read ) == 1) ) { data/covered-0.7.10/src/vcd.c:269:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( fscanf( vcd, "%s%n", sym, &chars_read ) == 1 ) { data/covered-0.7.10/src/vcd.c:300:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( fscanf( vcd, "%s%n", sym, &chars_read ) == 1 ) { data/covered-0.7.10/src/vcd.c:330:7: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( fscanf( vcd, "%s%n", sym, &chars_read ) != 1 ) { data/covered-0.7.10/src/vector.c:560:23: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s%n", str, &chars_read ) == 1 ) { data/covered-0.7.10/src/vector.c:598:23: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s%n", str, &chars_read ) == 1 ) { data/covered-0.7.10/src/vector.c:766:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%d %s%n", &store_str, value, &chars_read ) == 2 ) { data/covered-0.7.10/src/vector.c:778:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%d %s%n", &store_str, value, &chars_read ) == 2 ) { data/covered-0.7.10/src/vpi.c:780:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( in_db_name, data.value.str ); data/covered-0.7.10/src/vpi.c:791:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( out_db_name, argvptr ); data/covered-0.7.10/src/vsignal.c:313:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s %d %d %x %u %u%n", name, &id, &sline, &(suppl.all), &pdim_num, &udim_num, &chars_read ) == 6 ) { data/covered-0.7.10/src/vsignal.c:406:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if( sscanf( *line, "%s %d %d %x %u %u%n", name, &id, &sline, &(suppl.all), &pdim_num, &udim_num, &chars_read ) == 6 ) { data/covered-0.7.10/src/report.c:1177:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if( getenv( "COVERED_HOME" ) == NULL ) { data/covered-0.7.10/src/report.c:1181:39: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. covered_home = strdup_safe( getenv( "COVERED_HOME" ) ); data/covered-0.7.10/src/report.c:1188:42: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. covered_browser = strdup_safe( getenv( "COVERED_BROWSER" ) ); data/covered-0.7.10/src/report.c:1194:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user_home = getenv( "HOME" ); data/covered-0.7.10/src/util.c:164:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. test_mode = (getenv( "COVERED_TESTMODE" ) != NULL); data/covered-0.7.10/src/util.c:878:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if( (env_value = getenv( env_var )) != NULL ) { data/covered-0.7.10/src/assertion.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary holder of instance name */ data/covered-0.7.10/src/assertion.c:296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/binding.c:99:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/binding.c:617:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sig_name[4096]; /* Hierarchical path to matched port signal */ data/covered-0.7.10/src/binding.c:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[4096]; /* Temporary string */ data/covered-0.7.10/src/binding.c:707:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char back[4096]; /* Temporary string */ data/covered-0.7.10/src/cli.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/cli.c:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scope[4096]; /* String containing scope of given functional unit */ data/covered-0.7.10/src/cli.c:460:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (vfile = fopen( curr->funit->filename, "r" )) != NULL ) { data/covered-0.7.10/src/cli.c:499:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arg[4096]; /* Holder for user argument */ data/covered-0.7.10/src/cli.c:665:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char targ[4096]; data/covered-0.7.10/src/cli.c:821:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (hfile = fopen( arg, "w" )) != NULL ) { data/covered-0.7.10/src/cli.c:1096:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (hfile = fopen( fname, "r" )) != NULL ) { data/covered-0.7.10/src/codegen.c:59:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/codegen.c:340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code_format[20]; /* Format for creating my_code string */ data/covered-0.7.10/src/comb.c:88:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/comb.c:641:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder of instance */ data/covered-0.7.10/src/comb.c:773:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_exp_id[12]; /* String containing value of exp_id */ data/covered-0.7.10/src/comb.c:810:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_exp_id[12]; /* String containing value of exp_id */ data/covered-0.7.10/src/comb.c:965:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( code_fmt, "@*" ); data/covered-0.7.10/src/comb.c:970:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( code_fmt, "always_comb" ); data/covered-0.7.10/src/comb.c:975:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( code_fmt, "always_latch" ); data/covered-0.7.10/src/comb.c:980:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( code_fmt, "$time" ); data/covered-0.7.10/src/comb.c:985:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( code_fmt, "$random" ); data/covered-0.7.10/src/comb.c:990:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( code_fmt, "$urandom" ); data/covered-0.7.10/src/comb.c:1002:35: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 1 : *size = 3; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1003:35: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 2 : *size = 3; strcpy( code_fmt, " %s" ); break; data/covered-0.7.10/src/comb.c:1004:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default: strcpy( code_fmt, "%s" ); break; data/covered-0.7.10/src/comb.c:1081:15: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( code_fmt, " %s " ); data/covered-0.7.10/src/comb.c:1100:15: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( code_fmt, " %s %s " ); data/covered-0.7.10/src/comb.c:1121:15: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( code_fmt, " %s %s " ); data/covered-0.7.10/src/comb.c:1136:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_EXPAND : *size = l_size + r_size + 4; strcpy( code_fmt, " %s %s " ); break; data/covered-0.7.10/src/comb.c:1137:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_CONCAT : *size = l_size + r_size + 2; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1139:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_LIST : *size = l_size + r_size + 2; strcpy( code_fmt, "%s %s" ); break; data/covered-0.7.10/src/comb.c:1144:48: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 11; strcpy( code_fmt, " %s " ); data/covered-0.7.10/src/comb.c:1146:48: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 8; strcpy( code_fmt, " %s" ); data/covered-0.7.10/src/comb.c:1153:48: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 11; strcpy( code_fmt, " %s " ); data/covered-0.7.10/src/comb.c:1155:48: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 8; strcpy( code_fmt, " %s" ); data/covered-0.7.10/src/comb.c:1162:47: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 3; strcpy( code_fmt, " %s " ); data/covered-0.7.10/src/comb.c:1164:47: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 0; strcpy( code_fmt, "%s" ); data/covered-0.7.10/src/comb.c:1171:47: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 7; strcpy( code_fmt, " %s %s " ); data/covered-0.7.10/src/comb.c:1173:47: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. *size = l_size + r_size + 4; strcpy( code_fmt, "%s %s" ); data/covered-0.7.10/src/comb.c:1176:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_CASE : *size = l_size + r_size + 11; strcpy( code_fmt, " %s %s " ); break; data/covered-0.7.10/src/comb.c:1177:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_CASEX : *size = l_size + r_size + 12; strcpy( code_fmt, " %s %s " ); break; data/covered-0.7.10/src/comb.c:1178:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_CASEZ : *size = l_size + r_size + 12; strcpy( code_fmt, " %s %s " ); break; data/covered-0.7.10/src/comb.c:1179:58: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_DELAY : *size = r_size + 3; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1180:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_ASSIGN : *size = l_size + r_size + 10; strcpy( code_fmt, " %s %s" ); break; data/covered-0.7.10/src/comb.c:1183:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_BASSIGN : *size = l_size + r_size + 3; strcpy( code_fmt, "%s %s" ); break; data/covered-0.7.10/src/comb.c:1184:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_NASSIGN : *size = l_size + r_size + 4; strcpy( code_fmt, "%s %s" ); break; data/covered-0.7.10/src/comb.c:1186:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_PASSIGN : *size = r_size; strcpy( code_fmt, "%s" ); break; data/covered-0.7.10/src/comb.c:1187:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_IF : *size = r_size + 6; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1188:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_REPEAT : *size = r_size + 10; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1189:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_WHILE : *size = r_size + 9; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1190:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_WAIT : *size = r_size + 8; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1192:67: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_RPT_DLY : *size = l_size + r_size + 1; strcpy( code_fmt, "%s %s" ); break; data/covered-0.7.10/src/comb.c:1206:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( code_fmt, " %s " ); data/covered-0.7.10/src/comb.c:1211:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_NEGATE : *size = l_size + r_size + 1; strcpy( code_fmt, " %s" ); break; data/covered-0.7.10/src/comb.c:1212:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_DIM : *size = l_size + r_size; strcpy( code_fmt, "%s%s" ); break; data/covered-0.7.10/src/comb.c:1214:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_IDEC : *size = l_size + 2; strcpy( code_fmt, " %s" ); break; data/covered-0.7.10/src/comb.c:1216:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_PDEC : *size = l_size + 2; strcpy( code_fmt, "%s " ); break; data/covered-0.7.10/src/comb.c:1217:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SSIGNED : *size = l_size + 11; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1218:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SUNSIGNED : *size = l_size + 13; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1219:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SCLOG2 : *size = l_size + 10; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1220:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SRANDOM : *size = l_size + 11; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1221:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SURANDOM : *size = l_size + 12; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1222:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SURAND_RANGE : *size = l_size + 18; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1223:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SSRANDOM : *size = l_size + 12; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1225:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SB2R : *size = l_size + 15; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1227:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SR2I : *size = l_size + 9; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1229:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SB2SR : *size = l_size + 20; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1230:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_STESTARGS : *size = l_size + 18; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1231:71: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case EXP_OP_SVALARGS : *size = l_size + 19; strcpy( code_fmt, " %s " ); break; data/covered-0.7.10/src/comb.c:1569:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; /* Temporary string used for sizing lines for numbers */ data/covered-0.7.10/src/comb.c:1591:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[30]; data/covered-0.7.10/src/comb.c:1683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/covered-0.7.10/src/comb.c:1692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[30]; data/covered-0.7.10/src/comb.c:1746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; /* Temporary string used for calculating line width */ data/covered-0.7.10/src/comb.c:1799:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[30]; data/covered-0.7.10/src/comb.c:1993:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curr_id_str[20]; data/covered-0.7.10/src/comb.c:2222:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/covered-0.7.10/src/comb.c:2265:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/covered-0.7.10/src/comb.c:2311:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/covered-0.7.10/src/comb.c:2363:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[30]; data/covered-0.7.10/src/comb.c:2660:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder of instance */ data/covered-0.7.10/src/db.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/db.c:347:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (db_handle = fopen( file, "w" )) != NULL ) { data/covered-0.7.10/src/db.c:419:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parent_scope[4096]; /* Scope of parent functional unit to the current instance */ data/covered-0.7.10/src/db.c:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char back[4096]; /* Current functional unit instance name */ data/covered-0.7.10/src/db.c:421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char funit_scope[4096]; /* Current scope of functional unit instance */ data/covered-0.7.10/src/db.c:422:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char funit_name[256]; /* Current name of functional unit instance */ data/covered-0.7.10/src/db.c:423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char funit_file[4096]; /* Current filename of functional unit instance */ data/covered-0.7.10/src/db.c:446:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (db_handle = fopen( file, "r" )) != NULL ) { data/covered-0.7.10/src/db.c:816:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[30]; data/covered-0.7.10/src/db.c:888:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/covered-0.7.10/src/db.c:940:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/covered-0.7.10/src/db.c:2856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stripped_scope[4096]; /* Temporary string */ data/covered-0.7.10/src/db.c:3004:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[2]; /* Value to store */ data/covered-0.7.10/src/defines.h:1399:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato8(x) atoi(x) data/covered-0.7.10/src/defines.h:1404:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato8(x) atoi(x) data/covered-0.7.10/src/defines.h:1409:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato8(x) atoi(x) data/covered-0.7.10/src/defines.h:1414:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato8(x) atol(x) data/covered-0.7.10/src/defines.h:1431:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato16(x) atoi(x) data/covered-0.7.10/src/defines.h:1436:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato16(x) atoi(x) data/covered-0.7.10/src/defines.h:1441:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato16(x) atoi(x) data/covered-0.7.10/src/defines.h:1446:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato16(x) atol(x) data/covered-0.7.10/src/defines.h:1463:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato32(x) atoi(x) data/covered-0.7.10/src/defines.h:1468:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato32(x) atoi(x) data/covered-0.7.10/src/defines.h:1473:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato32(x) atoi(x) data/covered-0.7.10/src/defines.h:1478:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato32(x) atol(x) data/covered-0.7.10/src/defines.h:1507:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato64(x) atoi(x) data/covered-0.7.10/src/defines.h:1513:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato64(x) atoi(x) data/covered-0.7.10/src/defines.h:1519:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato64(x) atoi(x) data/covered-0.7.10/src/defines.h:1525:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define ato64(x) atol(x) data/covered-0.7.10/src/enumerate.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/exclude.c:47:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/exclude.c:1289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; /* Temporary string */ data/covered-0.7.10/src/exclude.c:1350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/covered-0.7.10/src/exclude.c:1422:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exclude_add_exclude_reason( id[0], atoi( id + 1 ), str, funit ); data/covered-0.7.10/src/exclude.c:1433:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exclude_remove_exclude_reason( id[0], atoi( id + 1 ), funit ); data/covered-0.7.10/src/exclude.c:1455:62: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exclude_reason* er = exclude_find_exclude_reason( id[0], atoi( id + 1 ), funit ); data/covered-0.7.10/src/exclude.c:1482:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (exp = exclude_find_expression( atoi( id + 1 ), &found_funit )) != NULL ) { data/covered-0.7.10/src/exclude.c:1547:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (sig = exclude_find_signal( atoi( id + 1 ), &found_funit )) != NULL ) { data/covered-0.7.10/src/exclude.c:1606:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (sig = exclude_find_signal( atoi( id + 1 ), &found_funit )) != NULL ) { data/covered-0.7.10/src/exclude.c:1665:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (exp = exclude_find_expression( atoi( id + 1 ), &found_funit )) != NULL ) { data/covered-0.7.10/src/exclude.c:1728:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (arc_index = exclude_find_fsm_arc( atoi( id + 1 ), &found_fsm, &found_funit )) != -1 ) { data/covered-0.7.10/src/exclude.c:1790:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (exp = exclude_find_expression( atoi( id + 1 ), &found_funit )) != NULL ) { data/covered-0.7.10/src/expr.c:155:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/fsm.