Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cups-filters-1.28.5/utils/cups-browsed.c
Examining data/cups-filters-1.28.5/utils/driverless.c
Examining data/cups-filters-1.28.5/fontembed/embed_sfnt_int.h
Examining data/cups-filters-1.28.5/fontembed/test_ps.c
Examining data/cups-filters-1.28.5/fontembed/fontfile.h
Examining data/cups-filters-1.28.5/fontembed/sfnt.c
Examining data/cups-filters-1.28.5/fontembed/dynstring.h
Examining data/cups-filters-1.28.5/fontembed/embed_sfnt.c
Examining data/cups-filters-1.28.5/fontembed/embed_pdf.h
Examining data/cups-filters-1.28.5/fontembed/dynstring.c
Examining data/cups-filters-1.28.5/fontembed/iofn.h
Examining data/cups-filters-1.28.5/fontembed/bitset.h
Examining data/cups-filters-1.28.5/fontembed/sfnt_subset.c
Examining data/cups-filters-1.28.5/fontembed/frequent.h
Examining data/cups-filters-1.28.5/fontembed/fontfile.c
Examining data/cups-filters-1.28.5/fontembed/embed.h
Examining data/cups-filters-1.28.5/fontembed/embed_pdf_int.h
Examining data/cups-filters-1.28.5/fontembed/main.c
Examining data/cups-filters-1.28.5/fontembed/sfnt.h
Examining data/cups-filters-1.28.5/fontembed/frequent.c
Examining data/cups-filters-1.28.5/fontembed/embed_pdf.c
Examining data/cups-filters-1.28.5/fontembed/embed.c
Examining data/cups-filters-1.28.5/fontembed/aglfn13.c
Examining data/cups-filters-1.28.5/fontembed/test_analyze.c
Examining data/cups-filters-1.28.5/fontembed/test_pdf.c
Examining data/cups-filters-1.28.5/fontembed/sfnt_int.h
Examining data/cups-filters-1.28.5/fontembed/macroman.h
Examining data/cups-filters-1.28.5/scripting/php/phpcups.c
Examining data/cups-filters-1.28.5/scripting/php/phpcups.h
Examining data/cups-filters-1.28.5/backend/serial.c
Examining data/cups-filters-1.28.5/backend/implicitclass.c
Examining data/cups-filters-1.28.5/backend/test1284.c
Examining data/cups-filters-1.28.5/backend/parallel.c
Examining data/cups-filters-1.28.5/backend/ieee1284.c
Examining data/cups-filters-1.28.5/backend/beh.c
Examining data/cups-filters-1.28.5/backend/backend-private.h
Examining data/cups-filters-1.28.5/backend/cups-brf.c
Examining data/cups-filters-1.28.5/cupsfilters/image-pix.c
Examining data/cups-filters-1.28.5/cupsfilters/image-tiff.c
Examining data/cups-filters-1.28.5/cupsfilters/testrgb.c
Examining data/cups-filters-1.28.5/cupsfilters/dither.c
Examining data/cups-filters-1.28.5/cupsfilters/ppdgenerator.h
Examining data/cups-filters-1.28.5/cupsfilters/rgb.c
Examining data/cups-filters-1.28.5/cupsfilters/image-pnm.c
Examining data/cups-filters-1.28.5/cupsfilters/testcmyk.c
Examining data/cups-filters-1.28.5/cupsfilters/image.h
Examining data/cups-filters-1.28.5/cupsfilters/image-sgi.c
Examining data/cups-filters-1.28.5/cupsfilters/ipp.h
Examining data/cups-filters-1.28.5/cupsfilters/srgb.c
Examining data/cups-filters-1.28.5/cupsfilters/colormanager.h
Examining data/cups-filters-1.28.5/cupsfilters/check.c
Examining data/cups-filters-1.28.5/cupsfilters/driver.h
Examining data/cups-filters-1.28.5/cupsfilters/lut.c
Examining data/cups-filters-1.28.5/cupsfilters/testdither.c
Examining data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.h
Examining data/cups-filters-1.28.5/cupsfilters/image-sun.c
Examining data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c
Examining data/cups-filters-1.28.5/cupsfilters/attr.c
Examining data/cups-filters-1.28.5/cupsfilters/image-zoom.c
Examining data/cups-filters-1.28.5/cupsfilters/image-png.c
Examining data/cups-filters-1.28.5/cupsfilters/pack.c
Examining data/cups-filters-1.28.5/cupsfilters/cmyk.c
Examining data/cups-filters-1.28.5/cupsfilters/testimage.c
Examining data/cups-filters-1.28.5/cupsfilters/image-colorspace.c
Examining data/cups-filters-1.28.5/cupsfilters/image-photocd.c
Examining data/cups-filters-1.28.5/cupsfilters/kmdevices.cpp
Examining data/cups-filters-1.28.5/cupsfilters/image-sgilib.c
Examining data/cups-filters-1.28.5/cupsfilters/image-sgi.h
Examining data/cups-filters-1.28.5/cupsfilters/kmdevices.h
Examining data/cups-filters-1.28.5/cupsfilters/colormanager.c
Examining data/cups-filters-1.28.5/cupsfilters/ipp.c
Examining data/cups-filters-1.28.5/cupsfilters/raster.c
Examining data/cups-filters-1.28.5/cupsfilters/image-jpeg.c
Examining data/cups-filters-1.28.5/cupsfilters/colord.h
Examining data/cups-filters-1.28.5/cupsfilters/image-private.h
Examining data/cups-filters-1.28.5/cupsfilters/image.c
Examining data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c
Examining data/cups-filters-1.28.5/cupsfilters/image-gif.c
Examining data/cups-filters-1.28.5/cupsfilters/image-bmp.c
Examining data/cups-filters-1.28.5/cupsfilters/colord.c
Examining data/cups-filters-1.28.5/cupsfilters/testdriver.c
Examining data/cups-filters-1.28.5/cupsfilters/raster.h
Examining data/cups-filters-1.28.5/filter/pcl-common.h
Examining data/cups-filters-1.28.5/filter/test_pdf1.c
Examining data/cups-filters-1.28.5/filter/rastertops.c
Examining data/cups-filters-1.28.5/filter/mupdftoraster.c
Examining data/cups-filters-1.28.5/filter/texttopdf.c
Examining data/cups-filters-1.28.5/filter/unirast.h
Examining data/cups-filters-1.28.5/filter/pcl-common.c
Examining data/cups-filters-1.28.5/filter/rastertopdf.cpp
Examining data/cups-filters-1.28.5/filter/urftopdf.cpp
Examining data/cups-filters-1.28.5/filter/braille/drivers/index/ubrlto4dot.c
Examining data/cups-filters-1.28.5/filter/gstoraster.c
Examining data/cups-filters-1.28.5/filter/rastertopclx.c
Examining data/cups-filters-1.28.5/filter/pcl.h
Examining data/cups-filters-1.28.5/filter/pdf.cxx
Examining data/cups-filters-1.28.5/filter/test_pdf2.c
Examining data/cups-filters-1.28.5/filter/strcasestr.c
Examining data/cups-filters-1.28.5/filter/common.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/renderer.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/postscript.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/process.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/spooler.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/util.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/options.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/process.c
Examining data/cups-filters-1.28.5/filter/foomatic-rip/options.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/pdf.h
Examining data/cups-filters-1.28.5/filter/foomatic-rip/util.h
Examining data/cups-filters-1.28.5/filter/commandtoescpx.c
Examining data/cups-filters-1.28.5/filter/commandtopclx.c
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_tools.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_pdftopdf.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/nup.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/intervalset.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/nup.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_processor.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_xobject.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/intervalset.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_pdftopdf_processor.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_tools.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_cm.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_processor.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_pdftopdf.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/pptypes.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_pdftopdf_processor.cc
Examining data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_xobject.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/pptypes.h
Examining data/cups-filters-1.28.5/filter/pdftopdf/qpdf_cm.cc
Examining data/cups-filters-1.28.5/filter/sys5ippprinter.c
Examining data/cups-filters-1.28.5/filter/imagetopdf.c
Examining data/cups-filters-1.28.5/filter/banner.c
Examining data/cups-filters-1.28.5/filter/textcommon.h
Examining data/cups-filters-1.28.5/filter/pdftops.c
Examining data/cups-filters-1.28.5/filter/getline.c
Examining data/cups-filters-1.28.5/filter/texttotext.c
Examining data/cups-filters-1.28.5/filter/bannertopdf.c
Examining data/cups-filters-1.28.5/filter/common.c
Examining data/cups-filters-1.28.5/filter/pdfutils.c
Examining data/cups-filters-1.28.5/filter/banner.h
Examining data/cups-filters-1.28.5/filter/textcommon.c
Examining data/cups-filters-1.28.5/filter/pdfutils.h
Examining data/cups-filters-1.28.5/filter/imagetoraster.c
Examining data/cups-filters-1.28.5/filter/escp.h
Examining data/cups-filters-1.28.5/filter/rastertoescpx.c
Examining data/cups-filters-1.28.5/filter/pdf.h
Examining data/cups-filters-1.28.5/filter/pdftoraster.cxx
FINAL RESULTS:
data/cups-filters-1.28.5/utils/driverless.c:289:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(value, ",PDF", sizeof(value));
data/cups-filters-1.28.5/utils/driverless.c:291:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(value, ",PCLM", sizeof(value));
data/cups-filters-1.28.5/utils/driverless.c:293:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(value, ",PS", sizeof(value));
data/cups-filters-1.28.5/utils/driverless.c:295:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(value, ",PCL", sizeof(value));