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/fsm.c:695:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/fsm.c:920:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fstr[100]; /* Format string */ data/covered-0.7.10/src/fsm.c:921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; /* Temporary string */ data/covered-0.7.10/src/fsm.c:932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpfst[4096]; /* Temporary string holder for from_state value */ data/covered-0.7.10/src/fsm.c:933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmptst[4096]; /* Temporary string holder for to_state value */ data/covered-0.7.10/src/fsm.c:935:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[30]; /* Placeholder for spaces */ data/covered-0.7.10/src/fsm.c:1101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/fsm_arg.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/fsm_arg.c:335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_val[256]; /* String version of value parsed */ data/covered-0.7.10/src/fsm_var.c:46:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/fst.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/fst.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[FST_ID_NAM_SIZ+1]; data/covered-0.7.10/src/fst.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str2[FST_ID_NAM_SIZ+1]; data/covered-0.7.10/src/fstapi.c:183:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/covered-0.7.10/src/fstapi.c:200:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[sizeof(uint64_t)]; data/covered-0.7.10/src/fstapi.c:278:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/covered-0.7.10/src/fstapi.c:324:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/covered-0.7.10/src/fstapi.c:353:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[5]; data/covered-0.7.10/src/fstapi.c:383:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[16]; data/covered-0.7.10/src/fstapi.c:413:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[10]; /* ceil(64/7) = 10 */ data/covered-0.7.10/src/fstapi.c:515:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pnt, u, sizeof(uint32_t)); data/covered-0.7.10/src/fstapi.c:525:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pnt, dbuf, siz); data/covered-0.7.10/src/fstapi.c:538:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vbuf[FST_HDR_SIM_VERSION_SIZE]; data/covered-0.7.10/src/fstapi.c:539:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[FST_HDR_DATE_SIZE]; data/covered-0.7.10/src/fstapi.c:668:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((!nam)||(!(xc->handle=fopen(nam, "w+b")))) data/covered-0.7.10/src/fstapi.c:678:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hf, nam, flen); data/covered-0.7.10/src/fstapi.c:679:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hf + flen, ".hier"); data/covered-0.7.10/src/fstapi.c:680:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xc->hier_handle = fopen(hf, "w+b"); data/covered-0.7.10/src/fstapi.c:682:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). xc->geom_handle = tmpfile(); /* .geom */ data/covered-0.7.10/src/fstapi.c:683:22: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). xc->valpos_handle = tmpfile(); /* .offs */ data/covered-0.7.10/src/fstapi.c:684:22: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). xc->curval_handle = tmpfile(); /* .bits */ data/covered-0.7.10/src/fstapi.c:685:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). xc->tchn_handle = tmpfile(); /* .tchn */ data/covered-0.7.10/src/fstapi.c:901:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hf+flen, ".pak"); data/covered-0.7.10/src/fstapi.c:902:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(hf, "wb"); data/covered-0.7.10/src/fstapi.c:908:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gz_membuf[FST_GZIO_LEN]; data/covered-0.7.10/src/fstapi.c:967:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hf + flen, ".hier"); data/covered-0.7.10/src/fstapi.c:1130:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xc->curval_mem + vm4ip[0], vchg_mem + offs + 4 + wrlen, vm4ip[1]); /* checkpoint variable */ data/covered-0.7.10/src/fstapi.c:1181:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratchpnt, pnt, vm4ip[1]); data/covered-0.7.10/src/fstapi.c:1474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[FST_HDR_DATE_SIZE]; data/covered-0.7.10/src/fstapi.c:1480:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, dat, (len < FST_HDR_DATE_SIZE) ? len : FST_HDR_DATE_SIZE); data/covered-0.7.10/src/fstapi.c:1493:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[FST_HDR_SIM_VERSION_SIZE]; data/covered-0.7.10/src/fstapi.c:1499:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, vers, (len < FST_HDR_SIM_VERSION_SIZE) ? len : FST_HDR_SIM_VERSION_SIZE); data/covered-0.7.10/src/fstapi.c:1528:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tv = atoi(s); data/covered-0.7.10/src/fstapi.c:1771:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xc->curval_mem + offs, buf, len); data/covered-0.7.10/src/fstapi.c:1915:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[FST_HDR_SIM_VERSION_SIZE + 1]; data/covered-0.7.10/src/fstapi.c:1916:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[FST_HDR_DATE_SIZE + 1]; data/covered-0.7.10/src/fstapi.c:1957:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_scope_nam[FST_ID_NAM_SIZ+1]; data/covered-0.7.10/src/fstapi.c:1958:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_scope_comp[FST_ID_NAM_SIZ+1]; data/covered-0.7.10/src/fstapi.c:2319:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/covered-0.7.10/src/fstapi.c:2344:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/covered-0.7.10/src/fstapi.c:2395:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xc->fh = fopen(fnam, "w+b"); data/covered-0.7.10/src/fstapi.c:2398:26: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). xc->fh = tmpfile(); data/covered-0.7.10/src/fstapi.c:2586:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[FST_ID_NAM_SIZ+1]; data/covered-0.7.10/src/fstapi.c:2608:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_dimension[2] = {0, 0}; data/covered-0.7.10/src/fstapi.c:2801:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gz_membuf[FST_GZIO_LEN]; data/covered-0.7.10/src/fstapi.c:2815:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fcomp = fopen(hf, "w+b"); data/covered-0.7.10/src/fstapi.c:2818:11: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). fcomp = tmpfile(); data/covered-0.7.10/src/fstapi.c:2914:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rvs_buf[8]; data/covered-0.7.10/src/fstapi.c:3086:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((!nam)||(!(xc->f=fopen(nam, "rb")))) data/covered-0.7.10/src/fstapi.c:3101:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hf, nam, flen); data/covered-0.7.10/src/fstapi.c:3102:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hf + flen, ".hier"); data/covered-0.7.10/src/fstapi.c:3103:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xc->fh = fopen(hf, "rb"); data/covered-0.7.10/src/fstapi.c:3424:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xc->temp_signal_value_buf, mu+sig_offs, xc->signal_lens[idx]); data/covered-0.7.10/src/fstapi.c:3473:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone_d, srcdata, 8); data/covered-0.7.10/src/fstapi.c:3484:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)xc->temp_signal_value_buf, "%.16g", d); data/covered-0.7.10/src/fstapi.c:3495:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone_d, srcdata, 8); data/covered-0.7.10/src/fstapi.c:3817:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xc->temp_signal_value_buf, vdata, len); data/covered-0.7.10/src/fstapi.c:3835:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/covered-0.7.10/src/fstapi.c:3884:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone_d, srcdata, 8); data/covered-0.7.10/src/fstapi.c:3895:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)xc->temp_signal_value_buf, "%.16g", d); data/covered-0.7.10/src/fstapi.c:3906:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone_d, srcdata, 8); data/covered-0.7.10/src/fstapi.c:3995:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, xc->rvat_frame_data + xc->rvat_sig_offs[facidx], xc->signal_lens[facidx]); data/covered-0.7.10/src/fstapi.c:4006:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone_d, srcdata, 8); data/covered-0.7.10/src/fstapi.c:4018:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)buf, "%.16g", d); data/covered-0.7.10/src/fstapi.c:4500:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, vdata, xc->signal_lens[facidx]); data/covered-0.7.10/src/fstapi.c:4509:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bufd[8]; data/covered-0.7.10/src/fstapi.c:4534:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone_d, srcdata, 8); data/covered-0.7.10/src/fstapi.c:4546:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "r%.16g", d); data/covered-0.7.10/src/fstapi.c:4694:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mem[1]; data/covered-0.7.10/src/fstapi.c:4731:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chain->mem, mem, length); data/covered-0.7.10/src/func_unit.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/func_unit.c:355:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_name[4096]; /* Container for new name */ data/covered-0.7.10/src/func_unit.c:544:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modname[4096]; /* Name of module */ data/covered-0.7.10/src/func_unit.c:545:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4096]; /* Temporary string holder */ data/covered-0.7.10/src/func_unit.c:1034:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/covered-0.7.10/src/func_unit.c:1205:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fscope[4096]; /* Flattened scope name */ data/covered-0.7.10/src/func_unit.c:1206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4096]; /* Temporary string storage */ data/covered-0.7.10/src/func_unit.c:1207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char front[4096]; /* First portion of scope name */ data/covered-0.7.10/src/func_unit.c:1208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[4096]; /* Last portion of scope name */ data/covered-0.7.10/src/func_unit.c:1309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char back[256]; /* Last portion of functional unit name */ data/covered-0.7.10/src/func_unit.c:1310:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[4096]; /* Rest of functional unit name */ data/covered-0.7.10/src/gen_item.c:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/gen_item.c:101:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( tmp, "UNKNOWN!\n" ); data/covered-0.7.10/src/gen_item.c:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; /* String to store data into */ data/covered-0.7.10/src/gen_item.c:456:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intstr[20]; /* String containing an integer value */ data/covered-0.7.10/src/gen_item.c:523:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[USER_MSG_LENGTH]; data/covered-0.7.10/src/gen_item.c:560:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[USER_MSG_LENGTH]; data/covered-0.7.10/src/gen_item.c:597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[USER_MSG_LENGTH]; data/covered-0.7.10/src/gen_item.c:634:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[USER_MSG_LENGTH]; data/covered-0.7.10/src/gen_item.c:671:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[USER_MSG_LENGTH]; data/covered-0.7.10/src/gen_item.c:710:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[USER_MSG_LENGTH]; data/covered-0.7.10/src/info.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/info.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_run_path[4096]; data/covered-0.7.10/src/info.c:240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4096]; /* Temporary string */ data/covered-0.7.10/src/info.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[4096]; /* Temporary string */ data/covered-0.7.10/src/info.c:325:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[4096]; /* Temporary string */ data/covered-0.7.10/src/info.c:377:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[4096]; /* Temporary string */ data/covered-0.7.10/src/info.c:378:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[4096]; /* Temporary string */ data/covered-0.7.10/src/instance.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/instance.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sp[4096]; /* Contains prefix for children */ data/covered-0.7.10/src/instance.c:221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[4096]; /* Base name of inst_name */ data/covered-0.7.10/src/instance.c:272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char front[256]; /* Front of scope value */ data/covered-0.7.10/src/instance.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[4096]; /* Rest of scope value */ data/covered-0.7.10/src/instance.c:1095:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lhier1[4096]; data/covered-0.7.10/src/instance.c:1096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lhier2[4096]; data/covered-0.7.10/src/instance.c:1242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tscope[4096]; data/covered-0.7.10/src/instance.c:1266:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scope[4096]; data/covered-0.7.10/src/instance.c:1326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scope[4096]; data/covered-0.7.10/src/instance.c:1514:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scope[4096]; data/covered-0.7.10/src/instance.c:1576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char back[256]; /* Highest level of hierarchy in hierarchical reference */ data/covered-0.7.10/src/instance.c:1577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[4096]; /* Rest of scope value */ data/covered-0.7.10/src/line.c:278:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary holder of instance name */ data/covered-0.7.10/src/line.c:495:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/lxt.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/lxt.c:60:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/covered-0.7.10/src/lxt.c:148:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netname[4096]; /* Name of current signal */ data/covered-0.7.10/src/lxt2_read.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/lxt2_read.c:191:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[33]; data/covered-0.7.10/src/lxt2_read.c:305:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( lt->value[idx], lxt2_rd_expand_integer_to_bits( lt->len[idx], x ), lt->len[idx] ); data/covered-0.7.10/src/lxt2_read.c:313:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( lt->value[idx], lxt2_rd_expand_integer_to_bits( lt->len[idx], x ), lt->len[idx] ); data/covered-0.7.10/src/lxt2_read.c:338:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( lt->value[idx], b->string_pointers[vch], lt->len[idx] ); data/covered-0.7.10/src/lxt2_read.c:476:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (lt->value[idx] + i), (b->string_pointers[vch] + i), (lt->len[idx] - i) ); data/covered-0.7.10/src/lxt2_read.c:493:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (lt->value[idx] + i), (b->string_pointers[vch] + i - lendelta), (lt->len[idx] - i) ); data/covered-0.7.10/src/lxt2_read.c:834:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( !(lt->handle = fopen( name, "rb" )) ) { data/covered-0.7.10/src/lxt2_read.c:1616:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gzid[2]; data/covered-0.7.10/src/main.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/memory.c:212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; /* Temporary string */ data/covered-0.7.10/src/memory.c:229:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( *str, "] " ); data/covered-0.7.10/src/memory.c:247:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( *str, "] " ); data/covered-0.7.10/src/memory.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; /* Contains signal name */ data/covered-0.7.10/src/memory.c:308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hit_str[2]; data/covered-0.7.10/src/memory.c:309:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char int_str[20]; data/covered-0.7.10/src/memory.c:418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[20]; /* Temporary string holder */ data/covered-0.7.10/src/memory.c:419:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[20]; /* Temporary string holder */ data/covered-0.7.10/src/memory.c:595:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/memory.c:693:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/memory.c:913:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; /* Contains signal name */ data/covered-0.7.10/src/memory.c:1107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder of instance */ data/covered-0.7.10/src/merge.c:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/obfuscate.c:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[30]; /* Temporary name used for sizing obfuscation ID */ data/covered-0.7.10/src/ovl.c:155:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4096]; /* Temporary string holder */ data/covered-0.7.10/src/ovl.c:292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; /* Temporary string */ data/covered-0.7.10/src/param.c:88:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/param.c:266:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_str[30]; /* String version of module parameter type */ data/covered-0.7.10/src/param.c:270:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_DECLARED : strcpy( type_str, "DECLARED" ); break; data/covered-0.7.10/src/param.c:271:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_OVERRIDE : strcpy( type_str, "OVERRIDE" ); break; data/covered-0.7.10/src/param.c:272:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_SIG_LSB : strcpy( type_str, "SIG_LSB" ); break; data/covered-0.7.10/src/param.c:273:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_SIG_MSB : strcpy( type_str, "SIG_MSB" ); break; data/covered-0.7.10/src/param.c:274:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_INST_LSB : strcpy( type_str, "INST_LSB" ); break; data/covered-0.7.10/src/param.c:275:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_INST_MSB : strcpy( type_str, "INST_MSB" ); break; data/covered-0.7.10/src/param.c:276:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case PARAM_TYPE_DECLARED_LOCAL : strcpy( type_str, "DECLARED_LOCAL" ); break; data/covered-0.7.10/src/param.c:277:41: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default : strcpy( type_str, "UNKNOWN" ); break; data/covered-0.7.10/src/param.c:886:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parm_scope[4096]; /* Specifes full scope to parameter to find */ data/covered-0.7.10/src/param.c:887:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scope[4096]; /* Scope of this instance */ data/covered-0.7.10/src/parse.