data/cups-filters-1.28.5/utils/driverless.c:297:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(value, ",PWGRaster", sizeof(value));
data/cups-filters-1.28.5/utils/driverless.c:299:4: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(value, ",AppleRaster", sizeof(value));
data/cups-filters-1.28.5/backend/beh.c:262:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
retval = system(cmdline) >> 8;
data/cups-filters-1.28.5/backend/implicitclass.c:312:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argv_nt[0], printer_uri);
data/cups-filters-1.28.5/backend/implicitclass.c:319:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argv_nt[5], (const char*)argv[5]);
data/cups-filters-1.28.5/backend/implicitclass.c:396:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(buf, argv_nt);
data/cups-filters-1.28.5/backend/parallel.c:397:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("/dev/parallel/", 0))
data/cups-filters-1.28.5/backend/parallel.c:399:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access("/dev/printers/", 0))
data/cups-filters-1.28.5/backend/parallel.c:410:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(device, "%s%d", basedevice, i);
data/cups-filters-1.28.5/backend/parallel.c:450:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/backend/parallel.c:458:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/backend/parallel.c:467:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/backend/parallel.c:479:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/backend/parallel.c:498:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/backend/serial.c:905:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(device, 0))
data/cups-filters-1.28.5/backend/serial.c:924:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/backend/serial.c:943:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(device, 0) == 0)
data/cups-filters-1.28.5/cupsfilters/colormanager.c:338:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(full_path, 0)) {
data/cups-filters-1.28.5/cupsfilters/ipp.c:63:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(log + strlen(log),
data/cups-filters-1.28.5/cupsfilters/ipp.c:521:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_IPPFIND, ippfind_argv);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:255:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argv_nt[5], (const char*)argv[5]);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:287:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstoraster") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:312:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstoraster") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:349:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(CUPS_GHOSTSCRIPT, X_OK) != 0) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:355:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access(CUPS_POPPLER_PDFTOPS, X_OK) != 0) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:374:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstopxl") && access(CUPS_GHOSTSCRIPT, X_OK) == 0) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:393:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstoraster") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:421:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstopxl") && access(CUPS_GHOSTSCRIPT, X_OK) == 0) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:488:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstoraster") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:575:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filter_path, X_OK) == 0)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:664:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(filter, argv);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:453:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(catalogpath, R_OK) == 0) {
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:500:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(catalogpath, R_OK) != 0)
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2046:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filter_path, X_OK) == 0) {
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2198:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdname, default_pagesize);
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:149:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%d.pgm", basename, i);
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:155:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.ppm", basename);
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:327:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%d.pgm", basename, i);
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:333:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.ppm", basename);
data/cups-filters-1.28.5/cupsfilters/testrgb.c:137:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%d.pgm", basename, i);
data/cups-filters-1.28.5/cupsfilters/testrgb.c:143:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.ppm", basename);
data/cups-filters-1.28.5/cupsfilters/testrgb.c:267:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%d.pgm", basename, i);
data/cups-filters-1.28.5/cupsfilters/testrgb.c:273:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.ppm", basename);
data/cups-filters-1.28.5/filter/banner.c:119:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%s/%s", BANNERTOPDF_DATADIR, name);
data/cups-filters-1.28.5/filter/banner.c:122:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%s/data/%s", datadir, name);
data/cups-filters-1.28.5/filter/bannertopdf.c:184:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(s, valuefmt, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:55:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logh, msg, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:834:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s-log-XXXXXX", LOG_FILE);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:837:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s-XXXXXX.log", LOG_FILE);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:965:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access(p, R_OK) != 0) {
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1028:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, X_OK) == 0) {
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1054:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, X_OK) == 0) {
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:364:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt->varname, opt->name);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:2028:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s=%s %%Y", opt->name, userval);
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:55:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *pd = popen(gscommand, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:147:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *pd = popen(gscommand, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:179:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *pd = popen(gscommand, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/process.c:186:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(get_modern_shell(), get_modern_shell(), "-e", "-c", (const char *)cmd, (char *)NULL);
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:49:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *pd = popen(gstestcommand, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:78:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(job->id, cups_jobid);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:79:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(job->title, cups_jobtitle);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:80:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(job->user, cups_user);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:81:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(job->copies, cups_copies);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:112:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(job->ppdfile, job->printer);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:113:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:117:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:120:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:123:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:126:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:129:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:132:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(job->ppdfile, R_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:47:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dirs[i], W_OK) == 0) {
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:317:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(progname, X_OK) == 0)
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:326:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filepath, X_OK) == 0) {
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:617:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ds->data, src);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:657:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
srclen = vsnprintf(ds->data, ds->alloc, src, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:667:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(ds->data, ds->alloc, src, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:707:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
srclen = vsnprintf(&ds->data[ds->len], restlen, src, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:718:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
srclen = vsnprintf(&ds->data[ds->len], restlen, src, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:803:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ds->data, str);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:804:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ds->data, ©[idx]);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:816:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(NULL, 0, str, ap);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:821:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(strf, len +1, str, ap);
data/cups-filters-1.28.5/filter/gstoraster.c:560:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(full_path, 0)) {
data/cups-filters-1.28.5/filter/gstoraster.c:739:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *pd = popen(gscommand, "r");
data/cups-filters-1.28.5/filter/imagetopdf.c:537:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(linebuf,LINEBUFSIZE,
data/cups-filters-1.28.5/filter/imagetopdf.c:1168:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(linebuf,LINEBUFSIZE,
data/cups-filters-1.28.5/filter/imagetopdf.c:1171:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(linebuf) != 0) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:35:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt,ap);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1008:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(filename, sub_process_argv);
data/cups-filters-1.28.5/filter/pdftopdf/qpdf_pdftopdf_processor.cc:459:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt,ap);
data/cups-filters-1.28.5/filter/pdftops.c:1082:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_POPPLER_PDFTOPS, pdf_argv);
data/cups-filters-1.28.5/filter/pdftops.c:1087:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_GHOSTSCRIPT, pdf_argv);
data/cups-filters-1.28.5/filter/pdftops.c:1092:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_POPPLER_PDFTOCAIRO, pdf_argv);
data/cups-filters-1.28.5/filter/pdftops.c:1107:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_ACROREAD, pdf_argv);
data/cups-filters-1.28.5/filter/pdftops.c:1112:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_MUTOOL, pdf_argv);
data/cups-filters-1.28.5/filter/pdftops.c:1487:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(pstops_path, pstops_argv);
data/cups-filters-1.28.5/filter/pdfutils.c:26:7: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
len=vprintf(fmt,ap);
data/cups-filters-1.28.5/filter/pdfutils.h:45:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/cups-filters-1.28.5/filter/rastertopclx.c:921:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(attr->value, Page);
data/cups-filters-1.28.5/filter/rastertopdf.cpp:91:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dprintf(format, ...) fprintf(stderr, "DEBUG2: (" PROGRAM ") " format, __VA_ARGS__)
data/cups-filters-1.28.5/filter/rastertopdf.cpp:93:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define iprintf(format, ...) fprintf(stderr, "INFO: (" PROGRAM ") " format, __VA_ARGS__)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:214:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argv_nt[5], (const char*)argv[5]);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:273:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstoraster") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:305:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(CUPS_GHOSTSCRIPT, X_OK) != 0)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:312:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (access(CUPS_POPPLER_PDFTOPS, X_OK) != 0)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:336:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstopxl") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:416:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (filter_present("gstoraster") && access(CUPS_GHOSTSCRIPT, X_OK) == 0)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:501:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filter_path, X_OK) == 0)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:600:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(filter, argv);
data/cups-filters-1.28.5/filter/urftopdf.cpp:49:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dprintf(format, ...) fprintf(stderr, "DEBUG: (" PROGRAM ") " format, __VA_ARGS__)
data/cups-filters-1.28.5/filter/urftopdf.cpp:54:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define iprintf(format, ...) fprintf(stderr, "INFO: (" PROGRAM ") " format, __VA_ARGS__)
data/cups-filters-1.28.5/fontembed/dynstring.c:75:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
need=vsnprintf(ds->buf+ds->len,ds->alloc-ds->len+1,fmt,va);
data/cups-filters-1.28.5/fontembed/dynstring.h:13:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/cups-filters-1.28.5/fontembed/embed_pdf.c:130:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->fontname+7,fontname);
data/cups-filters-1.28.5/fontembed/embed_pdf.c:133:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->fontname,fontname);
data/cups-filters-1.28.5/fontembed/embed_pdf.c:138:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->registry,cid_registry);
data/cups-filters-1.28.5/fontembed/embed_pdf.c:142:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->ordering,cid_ordering);
data/cups-filters-1.28.5/utils/cups-browsed.c:752:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, arglist);
data/cups-filters-1.28.5/utils/cups-browsed.c:759:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(lfp, format, arglist);
data/cups-filters-1.28.5/utils/cups-browsed.c:884:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy->media_source,data->media_source);
data/cups-filters-1.28.5/utils/cups-browsed.c:888:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy->media_type,data->media_type);
data/cups-filters-1.28.5/utils/cups-browsed.c:915:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy->pagesize,prev->pagesize);
data/cups-filters-1.28.5/utils/cups-browsed.c:1938:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->media_type, media_type);
data/cups-filters-1.28.5/utils/cups-browsed.c:1947:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->media_source, media_source);
data/cups-filters-1.28.5/utils/cups-browsed.c:2081:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdsizename, size->media);
data/cups-filters-1.28.5/utils/cups-browsed.c:2632:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(borderless_pagesize, option1);
data/cups-filters-1.28.5/utils/cups-browsed.c:2633:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(borderless_pagesize, t);
data/cups-filters-1.28.5/utils/cups-browsed.c:2643:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(borderless_pagesize, option2);
data/cups-filters-1.28.5/utils/cups-browsed.c:2644:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(borderless_pagesize, t);
data/cups-filters-1.28.5/utils/cups-browsed.c:2719:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pagesize, size->media);
data/cups-filters-1.28.5/utils/cups-browsed.c:2778:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdsizename, size->media);
data/cups-filters-1.28.5/utils/cups-browsed.c:2830:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(constraint, "*UIConstraints: *%s %s *%s %s\n",
data/cups-filters-1.28.5/utils/cups-browsed.c:2836:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(constraint, "*UIConstraints: *%s %s *%s %s\n",
data/cups-filters-1.28.5/utils/cups-browsed.c:2883:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(printer_make_and_model, cluster_name);
data/cups-filters-1.28.5/utils/cups-browsed.c:3010:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(default_pagesize, ppdname);
data/cups-filters-1.28.5/utils/cups-browsed.c:3049:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->media_type, media_type);
data/cups-filters-1.28.5/utils/cups-browsed.c:3057:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->media_type, AUTO_OPTION);
data/cups-filters-1.28.5/utils/cups-browsed.c:3070:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->media_source, media_source);
data/cups-filters-1.28.5/utils/cups-browsed.c:3078:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp->media_source, AUTO_OPTION);