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/parser_misc.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/profiler.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/profiler.c:304:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (ofile = fopen( profiling_output, "w" )) != NULL ) { data/covered-0.7.10/src/race.c:86:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/rank.c:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/rank.c:371:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (file = fopen( argv[i], "r" )) != NULL ) { data/covered-0.7.10/src/rank.c:372:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[4096]; data/covered-0.7.10/src/rank.c:1582:48: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (ofile = ((rank_file == NULL) ? stdout : fopen( rank_file, "w" ))) != NULL ) { data/covered-0.7.10/src/rank.c:1612:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[100]; data/covered-0.7.10/src/rank.c:1634:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[30]; data/covered-0.7.10/src/rank.c:1635:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[4096]; data/covered-0.7.10/src/report.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/report.c:1127:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofile = fopen( output_file, "w" ); data/covered-0.7.10/src/scope.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/scope.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tscope[4096]; /* Temporary scope value */ data/covered-0.7.10/src/score.c:143:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/score.c:149:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char score_run_path[4096]; data/covered-0.7.10/src/score.c:306:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (vfile = fopen( vpi_file, "w" )) != NULL ) { data/covered-0.7.10/src/score.c:369:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (vfile = fopen( dumpvars_file, "w" )) != NULL ) { data/covered-0.7.10/src/score.c:440:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( mod_name, ".tab" ); data/covered-0.7.10/src/score.c:441:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (tfile = fopen( mod_name, "w" )) != NULL ) { data/covered-0.7.10/src/score.c:1056:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/covered-0.7.10/src/search.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/search.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dutname[4096]; /* Instance name of top-level DUT module */ data/covered-0.7.10/src/search.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lhier[4096]; /* Temporary storage of leading hierarchy */ data/covered-0.7.10/src/search.c:121:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[4096]; data/covered-0.7.10/src/search.c:122:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[4096]; data/covered-0.7.10/src/search.c:123:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp3[4096]; data/covered-0.7.10/src/search.c:281:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[30]; /* Holder for extension */ data/covered-0.7.10/src/sim.c:101:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/statement.c:114:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/stmt_blk.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/tcl_funcs.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/tcl_funcs.c:60:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char score_run_path[4096]; data/covered-0.7.10/src/tcl_funcs.c:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[30]; /* Temporary string */ data/covered-0.7.10/src/tcl_funcs.c:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[30]; /* Temporary string */ data/covered-0.7.10/src/tcl_funcs.c:233:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retval = (atoi( argv[1] ) == 0); data/covered-0.7.10/src/tcl_funcs.c:262:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int index = atoi( argv[0] ); data/covered-0.7.10/src/tcl_funcs.c:263:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int type = atoi( argv[1] ); data/covered-0.7.10/src/tcl_funcs.c:306:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int index = atoi( argv[0] ); data/covered-0.7.10/src/tcl_funcs.c:307:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int type = atoi( argv[1] ); data/covered-0.7.10/src/tcl_funcs.c:347:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:378:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:410:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scope[4096]; data/covered-0.7.10/src/tcl_funcs.c:414:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). instance_gen_scope( scope, gui_inst_list[ atoi( targv[0] ) ], FALSE ); data/covered-0.7.10/src/tcl_funcs.c:419:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:445:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linenum[50]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:452:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find start and end lines for functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:483:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[50]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:502:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:534:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[50]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:553:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:584:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[70]; /* Temporary string containing line information */ data/covered-0.7.10/src/tcl_funcs.c:587:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:604:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:632:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[120]; /* Temporary string */ data/covered-0.7.10/src/tcl_funcs.c:637:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:659:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:688:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[85]; /* Temporary string */ data/covered-0.7.10/src/tcl_funcs.c:693:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:714:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:742:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[120]; /* Temporary string */ data/covered-0.7.10/src/tcl_funcs.c:747:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:798:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[120]; /* Temporary string */ data/covered-0.7.10/src/tcl_funcs.c:803:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:853:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; /* Temporary string for conversion purposes */ data/covered-0.7.10/src/tcl_funcs.c:885:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:920:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[200]; /* Temporary string for conversion purposes */ data/covered-0.7.10/src/tcl_funcs.c:945:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:977:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[85]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:982:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). startline = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1003:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1035:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[85]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:1040:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). startline = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1061:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1099:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:1101:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expr_id = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1170:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expid = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1171:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ulid = atoi( argv[3] ); data/covered-0.7.10/src/tcl_funcs.c:1210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[85]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:1217:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1246:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[85]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:1283:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1310:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; /* Temporary string container */ data/covered-0.7.10/src/tcl_funcs.c:1364:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expr_id = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:1445:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1499:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1550:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:1579:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; /* Temporary string holder */ data/covered-0.7.10/src/tcl_funcs.c:1811:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[20]; /* String version of a value */ data/covered-0.7.10/src/tcl_funcs.c:1865:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[20]; /* String version of a value */ data/covered-0.7.10/src/tcl_funcs.c:1919:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[20]; /* String version of a value */ data/covered-0.7.10/src/tcl_funcs.c:1927:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:1933:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:1973:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[20]; /* String version of a value */ data/covered-0.7.10/src/tcl_funcs.c:1981:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:1987:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2027:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[20]; /* String version of a value */ data/covered-0.7.10/src/tcl_funcs.c:2035:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2041:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find specified functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2080:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[20]; /* String version of a value */ data/covered-0.7.10/src/tcl_funcs.c:2098:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit in design" ); data/covered-0.7.10/src/tcl_funcs.c:2142:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). assert( mkstemp( ppfilename ) != 0 ); data/covered-0.7.10/src/tcl_funcs.c:2144:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen( ppfilename, "w" ); data/covered-0.7.10/src/tcl_funcs.c:2211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char incpath[4096]; /* Contains full included pathname */ data/covered-0.7.10/src/tcl_funcs.c:2262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char generation[2]; /* Generation to use for the specified module */ data/covered-0.7.10/src/tcl_funcs.c:2324:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). line = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:2325:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi( argv[3] ); data/covered-0.7.10/src/tcl_funcs.c:2346:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2381:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2423:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi( argv[3] ); data/covered-0.7.10/src/tcl_funcs.c:2444:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2479:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2522:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi( argv[3] ); data/covered-0.7.10/src/tcl_funcs.c:2543:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2578:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2621:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expr_id = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:2622:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uline_id = atoi( argv[3] ); data/covered-0.7.10/src/tcl_funcs.c:2623:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi( argv[4] ); data/covered-0.7.10/src/tcl_funcs.c:2645:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2680:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2723:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expr_id = atoi( argv[2] ); data/covered-0.7.10/src/tcl_funcs.c:2726:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi( argv[5] ); data/covered-0.7.10/src/tcl_funcs.c:2747:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2782:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2827:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expr_id = atoi( argv[3] ); data/covered-0.7.10/src/tcl_funcs.c:2828:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi( argv[4] ); data/covered-0.7.10/src/tcl_funcs.c:2851:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit" ); data/covered-0.7.10/src/tcl_funcs.c:2888:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( user_msg, "Internal Error: Unable to find functional unit instance" ); data/covered-0.7.10/src/tcl_funcs.c:2933:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (ofile = fopen( output_file, "w" )) == NULL ) { data/covered-0.7.10/src/toggle.c:294:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder for instance */ data/covered-0.7.10/src/toggle.c:453:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/covered-0.7.10/src/toggle.c:504:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[30]; data/covered-0.7.10/src/toggle.c:557:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[4096]; /* Temporary name holder of instance */ data/covered-0.7.10/src/util.c:117:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/util.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpmsg[USER_MSG_LENGTH]; data/covered-0.7.10/src/util.c:425:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). FILE* tmpfile; /* Temporary file pointer */ data/covered-0.7.10/src/util.c:427:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (tmpfile = fopen( token, "w" )) != NULL ) { data/covered-0.7.10/src/util.c:428:31: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unsigned int rv = fclose( tmpfile ); data/covered-0.7.10/src/util.c:505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char this_cwd[4096]; data/covered-0.7.10/src/util.c:520:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[4096]; data/covered-0.7.10/src/util.c:571:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[4096]; data/covered-0.7.10/src/util.c:602:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trel[4096]; data/covered-0.7.10/src/util.c:615:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( trel, "../" ); data/covered-0.7.10/src/util.c:683:19: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). char* tmpfile; /* Temporary string holder for full pathname of file */ data/covered-0.7.10/src/util.c:713:26: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rv = snprintf( tmpfile, tmpchars, "%s/%s", dir, dirp->d_name ); data/covered-0.7.10/src/util.c:715:30: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if( str_link_find( tmpfile, *file_head ) == NULL ) { data/covered-0.7.10/src/util.c:716:33: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). (void)str_link_add( tmpfile, file_head, file_tail ); data/covered-0.7.10/src/util.c:719:24: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). free_safe( tmpfile, (strlen( tmpfile ) + 1) ); data/covered-0.7.10/src/util.c:719:42: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). free_safe( tmpfile, (strlen( tmpfile ) + 1) ); data/covered-0.7.10/src/util.c:817:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[128]; /* Temporary whitespace storage */ data/covered-0.7.10/src/util.c:859:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char env_var[4096]; /* Name of found environment variable */ data/covered-0.7.10/src/util.c:1041:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_str[4096]; data/covered-0.7.10/src/util.c:1188:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; /* String holder for module name of file */ data/covered-0.7.10/src/util.c:1564:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[33]; /* Minimal amount of space needed to store the current time */ data/covered-0.7.10/src/util.c:1567:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( str, "NA" ); data/covered-0.7.10/src/util.c:1672:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_str[4096]; /* Temporary holder for read argument */ data/covered-0.7.10/src/util.c:1682:44: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (cmd_handle = (use_stdin ? stdin : fopen( cmd_file, "r" ))) != NULL ) { data/covered-0.7.10/src/vcd.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/vcd.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[256]; /* String value of current token */ data/covered-0.7.10/src/vcd.