data/cups-filters-1.28.5/utils/cups-browsed.c:5462:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = fscanf(fp, "%s", p);
data/cups-filters-1.28.5/utils/cups-browsed.c:5476:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), save_options_file,
data/cups-filters-1.28.5/utils/cups-browsed.c:5578:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), save_options_file,
data/cups-filters-1.28.5/utils/cups-browsed.c:5698:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), save_options_file,
data/cups-filters-1.28.5/utils/cups-browsed.c:5894:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(backup_queue_name, "%s@%s", queue_name, remote_host);
data/cups-filters-1.28.5/utils/cups-browsed.c:10094:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(adminurl_value, "http://%s", host_name);
data/cups-filters-1.28.5/utils/cups-browsed.c:11289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpFilter, LDAP_BROWSE_FILTER);
data/cups-filters-1.28.5/utils/driverless.c:511:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(CUPS_IPPFIND, ippfind_argv);
data/cups-filters-1.28.5/backend/beh.c:96:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uri = getenv("DEVICE_URI");
data/cups-filters-1.28.5/backend/beh.c:143:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv("TMPDIR");
data/cups-filters-1.28.5/backend/beh.c:231:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/backend/implicitclass.c:136:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((device_uri = getenv("DEVICE_URI")) == NULL) {
data/cups-filters-1.28.5/backend/implicitclass.c:390:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
serverbin = getenv("CUPS_SERVERBIN");
data/cups-filters-1.28.5/backend/parallel.c:185:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-filters-1.28.5/backend/serial.c:203:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-filters-1.28.5/cupsfilters/image.c:575:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cache_env = getenv("RIP_MAX_CACHE")) != NULL)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:569:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:731:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:529:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((catalog = _searchDirForCatalog(getenv("CUPS_LOCALEDIR"))) != NULL)
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:533:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((c = getenv("CUPS_DATADIR")) == NULL)
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2042:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/filter/banner.c:117:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL) {
data/cups-filters-1.28.5/filter/bannertopdf.c:280:40: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
opt = add_opt(opt, "printer-name", getenv("PRINTER"));
data/cups-filters-1.28.5/filter/bannertopdf.c:283:40: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
opt = add_opt(opt, "printer-info", getenv("PRINTER_INFO"));
data/cups-filters-1.28.5/filter/bannertopdf.c:428:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
info_linef(s, "Job ID", "%s-%s", getenv("PRINTER"), jobid);
data/cups-filters-1.28.5/filter/bannertopdf.c:453:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
info_line(s, "Description", getenv("PRINTER_INFO"));
data/cups-filters-1.28.5/filter/bannertopdf.c:456:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
info_line(s, "Printer Location", getenv("PRINTER_LOCATION"));
data/cups-filters-1.28.5/filter/bannertopdf.c:462:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
info_line(s, "Printer", getenv("PRINTER"));
data/cups-filters-1.28.5/filter/bannertopdf.c:547:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/bannertopdf.c:549:64: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stderr, "DEBUG: Could not open PPD file '%s'\n", getenv("PPD"));
data/cups-filters-1.28.5/filter/commandtoescpx.c:65:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL)
data/cups-filters-1.28.5/filter/commandtopclx.c:65:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL)
data/cups-filters-1.28.5/filter/common.c:67:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/common.c:422:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((classification = getenv("CLASSIFICATION")) == NULL)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:816:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((str = getenv("CUPS_SERVERROOT")) != NULL) {
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:869:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PPD")) {
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:870:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(job->ppdfile, getenv("PPD"), sizeof(job->ppdfile) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:871:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen(getenv("PPD")) > 2047)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:874:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CUPS_SERVERBIN")) {
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:875:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"),
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:877:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strlen(getenv("CUPS_SERVERBIN")) > PATH_MAX-1)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:883:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1070:42: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cmGetPrinterIccProfile(getenv("PRINTER"),
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1133:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("GS_LIB"))
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1134:64: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
_log("Ghostscript extra search path ('GS_LIB'): %s\n", getenv("GS_LIB"));
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:53:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CUPS_FONTPATH"))
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:54:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(path, getenv("CUPS_FONTPATH"), PATH_MAX - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:55:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("CUPS_DATADIR")) {
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:56:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(path, getenv("CUPS_DATADIR"), PATH_MAX - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:59:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("GS_LIB")) {
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:61:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncat(path, getenv("GS_LIB"), PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:97:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pname = getenv("PRINTER");
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:201:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strlcpy(user_default_path, getenv("HOME"), 256);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:43:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *dirs[] = { getenv("TMPDIR"), P_tmpdir, "/tmp" };
data/cups-filters-1.28.5/filter/gstoraster.c:540:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-filters-1.28.5/filter/gstoraster.c:629:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
outformat_env = getenv("OUTFORMAT");
data/cups-filters-1.28.5/filter/gstoraster.c:649:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
t = getenv("PPD");
data/cups-filters-1.28.5/filter/gstoraster.c:776:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/gstoraster.c:779:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cmGetPrinterIccProfile(getenv("PRINTER"), &icc_profile, ppd);
data/cups-filters-1.28.5/filter/gstoraster.c:859:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
t = getenv("FINAL_CONTENT_TYPE");
data/cups-filters-1.28.5/filter/gstoraster.c:949:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((t = getenv("CUPS_FONTPATH")) == NULL)
data/cups-filters-1.28.5/filter/imagetoraster.c:420:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/mupdftoraster.c:271:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
t = getenv("PPD");
data/cups-filters-1.28.5/filter/mupdftoraster.c:330:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/mupdftoraster.c:333:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cmGetPrinterIccProfile(getenv("PRINTER"), &icc_profile, ppd);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:512:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *classification = getenv("CLASSIFICATION");
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:680:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *final_content_type = getenv("FINAL_CONTENT_TYPE");
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:825:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *final_content_type = getenv("FINAL_CONTENT_TYPE");
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1104:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd=ppdOpenFile(getenv("PPD")); // getenv (and thus ppd) may be null. This will not cause problems.
data/cups-filters-1.28.5/filter/pdftops.c:442:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/pdftops.c:539:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/filter/pdftoraster.cxx:349:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
t = getenv("FINAL_CONTENT_TYPE");
data/cups-filters-1.28.5/filter/pdftoraster.cxx:354:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/pdftoraster.cxx:432:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/pdftoraster.cxx:435:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cmGetPrinterIccProfile(getenv("PRINTER"), &profile, ppd);
data/cups-filters-1.28.5/filter/rastertoescpx.c:1786:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/rastertopclx.c:352:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/rastertopclx.c:1834:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1333:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((outformat_env = getenv("OUTFORMAT")) == NULL || strcasestr(outformat_env, "pdf"))
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1358:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cm_disabled = cmIsPrinterCmDisabled(getenv("PRINTER"));
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1361:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/rastertops.c:398:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/filter/sys5ippprinter.c:239:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (filter_present("rastertopdf") && (val = getenv("CONTENT_TYPE")) != NULL &&
data/cups-filters-1.28.5/filter/sys5ippprinter.c:243:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(val = getenv("CONTENT_TYPE")) != NULL &&
data/cups-filters-1.28.5/filter/sys5ippprinter.c:495:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:670:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/filter/textcommon.c:558:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv("CONTENT_TYPE")) == NULL)
data/cups-filters-1.28.5/filter/textcommon.c:708:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
WriteProlog(argv[3], argv[2], getenv("CLASSIFICATION"),
data/cups-filters-1.28.5/filter/texttopdf.c:315:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-filters-1.28.5/filter/texttopdf.c:377:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
charset = getenv("CHARSET");
data/cups-filters-1.28.5/filter/texttotext.c:260:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-filters-1.28.5/utils/cups-browsed.c:8374:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-filters-1.28.5/utils/cups-browsed.c:12355:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPP_PORT") != NULL) {
data/cups-filters-1.28.5/utils/cups-browsed.c:12357:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
"localhost:%s", getenv("IPP_PORT"));
data/cups-filters-1.28.5/utils/cups-browsed.c:12361:4: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("IPP_PORT"));
data/cups-filters-1.28.5/utils/cups-browsed.c:12370:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CUPS_SERVER") != NULL) {
data/cups-filters-1.28.5/utils/cups-browsed.c:12371:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy(local_server_str, getenv("CUPS_SERVER"),
data/cups-filters-1.28.5/utils/cups-browsed.c:12376:4: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("CUPS_SERVER"));
data/cups-filters-1.28.5/utils/driverless.c:745:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv("DEVICE_TYPE")) != NULL &&
data/cups-filters-1.28.5/utils/driverless.c:811:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((val = getenv("SOFTWARE")) != NULL &&
data/cups-filters-1.28.5/backend/beh.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[1024], buf[8192];
data/cups-filters-1.28.5/backend/beh.c:140:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *tmpfile;
data/cups-filters-1.28.5/backend/beh.c:147:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpfilename);
data/cups-filters-1.28.5/backend/beh.c:156:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fwrite(buf, 1, bytes, tmpfile);
data/cups-filters-1.28.5/backend/beh.c:157:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/cups-filters-1.28.5/backend/beh.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[1024], /* Scheme from URI */
data/cups-filters-1.28.5/backend/cups-brf.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/cups-filters-1.28.5/backend/cups-brf.c:69:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/cups-filters-1.28.5/backend/ieee1284.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devparport[16]; /* /dev/parportN */
data/cups-filters-1.28.5/backend/ieee1284.c:139:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devparportfd = open(devparport, O_RDWR | O_NOCTTY)) != -1)
data/cups-filters-1.28.5/backend/ieee1284.c:317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], /* Temporary manufacturer string */
data/cups-filters-1.28.5/backend/ieee1284.c:447:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary make and model */
data/cups-filters-1.28.5/backend/ieee1284.c:518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], /* Key string */
data/cups-filters-1.28.5/backend/implicitclass.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[64], username[32], queue_name[1024], resource[32],
data/cups-filters-1.28.5/backend/implicitclass.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_host[1024]; /* Destination host */
data/cups-filters-1.28.5/backend/implicitclass.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/backend/implicitclass.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv_nt[8];
data/cups-filters-1.28.5/backend/implicitclass.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cups-filters-1.28.5/backend/implicitclass.c:245:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/cups-filters-1.28.5/backend/implicitclass.c:266:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[6], O_RDONLY);
data/cups-filters-1.28.5/backend/parallel.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[255], /* Method in URI */
data/cups-filters-1.28.5/backend/parallel.c:124:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((print_fd = open(argv[6], O_RDONLY)) < 0)
data/cups-filters-1.28.5/backend/parallel.c:130:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-filters-1.28.5/backend/parallel.c:170:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_fd = open(resource, O_WRONLY | O_EXCL);
data/cups-filters-1.28.5/backend/parallel.c:174:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((device_fd = open(resource, O_RDWR | O_EXCL)) < 0)
data/cups-filters-1.28.5/backend/parallel.c:176:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_fd = open(resource, O_WRONLY | O_EXCL);
data/cups-filters-1.28.5/backend/parallel.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-filters-1.28.5/backend/parallel.c:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[512], /* Device filename */
data/cups-filters-1.28.5/backend/parallel.c:398:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(basedevice, "/dev/parallel/");
data/cups-filters-1.28.5/backend/parallel.c:400:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(basedevice, "/dev/printers/");
data/cups-filters-1.28.5/backend/parallel.c:402:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(basedevice, "/dev/lp");
data/cups-filters-1.28.5/backend/parallel.c:411:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-filters-1.28.5/backend/parallel.c:412:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device, O_WRONLY);
data/cups-filters-1.28.5/backend/parallel.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-filters-1.28.5/backend/parallel.c:449:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ecpp%d", i);
data/cups-filters-1.28.5/backend/parallel.c:457:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/bpp%d", i);
data/cups-filters-1.28.5/backend/parallel.c:465:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/lp%d", i);
data/cups-filters-1.28.5/backend/parallel.c:478:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/pm%02d", i);
data/cups-filters-1.28.5/backend/parallel.c:493:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/sts/lpN%d%c", j, funky_hex[n]);
data/cups-filters-1.28.5/backend/parallel.c:495:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/sts/lp%c%d%c", i + 'C', j,
data/cups-filters-1.28.5/backend/parallel.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-filters-1.28.5/backend/parallel.c:516:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/lpt%d", i);
data/cups-filters-1.28.5/backend/parallel.c:517:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY)) >= 0)
data/cups-filters-1.28.5/backend/parallel.c:523:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/lpa%d", i);
data/cups-filters-1.28.5/backend/parallel.c:524:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY)) >= 0)
data/cups-filters-1.28.5/backend/parallel.c:553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-filters-1.28.5/backend/parallel.c:810:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048]; /* Request/response data */
data/cups-filters-1.28.5/backend/serial.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[255], /* Method in URI */
data/cups-filters-1.28.5/backend/serial.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-filters-1.28.5/backend/serial.c:160:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((print_fd = open(argv[6], O_RDONLY)) < 0)
data/cups-filters-1.28.5/backend/serial.c:166:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-filters-1.28.5/backend/serial.c:200:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((device_fd = open(resource, O_RDWR | O_NOCTTY | O_EXCL |
data/cups-filters-1.28.5/backend/serial.c:297:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
print_size = atoi(value) / 100;
data/cups-filters-1.28.5/backend/serial.c:300:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfsetispeed(&opts, atoi(value));
data/cups-filters-1.28.5/backend/serial.c:301:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfsetospeed(&opts, atoi(value));
data/cups-filters-1.28.5/backend/serial.c:303:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(value))
data/cups-filters-1.28.5/backend/serial.c:359:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(value))
data/cups-filters-1.28.5/backend/serial.c:447:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(value))
data/cups-filters-1.28.5/backend/serial.c:709:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-filters-1.28.5/backend/serial.c:813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-filters-1.28.5/backend/serial.c:814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[255]; /* Device info/description */
data/cups-filters-1.28.5/backend/serial.c:822:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyS%d", i);
data/cups-filters-1.28.5/backend/serial.c:824:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:863:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/usb/ttyUSB%d", i);
data/cups-filters-1.28.5/backend/serial.c:864:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:870:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyUSB%d", i);
data/cups-filters-1.28.5/backend/serial.c:871:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:882:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyQ%02de%d", i, j);
data/cups-filters-1.28.5/backend/serial.c:883:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-filters-1.28.5/backend/serial.c:895:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[255]; /* Device info/description */