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[256]; /* Variable type */ data/covered-0.7.10/src/vcd.c:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_code[256]; /* Unique variable identifier_code */ data/covered-0.7.10/src/vcd.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref[256]; /* Name of variable in design */ data/covered-0.7.10/src/vcd.c:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reftmp[256]; /* Temporary variable name */ data/covered-0.7.10/src/vcd.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[15]; /* Temporary string holder */ data/covered-0.7.10/src/vcd.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[256]; /* Scope type */ data/covered-0.7.10/src/vcd.c:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[256]; /* Name of scope to change to */ data/covered-0.7.10/src/vcd.c:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyword[256]; /* Holds keyword value */ data/covered-0.7.10/src/vcd.c:266:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sym[256]; /* String value of signal symbol */ data/covered-0.7.10/src/vcd.c:297:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sym[256]; /* String value of signal symbol */ data/covered-0.7.10/src/vcd.c:327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sym[256]; /* String value of signal symbol */ data/covered-0.7.10/src/vcd.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[4100]; /* Current token from VCD file */ data/covered-0.7.10/src/vcd.c:432:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (vcd_handle = fopen( vcd_file, "r" )) != NULL ) { data/covered-0.7.10/src/vector.c:61:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/vector.c:559:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; data/covered-0.7.10/src/vector.c:597:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; data/covered-0.7.10/src/vector.c:765:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/covered-0.7.10/src/vector.c:777:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/covered-0.7.10/src/vector.c:1051:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/covered-0.7.10/src/vector.c:1079:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/covered-0.7.10/src/vector.c:2856:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char width_str[20]; data/covered-0.7.10/src/vector.c:2866:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char width_str[100]; data/covered-0.7.10/src/vector.c:2877:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char width_str[30]; data/covered-0.7.10/src/vector.c:2890:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char width_str[20]; data/covered-0.7.10/src/vector.c:3029:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[MAX_BIT_WIDTH]; /* String to store string value in */ data/covered-0.7.10/src/vector.c:3030:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stype[3]; /* Temporary holder for type of string being parsed */ data/covered-0.7.10/src/vpi.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_db_name[1024]; /*!< Name of input CDD file */ data/covered-0.7.10/src/vpi.c:61:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_db_name[1024]; /*!< Name of output CDD file */ data/covered-0.7.10/src/vpi.c:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/vpi.c:249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real_str[64]; data/covered-0.7.10/src/vpi.c:363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[128]; data/covered-0.7.10/src/vpi.c:369:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( s1, "vpiCompile" ); data/covered-0.7.10/src/vpi.c:371:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( s1, "vpiPLI" ); data/covered-0.7.10/src/vpi.c:373:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( s1, "vpiRun" ); data/covered-0.7.10/src/vpi.c:375:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( s1, "**unknown**" ); data/covered-0.7.10/src/vpi.c:395:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char symbol[21] = {32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,32,'\0'}; data/covered-0.7.10/src/vpi.c:466:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real_str[64]; data/covered-0.7.10/src/vpi.c:784:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( out_db_name, "cov.cdd" ); data/covered-0.7.10/src/vsignal.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user_msg[USER_MSG_LENGTH]; data/covered-0.7.10/src/vsignal.c:300:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; /* Name of current vsignal */ data/covered-0.7.10/src/vsignal.c:392:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; /* Name of current vsignal */ data/covered-0.7.10/src/vsignal.c:635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4096]; /* Signal name */ data/covered-0.7.10/src/arc.c:178:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( lvec, (strlen( lvec ) + 1) ); data/covered-0.7.10/src/arc.c:179:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( rvec, (strlen( rvec ) + 1) ); data/covered-0.7.10/src/assertion.c:156:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/assertion.c:245:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/assertion.c:312:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/assertion.c:336:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/assertion.c:393:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/attr.c:123:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ap->name, (strlen( ap->name ) + 1) ); data/covered-0.7.10/src/binding.c:270:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->name, (strlen( curr->name ) + 1) ); data/covered-0.7.10/src/binding.c:322:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int sig_size = strlen( curr->name ) + strlen( rest ) + 2; data/covered-0.7.10/src/binding.c:322:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int sig_size = strlen( curr->name ) + strlen( rest ) + 2; data/covered-0.7.10/src/binding.c:328:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( front, (strlen( found_funit->name ) + 1) ); data/covered-0.7.10/src/binding.c:329:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( rest, (strlen( found_funit->name ) + 1) ); data/covered-0.7.10/src/binding.c:904:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_eb->name, (strlen( tmp_eb->name ) + 1) ); data/covered-0.7.10/src/binding.c:929:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp->name, (strlen( tmp->name ) + 1) ); data/covered-0.7.10/src/cli.c:313:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[i], (strlen( code[i] ) + 1) ); data/covered-0.7.10/src/cli.c:420:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[i], (strlen( code[i] ) + 1) ); data/covered-0.7.10/src/cli.c:527:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( history[history_index], (strlen( history[history_index] ) + 1) ); data/covered-0.7.10/src/cli.c:533:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( history[history_index], (strlen( history[history_index] ) + 1) ); data/covered-0.7.10/src/cli.c:942:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( cli_goto_filename, (strlen( cli_goto_filename ) + 1) ); data/covered-0.7.10/src/cli.c:1033:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( cli_goto_filename, (strlen( cli_goto_filename ) + 1) ); data/covered-0.7.10/src/codegen.c:102:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size += strlen( first ); data/covered-0.7.10/src/codegen.c:106:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size += strlen( left[0] ); data/covered-0.7.10/src/codegen.c:114:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[code_index], (strlen( code[code_index] ) + 1) ); data/covered-0.7.10/src/codegen.c:128:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:129:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left[0], (strlen( left[0] ) + 1) ); data/covered-0.7.10/src/codegen.c:131:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size = strlen( code[code_index] ) + strlen( middle ); data/covered-0.7.10/src/codegen.c:131:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size = strlen( code[code_index] ) + strlen( middle ); data/covered-0.7.10/src/codegen.c:138:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:140:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[code_index], (strlen( code[code_index] ) + 1) ); data/covered-0.7.10/src/codegen.c:148:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size = strlen( left[i] ) + strlen( middle ); data/covered-0.7.10/src/codegen.c:148:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size = strlen( left[i] ) + strlen( middle ); data/covered-0.7.10/src/codegen.c:152:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left[i], (strlen( left[i] ) + 1) ); data/covered-0.7.10/src/codegen.c:156:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:173:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size = strlen( left[i] ) + strlen( middle ); data/covered-0.7.10/src/codegen.c:173:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_size = strlen( left[i] ) + strlen( middle ); data/covered-0.7.10/src/codegen.c:177:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left[i], (strlen( left[i] ) + 1) ); data/covered-0.7.10/src/codegen.c:181:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:265:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( first != NULL ) { total_len += strlen( first ); } data/covered-0.7.10/src/codegen.c:266:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( left_depth > 0 ) { total_len += strlen( left[left_depth - 1] ); } data/covered-0.7.10/src/codegen.c:267:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( middle != NULL ) { total_len += strlen( middle ); } data/covered-0.7.10/src/codegen.c:268:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( right_depth > 0 ) { total_len += strlen( right[0] ); } data/covered-0.7.10/src/codegen.c:269:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( last != NULL ) { total_len += strlen( last ); } data/covered-0.7.10/src/codegen.c:387:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( code_format ) == 1) && (expr->parent->expr->op == EXP_OP_NEGATE) ) { data/covered-0.7.10/src/codegen.c:388:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( code_format, " " ); data/covered-0.7.10/src/codegen.c:396:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmpstr ) + 3; data/covered-0.7.10/src/codegen.c:400:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:414:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch( strlen( tmpstr ) ) { data/covered-0.7.10/src/codegen.c:415:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). case 0 : assert( strlen( tmpstr ) > 0 ); break; data/covered-0.7.10/src/codegen.c:437:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:450:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 2; data/covered-0.7.10/src/codegen.c:459:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:460:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:473:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 2; data/covered-0.7.10/src/codegen.c:489:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:490:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:503:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 2; data/covered-0.7.10/src/codegen.c:512:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:513:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:526:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 2; data/covered-0.7.10/src/codegen.c:535:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:536:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:543:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). after = (char*)malloc_safe( strlen( tfunit->name ) + 1 ); data/covered-0.7.10/src/codegen.c:552:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpstr = (char*)malloc_safe( strlen( pname ) + 3 ); data/covered-0.7.10/src/codegen.c:553:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 3; data/covered-0.7.10/src/codegen.c:557:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:559:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( after, (strlen( tfunit->name ) + 1) ); data/covered-0.7.10/src/codegen.c:560:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:566:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 3; data/covered-0.7.10/src/codegen.c:575:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:576:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:582:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( pname ) + 9; data/covered-0.7.10/src/codegen.c:591:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/codegen.c:592:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/codegen.c:1045:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( before, (strlen( before ) + 1) ); data/covered-0.7.10/src/codegen.c:1046:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( after, (strlen( after ) + 1) ); data/covered-0.7.10/src/comb.c:660:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/comb.c:781:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exp_id_size = strlen( str_exp_id ); data/covered-0.7.10/src/comb.c:818:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exp_id_size = strlen( str_exp_id ); data/covered-0.7.10/src/comb.c:929:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( exp->value->value.r64->str ); data/covered-0.7.10/src/comb.c:933:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( exp->value->value.r32->str ); data/covered-0.7.10/src/comb.c:939:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( code_fmt ); data/covered-0.7.10/src/comb.c:952:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( tmpstr ); data/covered-0.7.10/src/comb.c:953:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/comb.c:999:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( tmpname ); data/covered-0.7.10/src/comb.c:1007:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( tmpname ) + 1) ); data/covered-0.7.10/src/comb.c:1075:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = l_size + r_size + strlen( tmpname ) + 2; data/covered-0.7.10/src/comb.c:1076:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( tmpname ); i++ ) { data/covered-0.7.10/src/comb.c:1082:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( tmpname ) + 1) ); data/covered-0.7.10/src/comb.c:1094:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = l_size + r_size + strlen( tmpname ) + 3; data/covered-0.7.10/src/comb.c:1095:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( tmpname ); i++ ) { data/covered-0.7.10/src/comb.c:1101:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( tmpname ) + 1) ); data/covered-0.7.10/src/comb.c:1115:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = l_size + r_size + strlen( tmpname ) + 4; data/covered-0.7.10/src/comb.c:1116:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( tmpname ); i++ ) { data/covered-0.7.10/src/comb.c:1122:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( tmpname ) + 1) ); data/covered-0.7.10/src/comb.c:1128:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = l_size + r_size + strlen( tmpname ) + 2; data/covered-0.7.10/src/comb.c:1129:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( tmpname ) + 2; i++ ) { data/covered-0.7.10/src/comb.c:1133:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( tmpname ) + 1) ); data/covered-0.7.10/src/comb.c:1201:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = l_size + r_size + strlen( pname ) + 4; data/covered-0.7.10/src/comb.c:1202:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( pname ); i++ ) { data/covered-0.7.10/src/comb.c:1207:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( tfunit->name ) + 1) ); data/covered-0.7.10/src/comb.c:1208:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/comb.c:1289:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( l_lines[i], (strlen( l_lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1290:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( r_lines[i], (strlen( r_lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1302:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( l_lines[i], (strlen( l_lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1326:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( r_lines[i], (strlen( r_lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1352:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( (*lines)[i], (strlen( (*lines)[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1358:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( l_lines[i], (strlen( l_lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1362:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( r_lines[i], (strlen( r_lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1527:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (tmpstr = combination_prep_line( lines[i], start, strlen( code[j] ) )) != NULL ) { data/covered-0.7.10/src/comb.c:1529:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpstr, (strlen( tmpstr ) + 1) ); data/covered-0.7.10/src/comb.c:1534:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start += strlen( code[j] ); data/covered-0.7.10/src/comb.c:1536:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[j], (strlen( code[j] ) + 1) ); data/covered-0.7.10/src/comb.c:1541:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( lines[i], (strlen( lines[i] ) + 1) ); data/covered-0.7.10/src/comb.c:1608:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( tmp, 20, "%d", exp->ulid ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1609:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( tmp, 20, "%d", hit ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1610:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( tmp, 20, "%d", tot ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1623:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 25 + strlen( op ) + strlen( spaces ); (*info)[1] = (char*)malloc_safe( length ); data/covered-0.7.10/src/comb.c:1623:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 25 + strlen( op ) + strlen( spaces ); (*info)[1] = (char*)malloc_safe( length ); data/covered-0.7.10/src/comb.c:1632:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 23 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1637:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 22 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1653:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 16 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1657:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 15 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1709:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 28; rv = snprintf( tmp, 20, "%d", exp->ulid ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1722:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 25 + strlen( op ) + strlen( spaces ); data/covered-0.7.10/src/comb.c:1722:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 25 + strlen( op ) + strlen( spaces ); data/covered-0.7.10/src/comb.c:1724:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 31 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1816:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( tmp, 20, "%d", exp->ulid ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1817:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( tmp, 20, "%d", hit ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1818:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( tmp, 20, "%d", total ); assert( rv < 20 ); length += strlen( tmp ); data/covered-0.7.10/src/comb.c:1831:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 25 + strlen( op ) + strlen( spaces ); data/covered-0.7.10/src/comb.c:1831:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 25 + strlen( op ) + strlen( spaces ); data/covered-0.7.10/src/comb.c:1842:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 30 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1847:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 28 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1865:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 23 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1869:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 21 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1885:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 30 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1890:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 28 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1908:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 23 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1912:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 21 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1928:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 35 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1933:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 33 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1953:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 28 + strlen( spaces ); data/covered-0.7.10/src/comb.c:1957:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 26 + strlen( spaces ); data/covered-0.7.10/src/comb.c:2009:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curr_id_str_len = strlen( curr_id_str ); data/covered-0.7.10/src/comb.c:2050:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curr_id_str_len = strlen( curr_id_str ); data/covered-0.7.10/src/comb.c:2087:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen1 = strlen( left_line1 ) + strlen( right_line1 ) + 1; data/covered-0.7.10/src/comb.c:2087:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen1 = strlen( left_line1 ) + strlen( right_line1 ) + 1; data/covered-0.7.10/src/comb.c:2088:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen2 = strlen( left_line2 ) + strlen( right_line2 ) + 1; data/covered-0.7.10/src/comb.c:2088:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen2 = strlen( left_line2 ) + strlen( right_line2 ) + 1; data/covered-0.7.10/src/comb.c:2089:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen3 = strlen( left_line3 ) + strlen( right_line3 ) + 1; data/covered-0.7.10/src/comb.c:2089:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen3 = strlen( left_line3 ) + strlen( right_line3 ) + 1; data/covered-0.7.10/src/comb.c:2099:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left_line1, (strlen( left_line1 ) + 1) ); data/covered-0.7.10/src/comb.c:2100:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left_line2, (strlen( left_line2 ) + 1) ); data/covered-0.7.10/src/comb.c:2101:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left_line3, (strlen( left_line3 ) + 1) ); data/covered-0.7.10/src/comb.c:2102:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( right_line1, (strlen( right_line1 ) + 1) ); data/covered-0.7.10/src/comb.c:2103:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( right_line2, (strlen( right_line2 ) + 1) ); data/covered-0.7.10/src/comb.c:2104:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( right_line3, (strlen( right_line3 ) + 1) ); data/covered-0.7.10/src/comb.c:2119:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen1 = strlen( *line1 ) + 5; data/covered-0.7.10/src/comb.c:2120:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen2 = strlen( *line2 ) + 6; data/covered-0.7.10/src/comb.c:2121:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen3 = strlen( *line3 ) + 6; data/covered-0.7.10/src/comb.c:2143:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left_line1, (strlen( left_line1 ) + 1) ); data/covered-0.7.10/src/comb.c:2144:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left_line2, (strlen( left_line2 ) + 1) ); data/covered-0.7.10/src/comb.c:2145:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( left_line3, (strlen( left_line3 ) + 1) ); data/covered-0.7.10/src/comb.c:2164:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen( line1 ); data/covered-0.7.10/src/comb.c:2194:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen( line1 ); data/covered-0.7.10/src/comb.c:2207:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen1 = strlen( line1 + start ) + 9; data/covered-0.7.10/src/comb.c:2208:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen2 = strlen( line2 + start ) + 9; data/covered-0.7.10/src/comb.c:2209:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen3 = strlen( line3 + start ) + 9; data/covered-0.7.10/src/comb.c:2250:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen1 = strlen( line1 + start ) + 10; data/covered-0.7.10/src/comb.c:2251:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen2 = strlen( line2 + start ) + 10; data/covered-0.7.10/src/comb.c:2252:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen3 = strlen( line3 + start ) + 11; data/covered-0.7.10/src/comb.c:2337:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen1 = strlen( line1 ) + 1; data/covered-0.7.10/src/comb.c:2338:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen2 = strlen( line2 ) + 1; data/covered-0.7.10/src/comb.c:2339:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen3 = strlen( line3 ) + 1; data/covered-0.7.10/src/comb.c:2348:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_size += strlen( tmp ); data/covered-0.7.10/src/comb.c:2351:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_size += strlen( tmp ); data/covered-0.7.10/src/comb.c:2354:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_size += strlen( tmp ); data/covered-0.7.10/src/comb.c:2374:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen( tmp ) + (eid_size - 1) + 5; data/covered-0.7.10/src/comb.c:2379:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( tmp ) + 1) ); data/covered-0.7.10/src/comb.c:2500:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( info[i], (strlen( info[i] ) + 1) ); data/covered-0.7.10/src/comb.c:2677:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/comb.c:2701:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/comb.c:2761:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/comb.c:2949:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( (*code)[i], (strlen( (*code)[i] ) + 1) ); data/covered-0.7.10/src/comb.c:2976:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( ((*ulines)[*uline_size] = combination_prep_line( tmp_ulines[j], start, strlen( (*code)[i] ) )) != NULL ) { data/covered-0.7.10/src/comb.c:2987:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start += strlen( (*code)[i] ); data/covered-0.7.10/src/comb.c:2992:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_ulines[i], (strlen( tmp_ulines[i] ) + 1) ); data/covered-0.7.10/src/db.c:257:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( db_list[i]->leading_hierarchies[j], (strlen( db_list[i]->leading_hierarchies[j] ) + 1) ); data/covered-0.7.10/src/db.c:894:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exclusion_id_size = strlen( tmp ) + 2; data/covered-0.7.10/src/db.c:901:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( tmp ) + 2) > exclusion_id_size ) { data/covered-0.7.10/src/db.c:902:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exclusion_id_size = strlen( tmp ) + 2; data/covered-0.7.10/src/db.c:910:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( tmp ) + 2) > exclusion_id_size ) { data/covered-0.7.10/src/db.c:911:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exclusion_id_size = strlen( tmp ) + 2; data/covered-0.7.10/src/db.c:1261:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( full_name, (strlen( full_name ) + 1) ); data/covered-0.7.10/src/db.c:1265:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( full_name, (strlen( full_name ) + 1) ); data/covered-0.7.10/src/db.c:2286:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( scope ) + 1) ); data/covered-0.7.10/src/db.c:2830:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scope_size += strlen( curr_inst_scope[i] ) + 1; data/covered-0.7.10/src/db.c:2839:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( scope, "." ); data/covered-0.7.10/src/db.c:2867:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( scope ) + 1) ); data/covered-0.7.10/src/db.c:2920:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( scope ) + 1) ); data/covered-0.7.10/src/db.c:2928:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr_inst_scope[curr_inst_scope_size], (strlen( curr_inst_scope[curr_inst_scope_size] ) + 1) ); data/covered-0.7.10/src/db.c:2956:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( scope ) + 1) ); data/covered-0.7.10/src/exclude.c:337:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( er->reason, (strlen( er->reason ) + 1) ); data/covered-0.7.10/src/exclude.c:825:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/exclude.c:831:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/exclude.c:1004:24: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). answer = (char)getchar(); data/covered-0.7.10/src/exclude.c:1005:28: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( ((c = (char)getchar()) != EOF) && (c != '\n') ); data/covered-0.7.10/src/exclude.c:1021:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( orig_er->reason, (strlen( orig_er->reason ) + 1) ); data/covered-0.7.10/src/exclude.c:1030:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( eid, (strlen( eid ) + 1) ); data/covered-0.7.10/src/exclude.c:1038:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( orig_er->reason, (strlen( orig_er->reason ) + 1) ); data/covered-0.7.10/src/exclude.c:1043:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( orig_er->reason ) + 1 + strlen( new_reason ) + 1; data/covered-0.7.10/src/exclude.c:1043:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( orig_er->reason ) + 1 + strlen( new_reason ) + 1; data/covered-0.7.10/src/exclude.c:1044:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( orig_er->reason[strlen( orig_er->reason ) - 1] != '.' ) { data/covered-0.7.10/src/exclude.c:1047:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orig_er->reason = (char*)realloc_safe( orig_er->reason, (strlen( orig_er->reason ) + 1), slen ); data/covered-0.7.10/src/exclude.c:1048:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( orig_er->reason[strlen( orig_er->reason ) - 1] != '.' ) { data/covered-0.7.10/src/exclude.c:1049:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( orig_er->reason, "." ); data/covered-0.7.10/src/exclude.c:1051:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( orig_er->reason, " " ); data/covered-0.7.10/src/exclude.c:1057:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( orig_er->reason, (strlen( orig_er->reason ) + 1) ); data/covered-0.7.10/src/exclude.c:1064:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( orig_er->reason, (strlen( orig_er->reason ) + 1) ); data/covered-0.7.10/src/exclude.c:1299:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( old_str ); i++ ) { data/covered-0.7.10/src/exclude.c:1312:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = (char*)realloc_safe( msg, msg_size, (msg_size + strlen( str )) ); data/covered-0.7.10/src/exclude.c:1313:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_size += strlen( str ); data/covered-0.7.10/src/exclude.c:1325:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( str ) > 0 ) { data/covered-0.7.10/src/exclude.c:1326:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = (char*)realloc_safe( msg, msg_size, (msg_size + strlen( str )) ); data/covered-0.7.10/src/exclude.c:1328:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[strlen(msg)] = '\0'; data/covered-0.7.10/src/exclude.c:1362:22: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( ((c = (char)getchar()) != EOF) && ((c != '.') || !nl_just_seen) ) { data/covered-0.7.10/src/exclude.c:1376:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = (char*)realloc_safe( msg, msg_size, (msg_size + strlen( str )) ); data/covered-0.7.10/src/exclude.c:1377:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_size += strlen( str ); data/covered-0.7.10/src/exclude.c:1385:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( str ) > 0 ) { data/covered-0.7.10/src/exclude.c:1386:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg = (char*)realloc_safe( msg, msg_size, (msg_size + strlen( str )) ); data/covered-0.7.10/src/exclude.c:1388:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[strlen(msg)-1] = '\0'; data/covered-0.7.10/src/exclude.c:1396:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( msg, (strlen( msg ) + ((strlen( str ) > 0) ? 2 : 1)) ); data/covered-0.7.10/src/exclude.c:1396:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( msg, (strlen( msg ) + ((strlen( str ) > 0) ? 2 : 1)) ); data/covered-0.7.10/src/exclude.c:1421:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (str != NULL) && (strlen( str ) > 0) ) { data/covered-0.7.10/src/exclude.c:1424:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( str, (strlen( str ) + 1) ); data/covered-0.7.10/src/exclude.c:1930:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( exclude_cdd, (strlen( exclude_cdd ) + 1) ); data/covered-0.7.10/src/expr.c:1341:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sig_name, (strlen( sig_name ) + 1) ); data/covered-0.7.10/src/expr.c:3447:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg, (strlen( arg ) + 1) ); data/covered-0.7.10/src/expr.c:3522:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg, (strlen( arg ) + 1) ); data/covered-0.7.10/src/expr.c:6309:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( expr->name, (strlen( expr->name ) + 1) ); data/covered-0.7.10/src/fsm.c:633:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_reasons[i], (strlen( tmp_reasons[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:714:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/fsm.c:835:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/fsm.c:885:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( fr_states[i], (strlen( fr_states[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:896:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( to_states[i], (strlen( to_states[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:957:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_width = strlen( tmp ); data/covered-0.7.10/src/fsm.c:1008:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( from_states[i], (strlen( from_states[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:1009:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( to_states[i], (strlen( to_states[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:1010:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reasons[i], (strlen( reasons[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:1056:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ocode[i], (strlen( ocode[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:1064:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( icode[i], (strlen( icode[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:1068:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ocode[i], (strlen( ocode[i] ) + 1) ); data/covered-0.7.10/src/fsm.c:1118:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/fsm.c:1144:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/fsm.c:1197:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/fsm.c:1292:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( table->name, (strlen( table->name ) + 1) ); data/covered-0.7.10/src/fsm_arg.c:301:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( arg ) + 1) ); data/covered-0.7.10/src/fsm_arg.c:306:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( arg ) + 1) ); data/covered-0.7.10/src/fsm_arg.c:575:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( tmp ) + 1) ); data/covered-0.7.10/src/fsm_arg.c:580:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( tmp ) + 1) ); data/covered-0.7.10/src/fsm_arg.c:622:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp ); data/covered-0.7.10/src/fsm_arg.c:646:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp ); data/covered-0.7.10/src/fsm_arg.c:674:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp ); data/covered-0.7.10/src/fsm_arg.c:714:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( tmp ) + 1) ); data/covered-0.7.10/src/fsm_var.c:410:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->sig_name, (strlen( curr->sig_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:411:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->funit_name, (strlen( curr->funit_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:421:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->sig_name, (strlen( curr->sig_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:422:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->funit_name, (strlen( curr->funit_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:429:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->funit_name, (strlen( curr->funit_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:445:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->funit_name, (strlen( curr->funit_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:466:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( fv->funit, (strlen( fv->funit ) + 1) ); data/covered-0.7.10/src/fsm_var.c:535:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_fv->funit, (strlen( curr_fv->funit ) + 1) ); data/covered-0.7.10/src/fsm_var.c:548:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_fvb->sig_name, (strlen( tmp_fvb->sig_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:549:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_fvb->funit_name, (strlen( tmp_fvb->funit_name ) + 1) ); data/covered-0.7.10/src/fsm_var.c:561:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp_fvb->funit_name, (strlen( tmp_fvb->funit_name ) + 1) ); data/covered-0.7.10/src/fst.c:95:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int tag = fgetc(xc->fh); data/covered-0.7.10/src/fst.c:100:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). scopetype = fgetc(xc->fh); data/covered-0.7.10/src/fst.c:102:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( (ch = fgetc( xc->fh )) ) { data/covered-0.7.10/src/fst.c:106:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( fgetc( xc->fh ) ) { }; /* scopecomp */ data/covered-0.7.10/src/fst.c:136:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). vardir = fgetc( xc->fh ); /* unused in VCD reader */ data/covered-0.7.10/src/fst.c:138:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( (ch = fgetc( xc->fh )) ) { data/covered-0.7.10/src/fstapi.c:131:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(__fd, pnt + i, ((__len - i) >= SSIZE_MAX) ? SSIZE_MAX : (__len - i)); data/covered-0.7.10/src/fstapi.c:331:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(f); data/covered-0.7.10/src/fstapi.c:360:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(f); data/covered-0.7.10/src/fstapi.c:390:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(f); data/covered-0.7.10/src/fstapi.c:675:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(nam); data/covered-0.7.10/src/fstapi.c:826:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fnam = malloc(strlen(xc->filename) + 5 + 1); data/covered-0.7.10/src/fstapi.c:897:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(xc->filename); data/covered-0.7.10/src/fstapi.c:961:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(xc->filename); data/covered-0.7.10/src/fstapi.c:1476:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(dat); data/covered-0.7.10/src/fstapi.c:1495:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(vers); data/covered-0.7.10/src/fstapi.c:1625:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(nam); data/covered-0.7.10/src/fstapi.c:1698:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xc->hier_file_len += strlen(scopename); data/covered-0.7.10/src/fstapi.c:1702:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xc->hier_file_len += strlen(scopecomp); data/covered-0.7.10/src/fstapi.c:2049:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = chl + 1 + strlen(nam); data/covered-0.7.10/src/fstapi.c:2375:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fnam = malloc(strlen(xc->filename) + 6 + 16 + 32 + 1); data/covered-0.7.10/src/fstapi.c:2494:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int tag = fgetc(xc->fh); data/covered-0.7.10/src/fstapi.c:2499:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). xc->hier.u.scope.typ = fgetc(xc->fh); data/covered-0.7.10/src/fstapi.c:2501:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(xc->fh))) data/covered-0.7.10/src/fstapi.c:2508:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(xc->fh))) data/covered-0.7.10/src/fstapi.c:2543:31: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). xc->hier.u.var.direction = fgetc(xc->fh); data/covered-0.7.10/src/fstapi.c:2545:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(xc->fh))) data/covered-0.7.10/src/fstapi.c:2663:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int tag = fgetc(xc->fh); data/covered-0.7.10/src/fstapi.c:2667:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). scopetype = fgetc(xc->fh); data/covered-0.7.10/src/fstapi.c:2669:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(xc->fh))) data/covered-0.7.10/src/fstapi.c:2674:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(fgetc(xc->fh)) { }; /* scopecomp */ data/covered-0.7.10/src/fstapi.c:2705:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). /* vardir = */ fgetc(xc->fh); /* unused in VCD reader, but need to advance read pointer */ data/covered-0.7.10/src/fstapi.c:2707:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((ch = fgetc(xc->fh))) data/covered-0.7.10/src/fstapi.c:2796:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sectype = fgetc(xc->f); data/covered-0.7.10/src/fstapi.c:2804:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(xc->filename); data/covered-0.7.10/src/fstapi.c:2883:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sectype = fgetc(xc->f); data/covered-0.7.10/src/fstapi.c:2939:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(xc->f); data/covered-0.7.10/src/fstapi.c:3053:32: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). xc->blackout_activity[i] = fgetc(xc->f) != 0; data/covered-0.7.10/src/fstapi.c:3093:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(nam); data/covered-0.7.10/src/fstapi.c:3236:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sectype = fgetc(xc->f); data/covered-0.7.10/src/fstapi.c:3526:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). packtype = fgetc(xc->f); data/covered-0.7.10/src/fstapi.c:4078:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sectype = fgetc(xc->f); data/covered-0.7.10/src/fstapi.c:4103:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sectype = fgetc(xc->f); data/covered-0.7.10/src/func_unit.c:1106:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int rv = fseek( file, (0 - (strlen( curr_line ) + 1)), SEEK_CUR ); data/covered-0.7.10/src/func_unit.c:1218:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( fscope, "." ); data/covered-0.7.10/src/func_unit.c:1693:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ttdi->name, (strlen( ttdi->name ) + 1) ); data/covered-0.7.10/src/func_unit.c:1706:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ter->reason, (strlen( ter->reason ) + 1) ); data/covered-0.7.10/src/func_unit.c:1717:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( funit->name, (strlen( funit->name ) + 1) ); data/covered-0.7.10/src/func_unit.c:1723:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( funit->filename, (strlen( funit->filename ) + 1) ); data/covered-0.7.10/src/func_unit.c:1729:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( funit->version, (strlen( funit->version ) + 1) ); data/covered-0.7.10/src/gen_item.c:425:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpname, (strlen( name ) + 1) ); data/covered-0.7.10/src/gen_item.c:471:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + strlen( intstr ) + 3) ); data/covered-0.7.10/src/gen_item.c:471:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + strlen( intstr ) + 3) ); data/covered-0.7.10/src/gen_item.c:471:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + strlen( intstr ) + 3) ); data/covered-0.7.10/src/gen_item.c:471:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + strlen( intstr ) + 3) ); data/covered-0.7.10/src/gen_item.c:472:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat( new_name, pre, strlen( pre ) ); data/covered-0.7.10/src/gen_item.c:472:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat( new_name, pre, strlen( pre ) ); data/covered-0.7.10/src/gen_item.c:473:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat( new_name, "[", 1 ); data/covered-0.7.10/src/gen_item.c:474:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat( new_name, intstr, strlen( intstr ) ); data/covered-0.7.10/src/gen_item.c:474:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat( new_name, intstr, strlen( intstr ) ); data/covered-0.7.10/src/gen_item.c:475:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat( new_name, "]", 1 ); data/covered-0.7.10/src/gen_item.c:478:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + 1) ); data/covered-0.7.10/src/gen_item.c:478:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + 1) ); data/covered-0.7.10/src/gen_item.c:478:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_name = (char*)realloc_safe( new_name, (strlen( new_name ) + 1), (strlen( new_name ) + strlen( pre ) + 1) ); data/covered-0.7.10/src/gen_item.c:479:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat( new_name, pre, strlen( pre ) ); data/covered-0.7.10/src/gen_item.c:479:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat( new_name, pre, strlen( pre ) ); data/covered-0.7.10/src/gen_item.c:484:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( new_name, (strlen( new_name ) + 1) ); data/covered-0.7.10/src/gen_item.c:485:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ptr, (strlen( name ) + 1) ); data/covered-0.7.10/src/gen_item.c:490:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ptr, (strlen( name ) + 1) ); data/covered-0.7.10/src/gen_item.c:1044:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( varname, (strlen( varname ) + 1) ); data/covered-0.7.10/src/gen_item.c:1073:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( gi->elem.expr->name, (strlen( gi->elem.expr->name ) + 1) ); data/covered-0.7.10/src/gen_item.c:1220:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( gi->varname, (strlen( gi->varname ) + 1) ); data/covered-0.7.10/src/info.c:362:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (cdd_message == NULL) && (strlen( *line + 1 ) > 0) ) { data/covered-0.7.10/src/info.c:407:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( file, (strlen( file ) + 1) ); data/covered-0.7.10/src/info.c:441:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( cdd_message, (strlen( cdd_message ) + 1) ); data/covered-0.7.10/src/instance.c:84:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( piname, (strlen( piname ) + 1) ); data/covered-0.7.10/src/instance.c:85:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pfname, (strlen( pfname ) + 1) ); data/covered-0.7.10/src/instance.c:91:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( piname, (strlen( piname ) + 1) ); data/covered-0.7.10/src/instance.c:196:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( scope, "." ); data/covered-0.7.10/src/instance.c:787:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->name, (strlen( curr->name ) + 1) ); data/covered-0.7.10/src/instance.c:790:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( name_copy ) + 23; data/covered-0.7.10/src/instance.c:809:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( name_copy, (strlen( name_copy ) + 1) ); data/covered-0.7.10/src/instance.c:1044:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( leading_hierarchy, "." ); data/covered-0.7.10/src/instance.c:1305:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( back, (strlen( scope ) + 1) ); data/covered-0.7.10/src/instance.c:1306:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( rest, (strlen( scope ) + 1) ); data/covered-0.7.10/src/instance.c:1369:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( back, (strlen( scope ) + 1) ); data/covered-0.7.10/src/instance.c:1370:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( rest, (strlen( scope ) + 1) ); data/covered-0.7.10/src/instance.c:1476:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( inst->name, (strlen( inst->name ) + 1) ); data/covered-0.7.10/src/line.c:298:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/line.c:387:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/line.c:464:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[i], (strlen( code[i] ) + 1) ); data/covered-0.7.10/src/line.c:512:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/line.c:536:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/line.c:595:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/link.c:818:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->str, (strlen( curr->str ) + 1) ); data/covered-0.7.10/src/link.c:1000:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp->str, (strlen( tmp->str ) + 1) ); data/covered-0.7.10/src/link.c:1001:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp->str2, (strlen( tmp->str2 ) + 1) ); data/covered-0.7.10/src/lxt2_read.c:333:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( lt->value[idx], (strlen( lt->value[idx] ) + 1) ); data/covered-0.7.10/src/lxt2_read.c:670:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b->string_lens[i] = strlen( (char*)pnt ); data/covered-0.7.10/src/lxt2_read.c:1134:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( lt->value[i], (strlen( lt->value[i] ) + 1) ); data/covered-0.7.10/src/memory.c:225:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:225:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:225:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:225:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:227:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *str, "[" ); data/covered-0.7.10/src/memory.c:243:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:243:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:243:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:243:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *str = (char*)realloc_safe( *str, (strlen( *str ) + 1), (strlen( *str ) + strlen( prefix ) + strlen( name ) + 4) ); data/covered-0.7.10/src/memory.c:245:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *str, "[" ); data/covered-0.7.10/src/memory.c:329:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( prefix ) + strlen( int_str ) + 5; data/covered-0.7.10/src/memory.c:329:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( prefix ) + strlen( int_str ) + 5; data/covered-0.7.10/src/memory.c:350:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( hit_str, "0" ); data/covered-0.7.10/src/memory.c:352:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( hit_str, "1" ); data/covered-0.7.10/src/memory.c:356:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( dim_str ) + strlen( hit_str ) + strlen( tog01_str ) + strlen( tog10_str ) + 10; data/covered-0.7.10/src/memory.c:356:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( dim_str ) + strlen( hit_str ) + strlen( tog01_str ) + strlen( tog10_str ) + 10; data/covered-0.7.10/src/memory.c:356:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( dim_str ) + strlen( hit_str ) + strlen( tog01_str ) + strlen( tog10_str ) + 10; data/covered-0.7.10/src/memory.c:356:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( dim_str ) + strlen( hit_str ) + strlen( tog01_str ) + strlen( tog10_str ) + 10; data/covered-0.7.10/src/memory.c:362:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *mem_str = (char*)realloc_safe( *mem_str, (strlen( *mem_str ) + 1), (strlen( *mem_str ) + strlen( entry_str ) + 2) ); data/covered-0.7.10/src/memory.c:362:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *mem_str = (char*)realloc_safe( *mem_str, (strlen( *mem_str ) + 1), (strlen( *mem_str ) + strlen( entry_str ) + 2) ); data/covered-0.7.10/src/memory.c:362:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *mem_str = (char*)realloc_safe( *mem_str, (strlen( *mem_str ) + 1), (strlen( *mem_str ) + strlen( entry_str ) + 2) ); data/covered-0.7.10/src/memory.c:363:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *mem_str, " " ); data/covered-0.7.10/src/memory.c:367:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( dim_str, (strlen( dim_str ) + 1) ); data/covered-0.7.10/src/memory.c:368:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tog01_str, (strlen( tog01_str ) + 1) ); data/covered-0.7.10/src/memory.c:369:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tog10_str, (strlen( tog10_str ) + 1) ); data/covered-0.7.10/src/memory.c:370:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( entry_str, (strlen( entry_str ) + 1) ); data/covered-0.7.10/src/memory.c:442:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp1 ) + strlen( tmp2 ) + 4; data/covered-0.7.10/src/memory.c:442:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp1 ) + strlen( tmp2 ) + 4; data/covered-0.7.10/src/memory.c:443:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pdim_str = (char*)realloc_safe( *pdim_str, (strlen( *pdim_str ) + 1), slen ); data/covered-0.7.10/src/memory.c:448:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *pdim_str, "[" ); data/covered-0.7.10/src/memory.c:450:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *pdim_str, ":" ); data/covered-0.7.10/src/memory.c:452:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *pdim_str, "]" ); data/covered-0.7.10/src/memory.c:464:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp1 ) + strlen( tmp2 ) + 4; data/covered-0.7.10/src/memory.c:464:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( tmp1 ) + strlen( tmp2 ) + 4; data/covered-0.7.10/src/memory.c:465:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *udim_str = (char*)realloc_safe( *udim_str, (strlen( *udim_str ) + 1), slen ); data/covered-0.7.10/src/memory.c:470:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *udim_str, "[" ); data/covered-0.7.10/src/memory.c:472:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *udim_str, ":" ); data/covered-0.7.10/src/memory.c:474:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( *udim_str, "]" ); data/covered-0.7.10/src/memory.c:613:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/memory.c:711:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/memory.c:807:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/memory.c:887:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/memory.c:977:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( j=0; j<strlen( name ); j++ ) { data/covered-0.7.10/src/memory.c:1082:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/memory.c:1124:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/memory.c:1149:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/merge.c:181:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/merge.c:187:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/merge.c:445:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( merged_file, (strlen( merged_file ) + 1) ); data/covered-0.7.10/src/obfuscate.c:79:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( real_name ) + 3; data/covered-0.7.10/src/obfuscate.c:98:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( key, (strlen( key ) + 1) ); data/covered-0.7.10/src/ovl.c:87:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while( (i < OVL_ASSERT_NUM) && (strncmp( (name + 7), (ovl_assertions[i] + 7), strlen( ovl_assertions[i] + 7 ) ) != 0) ) { data/covered-0.7.10/src/ovl.c:356:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( cov_point, (strlen( cov_point ) + 1) ); data/covered-0.7.10/src/ovl.c:499:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( curr_child->funit->name ) + 1 + strlen( curr_child->funit->filename ) + 1; data/covered-0.7.10/src/ovl.c:499:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( curr_child->funit->name ) + 1 + strlen( curr_child->funit->filename ) + 1; data/covered-0.7.10/src/param.c:1120:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( parm->name, (strlen( parm->name ) + 1) ); data/covered-0.7.10/src/param.c:1123:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( parm->inst_name, (strlen( parm->inst_name ) + 1) ); data/covered-0.7.10/src/param.c:1156:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( iparm->inst_name, (strlen( iparm->inst_name ) + 1) ); data/covered-0.7.10/src/parse.c:76:59: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( (i < (size - 1)) && !feof( file ) && ((line[i] = fgetc( file )) != '\n') ) { data/covered-0.7.10/src/profiler.c:72:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( profiling_output, (strlen( profiling_output ) + 1) ); data/covered-0.7.10/src/profiler.c:129:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( profiling_output, (strlen( profiling_output ) + 1) ); data/covered-0.7.10/src/rank.c:187:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( comp_cov->cdd_name ) > longest_name_len ) { data/covered-0.7.10/src/rank.c:188:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). longest_name_len = strlen( comp_cov->cdd_name ); data/covered-0.7.10/src/rank.c:218:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( comp_cov->cdd_name, (strlen( comp_cov->cdd_name ) + 1) ); data/covered-0.7.10/src/rank.c:352:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/rank.c:358:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/rank.c:1647:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( str, 30, "%" FMT64 "u", total_timesteps ); col1 = strlen( str ); data/covered-0.7.10/src/rank.c:1649:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = snprintf( str, 30, "%" FMT64 "u", ranked_timesteps ); col2 = strlen( str ); data/covered-0.7.10/src/rank.c:1821:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( rank_file, (strlen( rank_file ) + 1) ); data/covered-0.7.10/src/report.c:256:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( ptr=metrics; ptr<(metrics + strlen( metrics )); ptr++ ) { data/covered-0.7.10/src/report.c:420:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/report.c:426:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/report.c:762:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( file, (strlen( file ) + 1) ); data/covered-0.7.10/src/report.c:780:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( file, (strlen( file ) + 1) ); data/covered-0.7.10/src/report.c:981:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( word ) + curr_width) > line_width ) { data/covered-0.7.10/src/report.c:990:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( word[strlen(word)-1] == '.' ) { data/covered-0.7.10/src/report.c:993:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curr_width += strlen( word ) + 1; data/covered-0.7.10/src/report.c:999:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( msg_tcpy, (strlen( msg ) + 1) ); data/covered-0.7.10/src/report.c:1000:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( lead_sp, (strlen( lead_sp ) + 1) ); data/covered-0.7.10/src/report.c:1049:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( word ) + curr_width) > line_width ) { data/covered-0.7.10/src/report.c:1058:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( word[strlen(word)-1] == '.' ) { data/covered-0.7.10/src/report.c:1061:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curr_width += strlen( word ) + 1; data/covered-0.7.10/src/report.c:1067:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( msg_tcpy, (strlen( msg ) + 1) ); data/covered-0.7.10/src/report.c:1068:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( lead_sp, (strlen( lead_sp ) + 1) ); data/covered-0.7.10/src/report.c:1200:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( covered_home ) + 30; data/covered-0.7.10/src/report.c:1216:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( covered_home, (strlen( covered_home ) + 1) ); data/covered-0.7.10/src/report.c:1218:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( covered_browser, (strlen( covered_browser ) + 1) ); data/covered-0.7.10/src/report.c:1219:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( covered_version, (strlen( covered_version ) + 1) ); data/covered-0.7.10/src/report.c:1224:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( covered_home, (strlen( covered_home ) + 1) ); data/covered-0.7.10/src/report.c:1226:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( covered_browser, (strlen( covered_browser ) + 1) ); data/covered-0.7.10/src/report.c:1227:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( covered_version, (strlen( covered_version ) + 1) ); data/covered-0.7.10/src/report.c:1238:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( output_file, (strlen( output_file ) + 1) ); data/covered-0.7.10/src/report.c:1239:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( input_db, (strlen( input_db ) + 1) ); data/covered-0.7.10/src/scope.c:131:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scope = (char *)malloc_safe( strlen( name ) + 1 ); data/covered-0.7.10/src/scope.c:153:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:157:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:171:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( parm_name, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:175:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( parm_name, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:216:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scope = (char *)malloc_safe( strlen( name ) + 1 ); data/covered-0.7.10/src/scope.c:238:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:242:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( scope, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:268:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sig_name, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:272:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sig_name, (strlen( name ) + 1) ); data/covered-0.7.10/src/scope.c:340:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_len = strlen( scope ) + 1; data/covered-0.7.10/src/scope.c:383:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_len = strlen( scope ) + 1; data/covered-0.7.10/src/score.c:333:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( mod_name, (strlen( mod_name ) + 1) ); data/covered-0.7.10/src/score.c:334:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ext, (strlen( ext ) + 1) ); data/covered-0.7.10/src/score.c:339:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( mod_name, (strlen( vpi_file ) + 1) ); data/covered-0.7.10/src/score.c:340:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ext, (strlen( vpi_file ) + 1) ); data/covered-0.7.10/src/score.c:401:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( mod_name, (strlen( mod_name ) + 1) ); data/covered-0.7.10/src/score.c:402:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ext, (strlen( ext ) + 1) ); data/covered-0.7.10/src/score.c:407:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( mod_name, (strlen( dumpvars_file ) + 1) ); data/covered-0.7.10/src/score.c:408:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ext, (strlen( dumpvars_file ) + 1) ); data/covered-0.7.10/src/score.c:432:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mod_name = (char*)malloc_safe( strlen( tab_file ) + 5 ); data/covered-0.7.10/src/score.c:465:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( mod_name, (strlen( mod_name ) + 1) ); data/covered-0.7.10/src/score.c:466:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ext, (strlen( ext ) + 1) ); data/covered-0.7.10/src/score.c:471:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( mod_name, (strlen( tab_file ) + 5) ); data/covered-0.7.10/src/score.c:472:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ext, (strlen( tab_file ) + 1) ); data/covered-0.7.10/src/score.c:500:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( def ) + 1) ); data/covered-0.7.10/src/score.c:688:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/score.c:694:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( arg_list[j], (strlen( arg_list[j] ) + 1) ); data/covered-0.7.10/src/score.c:961:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( argv[i] ) + 1) ); data/covered-0.7.10/src/score.c:964:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( argv[i] ) + 1) ); data/covered-0.7.10/src/score.c:1060:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( argv[i][(strlen( argv[i] ) - 1)] == '1' ) { data/covered-0.7.10/src/score.c:1062:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if( argv[i][(strlen( argv[i] ) - 1)] == '2' ) { data/covered-0.7.10/src/score.c:1064:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if( argv[i][(strlen( argv[i] ) - 1)] == '3' ) { data/covered-0.7.10/src/score.c:1067:138: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int rv = snprintf( user_msg, USER_MSG_LENGTH, "Unknown generation value '%c'. Legal values are 1, 2 or 3.", argv[i][(strlen( argv[i] ) - 1)] ); data/covered-0.7.10/src/score.c:1072:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen( argv[i] ) == 1 ) { data/covered-0.7.10/src/score.c:1076:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( tmp[(strlen( tmp ) - 2)] == '=' ) { data/covered-0.7.10/src/score.c:1078:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[(strlen( tmp ) - 2)] = '\0'; data/covered-0.7.10/src/score.c:1273:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( output_db, (strlen( output_db ) + 1) ); data/covered-0.7.10/src/score.c:1274:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( dump_file, (strlen( dump_file ) + 1) ); data/covered-0.7.10/src/score.c:1275:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( vpi_file, (strlen( vpi_file ) + 1) ); data/covered-0.7.10/src/score.c:1276:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( dumpvars_file, (strlen( dumpvars_file ) + 1) ); data/covered-0.7.10/src/score.c:1277:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( top_module, (strlen( top_module ) + 1) ); data/covered-0.7.10/src/score.c:1278:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ppfilename, (strlen( ppfilename ) + 1) ); data/covered-0.7.10/src/score.c:1281:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( directive_filename, (strlen( directive_filename ) + 1) ); data/covered-0.7.10/src/score.c:1282:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( top_instance, (strlen( top_instance ) + 1) ); data/covered-0.7.10/src/score.c:1283:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( timescale, (strlen( timescale ) + 1) ); data/covered-0.7.10/src/score.c:1284:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pragma_coverage_name, (strlen( pragma_coverage_name ) + 1) ); data/covered-0.7.10/src/score.c:1285:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pragma_racecheck_name, (strlen( pragma_racecheck_name ) + 1) ); data/covered-0.7.10/src/search.c:305:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( tmp ) > 0) || (ext_index > 0) ) { data/covered-0.7.10/src/search.c:309:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gen_char_string( user_msg, ' ', (25 + (strlen( ext_list ) - strlen( tmp ))) ); data/covered-0.7.10/src/search.c:309:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gen_char_string( user_msg, ' ', (25 + (strlen( ext_list ) - strlen( tmp ))) ); data/covered-0.7.10/src/search.c:310:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( user_msg, "^" ); data/covered-0.7.10/src/struct_union.c:292:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( su->name, (strlen( su->name ) + 1) ); data/covered-0.7.10/src/symtable.c:309:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( value ) < curr->size ); /* Useful for debugging but not necessary */ data/covered-0.7.10/src/tcl_funcs.c:493:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reasons[i], (strlen( reasons[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:544:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reasons[i], (strlen( reasons[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:648:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sigl->sig->line - (start_line - 1)), (sigl->sig->suppl.part.col + ((int)strlen( sigl->sig->name ) - 1) + 15), data/covered-0.7.10/src/tcl_funcs.c:704:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sigl->sig->line - (start_line - 1)), (sigl->sig->suppl.part.col + ((int)strlen( sigl->sig->name ) - 1) + 15) ); data/covered-0.7.10/src/tcl_funcs.c:759:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sigl->sig->line - (start_line - 1)), (sigl->sig->suppl.part.col + ((int)strlen( sigl->sig->name ) - 1) + 15), data/covered-0.7.10/src/tcl_funcs.c:815:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sigl->sig->line - (start_line - 1)), (sigl->sig->suppl.part.col + ((int)strlen( sigl->sig->name ) - 1) + 15), data/covered-0.7.10/src/tcl_funcs.c:871:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = 20 + 1 + 20 + 1 + strlen( tog01 ) + 1 + strlen( tog10 ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 2 + 1; data/covered-0.7.10/src/tcl_funcs.c:871:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = 20 + 1 + 20 + 1 + strlen( tog01 ) + 1 + strlen( tog10 ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 2 + 1; data/covered-0.7.10/src/tcl_funcs.c:871:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = 20 + 1 + 20 + 1 + strlen( tog01 ) + 1 + strlen( tog10 ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 2 + 1; data/covered-0.7.10/src/tcl_funcs.c:879:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tog01, (strlen( tog01 ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:880:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tog10, (strlen( tog10 ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:881:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:893:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( signame, (strlen( signame ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:932:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( udim_str ) + 1 + strlen( pdim_str ) + 1 + strlen( pdim_array ) + 1 + strlen( memory_info ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 1; data/covered-0.7.10/src/tcl_funcs.c:932:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( udim_str ) + 1 + strlen( pdim_str ) + 1 + strlen( pdim_array ) + 1 + strlen( memory_info ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 1; data/covered-0.7.10/src/tcl_funcs.c:932:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( udim_str ) + 1 + strlen( pdim_str ) + 1 + strlen( pdim_array ) + 1 + strlen( memory_info ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 1; data/covered-0.7.10/src/tcl_funcs.c:932:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( udim_str ) + 1 + strlen( pdim_str ) + 1 + strlen( pdim_array ) + 1 + strlen( memory_info ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 1; data/covered-0.7.10/src/tcl_funcs.c:932:150: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( udim_str ) + 1 + strlen( pdim_str ) + 1 + strlen( pdim_array ) + 1 + strlen( memory_info ) + 1 + 20 + 1 + ((reason != NULL) ? strlen( reason ) : 0) + 1; data/covered-0.7.10/src/tcl_funcs.c:939:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pdim_str, (strlen( pdim_str ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:940:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pdim_array, (strlen( pdim_array ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:941:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( udim_str, (strlen( udim_str ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:942:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( memory_info, (strlen( memory_info ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:952:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( signame, (strlen( signame ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1116:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( code[i], (strlen( code[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1121:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ulines[i], (strlen( ulines[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1182:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( info[i], (strlen( info[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1228:120: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sigl->sig->line - (start_line - 1)), (sigl->sig->suppl.part.col + ((int)strlen( sigl->sig->name ) - 1) + 15), data/covered-0.7.10/src/tcl_funcs.c:1294:114: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sigl->sig->line - (start_line - 1)), (sigl->sig->suppl.part.col + ((int)strlen( sigl->sig->name ) - 1) + 15) ); data/covered-0.7.10/src/tcl_funcs.c:1376:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( total_fr_states[i], (strlen( total_fr_states[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1383:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( total_to_states[i], (strlen( total_to_states[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1390:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( hit_fr_states[i], (strlen( hit_fr_states[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1397:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( hit_to_states[i], (strlen( hit_to_states[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1405:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( total_from_arcs[i], (strlen( total_from_arcs[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1406:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( total_to_arcs[i], (strlen( total_to_arcs[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1407:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reasons[i], (strlen( reasons[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1419:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( hit_from_arcs[i], (strlen( hit_from_arcs[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1420:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( hit_to_arcs[i], (strlen( hit_to_arcs[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1429:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( input_state[i], (strlen( input_state[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1438:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( output_state[i], (strlen( output_state[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1484:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int str_size = strlen( inst_names[i] ) + 1 + 20 + 1; data/covered-0.7.10/src/tcl_funcs.c:1488:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( inst_names[i], (strlen( inst_names[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1541:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( inst_names[i], (strlen( inst_names[i] ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1596:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( assert_mod, (strlen( assert_mod ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1610:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( inst_name, (strlen( inst_name ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1646:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( ifile, (strlen( ifile ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:1734:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( filename, (strlen( filename ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2268:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( generation, "3" ); data/covered-0.7.10/src/tcl_funcs.c:2280:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strlen( arg->str2 ) == 1) && !mod_found ) { data/covered-0.7.10/src/tcl_funcs.c:2281:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). generation[0] = arg->str2[(strlen( arg->str2 ) - 1)]; data/covered-0.7.10/src/tcl_funcs.c:2282:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if( ((strlen( arg->str2 ) - 2) == strlen( funit_name )) && data/covered-0.7.10/src/tcl_funcs.c:2282:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if( ((strlen( arg->str2 ) - 2) == strlen( funit_name )) && data/covered-0.7.10/src/tcl_funcs.c:2283:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp( funit_name, arg->str2, strlen( funit_name ) ) == 0) ) { data/covered-0.7.10/src/tcl_funcs.c:2284:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). generation[0] = arg->str2[(strlen( arg->str2 ) - 1)]; data/covered-0.7.10/src/tcl_funcs.c:2296:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( funit_name, (strlen( funit_name ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2392:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2490:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sig_name, (strlen( sig_name ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2491:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2589:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sig_name, (strlen( sig_name ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2590:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2691:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2793:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( from_state, (strlen( from_state ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2794:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( to_state, (strlen( to_state ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2795:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2900:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( inst_name, (strlen( inst_name ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2901:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( reason, (strlen( reason ) + 1) ); data/covered-0.7.10/src/tcl_funcs.c:2981:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( output_file, (strlen( output_file ) + 1) ); data/covered-0.7.10/src/toggle.c:313:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/toggle.c:405:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/toggle.c:533:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/toggle.c:574:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/toggle.c:596:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( pname, (strlen( pname ) + 1) ); data/covered-0.7.10/src/tree.c:74:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr->value, (strlen( curr->value ) + 1) ); data/covered-0.7.10/src/tree.c:77:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( node->value, (strlen( node->value ) + 1) ); data/covered-0.7.10/src/tree.c:81:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( node->name, (strlen( node->name ) + 1) ); data/covered-0.7.10/src/tree.c:259:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( node->name, (strlen( node->name ) + 1) ); data/covered-0.7.10/src/tree.c:260:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( node->value, (strlen( node->value ) + 1) ); data/covered-0.7.10/src/tree.c:287:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( root->name, (strlen( root->name ) + 1) ); data/covered-0.7.10/src/tree.c:288:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( root->value, (strlen( root->value ) + 1) ); data/covered-0.7.10/src/util.c:318:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( ((option_index + 1) >= argc) || ((argv[option_index+1][0] == '-') && (strlen(argv[option_index+1]) > 1)) ) { data/covered-0.7.10/src/util.c:388:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool okay = (strlen( token ) > 0); /* Specifies if this token is a functional unit value or not */ data/covered-0.7.10/src/util.c:396:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while( (strlen( orig ) > 0) && okay ) { data/covered-0.7.10/src/util.c:406:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( orig, (strlen( token ) + 1) ); data/covered-0.7.10/src/util.c:407:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( rest, (strlen( token ) + 1) ); data/covered-0.7.10/src/util.c:408:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( front, (strlen( token ) + 1) ); data/covered-0.7.10/src/util.c:450:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = (str + strlen( str )) - 1; data/covered-0.7.10/src/util.c:481:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = (str + strlen( str )) - 1; data/covered-0.7.10/src/util.c:522:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* file = dir + strlen( dir ) + 1; data/covered-0.7.10/src/util.c:532:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( cwd ) + strlen( file ) + 2; data/covered-0.7.10/src/util.c:532:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( cwd ) + strlen( file ) + 2; data/covered-0.7.10/src/util.c:546:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( this_cwd ) + strlen( filename ) + 2; data/covered-0.7.10/src/util.c:546:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( this_cwd ) + strlen( filename ) + 2; data/covered-0.7.10/src/util.c:555:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmp, (strlen( filename ) + 1) ); data/covered-0.7.10/src/util.c:584:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while( (i < strlen( cwd )) && (i < strlen( abs_path )) && (abs_path[i] == cwd[i]) ) i++; data/covered-0.7.10/src/util.c:584:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while( (i < strlen( cwd )) && (i < strlen( abs_path )) && (abs_path[i] == cwd[i]) ) i++; data/covered-0.7.10/src/util.c:587:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( i < strlen( abs_path ) ); data/covered-0.7.10/src/util.c:593:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( i == strlen( cwd ) ) { data/covered-0.7.10/src/util.c:613:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( ; i<strlen( cwd ); i++ ) { data/covered-0.7.10/src/util.c:697:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = dirp->d_name + strlen( dirp->d_name ) - 1; data/covered-0.7.10/src/util.c:711:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpchars = strlen( dirp->d_name ) + strlen( dir ) + 2; data/covered-0.7.10/src/util.c:711:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpchars = strlen( dirp->d_name ) + strlen( dir ) + 2; data/covered-0.7.10/src/util.c:719:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( tmpfile, (strlen( tmpfile ) + 1) ); data/covered-0.7.10/src/util.c:781:39: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( !feof( file ) && ((c = (char)fgetc( file )) != '\n') ) { data/covered-0.7.10/src/util.c:821:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( ((c[i] = getc( file )) != EOF) && isspace( c[i] ) ) i++; data/covered-0.7.10/src/util.c:827:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while( ((line[i] = getc( file )) != EOF) && (line[i] != '"') ) i++; data/covered-0.7.10/src/util.c:879:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newvalue = (char*)realloc_safe( newvalue, (strlen( newvalue ) + 1), (newvalue_index + strlen( env_value ) + 1) ); data/covered-0.7.10/src/util.c:879:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newvalue = (char*)realloc_safe( newvalue, (strlen( newvalue ) + 1), (newvalue_index + strlen( env_value ) + 1) ); data/covered-0.7.10/src/util.c:881:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newvalue_index += strlen( env_value ); data/covered-0.7.10/src/util.c:895:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newvalue = (char*)realloc_safe( newvalue, (strlen( newvalue ) + 1), (newvalue_index + 2) ); data/covered-0.7.10/src/util.c:904:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( newvalue, (strlen( newvalue ) + 1) ); data/covered-0.7.10/src/util.c:944:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( front, scope, (ptr - scope) ); data/covered-0.7.10/src/util.c:949:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( rest, ptr, (strlen( scope ) - (ptr - scope)) ); data/covered-0.7.10/src/util.c:949:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy( rest, ptr, (strlen( scope ) - (ptr - scope)) ); data/covered-0.7.10/src/util.c:950:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rest[ (strlen( scope ) - (ptr - scope)) ] = '\0'; data/covered-0.7.10/src/util.c:973:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = scope + strlen( scope ) - 1; data/covered-0.7.10/src/util.c:989:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( rest, scope, (ptr - scope) ); data/covered-0.7.10/src/util.c:996:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( back, ptr, ((strlen( scope ) + scope) - ptr) ); data/covered-0.7.10/src/util.c:996:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy( back, ptr, ((strlen( scope ) + scope) - ptr) ); data/covered-0.7.10/src/util.c:997:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). back[ ((strlen( scope ) + scope) - ptr) ] = '\0'; data/covered-0.7.10/src/util.c:1017:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strncmp( scope, front, strlen( front ) ) == 0) && (strlen( scope ) > strlen( front )) ) { data/covered-0.7.10/src/util.c:1017:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strncmp( scope, front, strlen( front ) ) == 0) && (strlen( scope ) > strlen( front )) ) { data/covered-0.7.10/src/util.c:1017:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (strncmp( scope, front, strlen( front ) ) == 0) && (strlen( scope ) > strlen( front )) ) { data/covered-0.7.10/src/util.c:1018:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy( back, (scope + strlen( front ) + 1) ); data/covered-0.7.10/src/util.c:1037:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( obf_sig( str ) ) < 4096 ); data/covered-0.7.10/src/util.c:1076:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( new_str1, (strlen( new_str1 ) + 1) ); data/covered-0.7.10/src/util.c:1077:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( new_str2, (strlen( new_str2 ) + 1) ); data/covered-0.7.10/src/util.c:1139:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = fname + strlen( fname ); data/covered-0.7.10/src/util.c:1348:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int str_len = strlen( str ) + 1; data/covered-0.7.10/src/util.c:1488:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=0; i<strlen( str ); i++ ) { data/covered-0.7.10/src/vcd.c:92:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( type ) <= 256 ); data/covered-0.7.10/src/vcd.c:93:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( ref ) <= 256 ); data/covered-0.7.10/src/vcd.c:94:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( tmp ) <= 15 ); data/covered-0.7.10/src/vcd.c:95:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( id_code ) <= 256 ); data/covered-0.7.10/src/vcd.c:180:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( type ) <= 256 ); data/covered-0.7.10/src/vcd.c:181:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen( id ) <= 256 ); data/covered-0.7.10/src/vcd.c:359:27: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. while( !feof( vcd ) && (fscanf( vcd, "%4099s%n", token, &chars_read ) == 1) && simulate ) { data/covered-0.7.10/src/vector.c:564:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( *line ); data/covered-0.7.10/src/vector.c:602:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen( *line ); data/covered-0.7.10/src/vector.c:2711:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* ptr = str + (strlen( str ) - 1); /* Pointer to current character evaluating */ data/covered-0.7.10/src/vector.c:2973:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( width_str ) + 2 + strlen( tmp ) + 1 + vec->suppl.part.is_signed; data/covered-0.7.10/src/vector.c:2973:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_size = strlen( width_str ) + 2 + strlen( tmp ) + 1 + vec->suppl.part.is_signed; data/covered-0.7.10/src/vector.c:3001:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int width = ((vec->width >> 3) < strlen( str )) ? (vec->width >> 3) : strlen( str ); data/covered-0.7.10/src/vector.c:3001:82: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int width = ((vec->width >> 3) < strlen( str )) ? (vec->width >> 3) : strlen( str ); data/covered-0.7.10/src/vector.c:3036:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen( *str ) * 8; data/covered-0.7.10/src/vector.c:3058:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i=(strlen( *str ) - 1); i>=0; i-- ) { data/covered-0.7.10/src/vector.c:3067:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int slen = strlen( *str ); data/covered-0.7.10/src/vector.c:3195:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = (value + strlen( value )) - 1; data/covered-0.7.10/src/vector.c:5309:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( vec->value.r64->str, (strlen( vec->value.r64->str ) + 1) ); data/covered-0.7.10/src/vector.c:5313:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( vec->value.r32->str, (strlen( vec->value.r32->str ) + 1) ); data/covered-0.7.10/src/vpi.c:166:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sval->sym, (strlen( sval->sym ) + 1) ); data/covered-0.7.10/src/vpi.c:167:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sval->value, (strlen( sval->value ) + 1) ); data/covered-0.7.10/src/vpi.c:340:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr_inst_scope[i], (strlen( curr_inst_scope[i] ) + 1) ); data/covered-0.7.10/src/vpi.c:538:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr_inst_scope[0], (strlen( curr_inst_scope[0] ) + 1) ); data/covered-0.7.10/src/vpi.c:686:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( curr_inst_scope[0], (strlen( curr_inst_scope[0] ) + 1) ); data/covered-0.7.10/src/vsignal.c:763:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). free_safe( sig->name, (strlen( sig->name ) + 1) ); ANALYSIS SUMMARY: Hits = 1328 Lines analyzed = 79494 in approximately 2.52 seconds (31558 lines/second) Physical Source Lines of Code (SLOC) = 48816 Hits@level = [0] 1714 [1] 677 [2] 497 [3] 6 [4] 148 [5] 0 Hits@level+ = [0+] 3042 [1+] 1328 [2+] 651 [3+] 154 [4+] 148 [5+] 0 Hits/KSLOC@level+ = [0+] 62.3156 [1+] 27.2042 [2+] 13.3358 [3+] 3.1547 [4+] 3.03179 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.