data/cups-filters-1.28.5/backend/serial.c:904:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/cua/%c", 'a' + i);
data/cups-filters-1.28.5/backend/serial.c:923:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/term/%02d", i);
data/cups-filters-1.28.5/backend/serial.c:938:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/sts/ttyN%d%c", j, funky_hex[n]);
data/cups-filters-1.28.5/backend/serial.c:940:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/sts/tty%c%d%c", i + 'C', j,
data/cups-filters-1.28.5/backend/serial.c:956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-filters-1.28.5/backend/serial.c:957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[255]; /* Device info/description */
data/cups-filters-1.28.5/backend/serial.c:966:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyd%c", funky_hex[i]);
data/cups-filters-1.28.5/backend/serial.c:967:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:984:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyc%d%c", i, funky_hex[j]);
data/cups-filters-1.28.5/backend/serial.c:985:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:992:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyC%d%c", i, funky_hex[j]);
data/cups-filters-1.28.5/backend/serial.c:993:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:1008:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyD%d%c", i, funky_hex[j]);
data/cups-filters-1.28.5/backend/serial.c:1009:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:1023:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyE%c", funky_hex[i]);
data/cups-filters-1.28.5/backend/serial.c:1024:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:1038:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyA%d", i + 1);
data/cups-filters-1.28.5/backend/serial.c:1039:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:1049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-filters-1.28.5/backend/serial.c:1050:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[255]; /* Device info/description */
data/cups-filters-1.28.5/backend/serial.c:1059:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/tty%02d", i);
data/cups-filters-1.28.5/backend/serial.c:1060:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:1077:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device, "/dev/ttyCZ%02d%02d", i, j);
data/cups-filters-1.28.5/backend/serial.c:1078:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_NOCTTY | O_NDELAY)) >= 0)
data/cups-filters-1.28.5/backend/serial.c:1120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serialName[128];
data/cups-filters-1.28.5/backend/serial.c:1121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bsdPath[1024];
data/cups-filters-1.28.5/backend/serial.c:1193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048]; /* Request/response data */
data/cups-filters-1.28.5/backend/test1284.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024], /* 1284 device ID string */
data/cups-filters-1.28.5/backend/test1284.c:57:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[i], O_RDWR)) < 0)
data/cups-filters-1.28.5/cupsfilters/cmyk.c:1030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[PPD_MAX_NAME]; /* Profile name */
data/cups-filters-1.28.5/cupsfilters/cmyk.c:1092:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_channels = atoi(attr->value);
data/cups-filters-1.28.5/cupsfilters/colord.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q_keyword[PPD_MAX_NAME];
data/cups-filters-1.28.5/cupsfilters/colord.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/cups-filters-1.28.5/cupsfilters/colormanager.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[1024];
data/cups-filters-1.28.5/cupsfilters/colormanager.c:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qualifer_tmp[1024];
data/cups-filters-1.28.5/cupsfilters/dither.c:65:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logtable[16384]; /* Error magnitude for randomness */
data/cups-filters-1.28.5/cupsfilters/driver.h:80:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3]; /* sRGB values */
data/cups-filters-1.28.5/cupsfilters/driver.h:81:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colors[CUPS_MAX_RGB]; /* Color values */
data/cups-filters-1.28.5/cupsfilters/driver.h:92:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char black[CUPS_MAX_RGB]; /* Cached black (sRGB = 0,0,0) */
data/cups-filters-1.28.5/cupsfilters/driver.h:93:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char white[CUPS_MAX_RGB]; /* Cached white (sRGB = 255,255,255) */
data/cups-filters-1.28.5/cupsfilters/driver.h:98:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char black_lut[256]; /* Black generation LUT */
data/cups-filters-1.28.5/cupsfilters/driver.h:99:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char color_lut[256]; /* Color removal LUT */
data/cups-filters-1.28.5/cupsfilters/driver.h:111:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char
data/cups-filters-1.28.5/cupsfilters/driver.h:114:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char
data/cups-filters-1.28.5/cupsfilters/image-colorspace.c:839:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, count * 3);
data/cups-filters-1.28.5/cupsfilters/image-colorspace.c:1113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, count);
data/cups-filters-1.28.5/cupsfilters/image-colorspace.c:1256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, temp, sizeof(temp));
data/cups-filters-1.28.5/cupsfilters/image-gif.c:75:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024]; /* Input buffer */
data/cups-filters-1.28.5/cupsfilters/image-gif.c:304:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[280]; /* Input buffer */
data/cups-filters-1.28.5/cupsfilters/image-gif.c:309:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char bits[8] = /* Bit masks for codes */
data/cups-filters-1.28.5/cupsfilters/image-gif.c:645:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[260]; /* Block buffer */
data/cups-filters-1.28.5/cupsfilters/image-png.c:263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, inptr, img->xsize);
data/cups-filters-1.28.5/cupsfilters/image-pnm.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255], /* Input line */
data/cups-filters-1.28.5/cupsfilters/image-pnm.c:74:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
format = atoi(lineptr);
data/cups-filters-1.28.5/cupsfilters/image-pnm.c:84:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
img->xsize = atoi(lineptr);
data/cups-filters-1.28.5/cupsfilters/image-pnm.c:98:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
img->ysize = atoi(lineptr);
data/cups-filters-1.28.5/cupsfilters/image-pnm.c:116:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxval = atoi(lineptr);
data/cups-filters-1.28.5/cupsfilters/image-private.h:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cachename[256]; /* Tile cache filename */
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:181:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "rb");
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:183:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "wb+");
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80]; /* Name of file in image header */
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:527:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sgip->arle_row, row, sgip->xsize * sizeof(unsigned short));
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:547:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4]; /* Bytes from file */
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:563:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2]; /* Bytes from file */
data/cups-filters-1.28.5/cupsfilters/image-sun.c:89:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmap[3][256]; /* colormap */
data/cups-filters-1.28.5/cupsfilters/image.c:246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels, ib, count * bpp);
data/cups-filters-1.28.5/cupsfilters/image.c:303:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[16], /* First 16 bytes of file */
data/cups-filters-1.28.5/cupsfilters/image.c:317:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/cups-filters-1.28.5/cupsfilters/image.c:534:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ib, pixels, count * bpp);
data/cups-filters-1.28.5/cupsfilters/ipp.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pseudo_argv[2];
data/cups-filters-1.28.5/cupsfilters/ipp.c:80:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2 = open("/dev/null", O_WRONLY);
data/cups-filters-1.28.5/cupsfilters/ipp.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[10], userpass[1024], host_name[1024], resource[1024];
data/cups-filters-1.28.5/cupsfilters/ipp.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuffer[65536];
data/cups-filters-1.28.5/cupsfilters/ipp.c:429:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ippfind_argv[100], /* Arguments for ippfind */
data/cups-filters-1.28.5/cupsfilters/ipp.h:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char get_printer_attributes_log[LOGSIZE];
data/cups-filters-1.28.5/cupsfilters/lut.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PPD_MAX_NAME], /* Attribute name */
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv_nt[8]; /* NULL-terminated array of the command
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_path[1024]; /* Path to filter executable */
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:616:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = open("/dev/null", O_RDONLY);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:626:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = open("/dev/null", O_WRONLY);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:637:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 2) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:645:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 3) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:653:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 4) {
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program[1024]; /* Program to run */
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:907:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, p1, p2 - p1);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdgenerator_msg[1024];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:359:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newsize, size, sizeof(cups_size_t));
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URL scheme */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subdirpath[1024], catalogpath[2048], lang[8];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[1024];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:743:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[1024];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:747:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[65536];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:773:27: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (get_url(location, tmpfile, sizeof(tmpfile)))
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:773:43: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (get_url(location, tmpfile, sizeof(tmpfile)))
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:774:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
filename = tmpfile;
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:951:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (filename == tmpfile)
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1581:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make[256], /* Make and model */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1622:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256],
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbin_properties[1024];
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1840:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[33]; /* Password pattern */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1966:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lowdpi = atoi(rs + 2);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1968:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hidpi = atoi(rs + 1);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tleft[256], /* Left string */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2358:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmax[256], tmin[256]; /* Min/max values */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2542:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, sources[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:2733:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, media_types[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3157:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, output_bins[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3398:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3491:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3591:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3684:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
human_readable = (char *)_cupsLangString(lang, finishings[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3875:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)_cupsLangString(lang,
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3933:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)_cupsLangString(lang,
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:3987:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)_cupsLangString(lang, scaling_types[j][1]);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:4043:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char member_value[256]; /* Member attribute value */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:4377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, sizeptr + 1, (size_t)(dimptr - sizeptr - 1));
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.h:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ppdgenerator_msg[1024];
data/cups-filters-1.28.5/cupsfilters/raster.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srclen);
data/cups-filters-1.28.5/cupsfilters/raster.c:167:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(h->MediaClass, "PwgRaster");
data/cups-filters-1.28.5/cupsfilters/raster.c:468:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h->MediaWeight = atol(val);
data/cups-filters-1.28.5/cupsfilters/raster.c:512:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h->NumCopies = atol(val);
data/cups-filters-1.28.5/cupsfilters/raster.c:632:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/cupsfilters/raster.c:646:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/cupsfilters/raster.c:660:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/cupsfilters/raster.c:672:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/cupsfilters/raster.c:939:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int impressions = atoi(val);
data/cups-filters-1.28.5/cupsfilters/raster.c:1034:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int alternateprimary = atoi(val); /* SRGB value for black
data/cups-filters-1.28.5/cupsfilters/raster.c:1043:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int quality = atoi(val); /* print-quality value */
data/cups-filters-1.28.5/cupsfilters/raster.c:1059:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vendorid = atoi(val); /* USB ID of manufacturer */
data/cups-filters-1.28.5/cupsfilters/raster.c:1068:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int vendorlength = atoi(val); /* How many bytes of vendor
data/cups-filters-1.28.5/cupsfilters/rgb.c:106:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, output - rgbptr->num_channels, rgbsize);
data/cups-filters-1.28.5/cupsfilters/rgb.c:117:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, rgbptr->black, rgbsize);
data/cups-filters-1.28.5/cupsfilters/rgb.c:128:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, rgbptr->white, rgbsize);
data/cups-filters-1.28.5/cupsfilters/rgb.c:229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, output - rgbptr->num_channels, rgbsize);
data/cups-filters-1.28.5/cupsfilters/rgb.c:240:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, rgbptr->black, rgbsize);
data/cups-filters-1.28.5/cupsfilters/rgb.c:251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, rgbptr->white, rgbsize);
data/cups-filters-1.28.5/cupsfilters/rgb.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[PPD_MAX_NAME]; /* Profile name */
data/cups-filters-1.28.5/cupsfilters/rgb.c:435:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3]; /* Temporary RGB value */
data/cups-filters-1.28.5/cupsfilters/rgb.c:506:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempr[r][g][b], samples[i].colors, num_channels);
data/cups-filters-1.28.5/cupsfilters/srgb.c:24:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char cups_srgb_lut[256] =
data/cups-filters-1.28.5/cupsfilters/srgb.c:51:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char cups_scmy_lut[256] =
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255]; /* Output filename */
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255]; /* Line from PGM file */
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[7000]; /* Line to separate */
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:102:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("image.pgm", "rb");
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:150:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out[i] = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:156:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
comp = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255]; /* Output filename */
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255]; /* Line from PPM file */
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:270:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[7000]; /* Line to separate */
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:284:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("image.ppm", "rb");
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:328:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out[i] = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testcmyk.c:334:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
comp = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testdither.c:54:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixels[512], /* Dither pixels */
data/cups-filters-1.28.5/cupsfilters/testdither.c:79:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixvals[nlutvals] = atoi(argv[x]);
data/cups-filters-1.28.5/cupsfilters/testdriver.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[255], /* URI scheme */
data/cups-filters-1.28.5/cupsfilters/testimage.c:61:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(argv[2], "wb");
data/cups-filters-1.28.5/cupsfilters/testrgb.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255]; /* Output filename */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255]; /* Line from PPM file */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[7000]; /* Line to rgbarate */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:103:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[48000], /* Output rgb data */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:116:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("image.pgm", "rb");
data/cups-filters-1.28.5/cupsfilters/testrgb.c:138:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out[i] = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testrgb.c:144:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
comp = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testrgb.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255]; /* Output filename */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255]; /* Line from PPM file */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:232:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[7000]; /* Line to rgbarate */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[48000], /* Output rgb data */
data/cups-filters-1.28.5/cupsfilters/testrgb.c:246:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("image.ppm", "rb");
data/cups-filters-1.28.5/cupsfilters/testrgb.c:268:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out[i] = fopen(filename, "wb");
data/cups-filters-1.28.5/cupsfilters/testrgb.c:274:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
comp = fopen(filename, "wb");
data/cups-filters-1.28.5/filter/banner.c:140:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!(f = fopen(filename, "r"))) {
data/cups-filters-1.28.5/filter/bannertopdf.c:60:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return value ? atoi(value) : def;
data/cups-filters-1.28.5/filter/bannertopdf.c:135:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
media_limits[0] = atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/filter/bannertopdf.c:138:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
media_limits[1] = atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/filter/bannertopdf.c:141:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
media_limits[2] = *width - atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/filter/bannertopdf.c:144:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
media_limits[3] = *length - atol(val) * 72.0 / 2540.0;
data/cups-filters-1.28.5/filter/bannertopdf.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/cups-filters-1.28.5/filter/bannertopdf.c:219:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "unknown");
data/cups-filters-1.28.5/filter/bannertopdf.c:391:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((s = tmpfile()) == NULL) {
data/cups-filters-1.28.5/filter/commandtoescpx.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-filters-1.28.5/filter/commandtoescpx.c:77:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[6], "r")) == NULL)
data/cups-filters-1.28.5/filter/commandtoescpx.c:154:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
phase = atoi(lineptr + 18);
data/cups-filters-1.28.5/filter/commandtopclx.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-filters-1.28.5/filter/commandtopclx.c:77:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[6], "r")) == NULL)
data/cups-filters-1.28.5/filter/common.c:219:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Orientation = atoi(val) - 3;
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_model[256] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:135:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrpath[256] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:150:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorprofile [128];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:151:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsfilter[256];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:165:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gspath[PATH_MAX] = "gs";
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:170:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char echopath[PATH_MAX] = "echo";
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:173:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsfilterpath[PATH_MAX] = "/usr/local/lib/cups/filter:"
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:183:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(value);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:209:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(filename, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp [256];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:573:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:605:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdf2ps_cmd[CMDLINE_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:618:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *tmpfile;
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:621:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpfilename);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:627:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
copy_file(tmpfile, stdin, buf, n);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:628:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:707:27: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *tmpfile;
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:710:26: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpfilename);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:723:31: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
copy_file(tmpfile, stdin, buf, n);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:724:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (fflush(tmpfile) == EOF)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:726:28: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
rewind(tmpfile);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:728:36: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
ret = print_ps(tmpfile, NULL, 0, tmpfilename);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:729:28: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024], profile_arg[256], gstoraster[512];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:835:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = mkstemp (tmp);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1104:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "cat%A%B%C%D%E%F%G%H%I%J%K%L%M%Z");
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:1110:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(printer_model, "Raw queue");
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer[256];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[128];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[128];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[128];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[2048];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdfile[2048];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copies[128];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cupsfilterpath[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:116:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char gspath[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.h:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char echopath[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char printer_model [256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_id [256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver [128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd [4096];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_pdf [4096];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cupsfilter [256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jclbegin[256] = "\033%-12345X@PJL\n";
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jcltointerpreter[256] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jclend[256] = "\033%-12345X@PJL RESET\n";
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jclprefix[256] = "@PJL ";
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:512:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(str);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:513:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imin = !isempty(param->min) ? atoi(param->min) : -999999;
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:514:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imax = !isempty(param->max) ? atoi(param->max) : 1000000;
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:566:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!isempty(param->min) && len < atoi(param->min)) {
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:571:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!isempty(param->max) && len > atoi(param->max)) {
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:590:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[3];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:819:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[30], height[30];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:825:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(width, 20, "%d", atoi(paramvalues[0]));
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:826:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(height, 20, "%d", atoi(paramvalues[1]));
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:864:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orderstr[8];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[32], style[32];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[16];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1219:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "%04d", t->tm_year + 1900);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1224:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "%02d", t->tm_mon + 1);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1229:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "%02d", t->tm_mday);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1234:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "%02d", t->tm_hour);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1239:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "%02d", t->tm_min);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1244:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr, "%02d", t->tm_sec);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxstr[256], tmp[128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typestr[33];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1440:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(param->name, "foomatic-param");
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line [256]; /* PPD line length is max 255 (excl. \0) */
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1558:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[128], name[64], text[64];
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1566:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(filename, "r");
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1959:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dstrcpyf(open, "[{\n%%%%BeginFeature: *%s ", opt->name);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1961:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dstrcatf(open, is_true_string(userval) ? "True\n" : "False\n");
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1963:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dstrcatf(open, "%s\n", userval);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:2059:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
free_dstr(open);
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value [128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text [128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[65536];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text [128]; /* formerly comment, changed to 'text' to
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min[20], max[20]; /* contents depend on 'type' */
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text [128];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname [128]; /* clean version of 'name' (no spaces etc.) */
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:123:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char jclbegin[256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:124:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char jcltointerpreter[256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:125:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char jclend[256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:126:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char jclprefix[256];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:128:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cmd[4096];
data/cups-filters-1.28.5/filter/foomatic-rip/options.h:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cmd_pdf[4096];
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gscommand[CMDLINE_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[63] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:116:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pdf_extract_pages(char filename[PATH_MAX],
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gscommand[CMDLINE_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_arg[PATH_MAX], first_arg[50], last_arg[50];
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:128:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(filename)) == -1)
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:160:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:171:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!pdf_extract_pages(tmpfile, filename, firstpage, lastpage))
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:173:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
dstrcatf(cmd, " < %s", tmpfile);
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:179:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(tmpfile);
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[PATH_MAX] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:301:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *tmpfile;
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:304:14: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpfilename);
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:311:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
copy_file(tmpfile, stdin, alreadyread, len);
data/cups-filters-1.28.5/filter/foomatic-rip/pdf.c:312:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gscommand[65536];
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[31] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optionname [128];
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value [128];
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:915:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
get_current_job()->rbinumcopies = atoi(p);
data/cups-filters-1.28.5/filter/foomatic-rip/process.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gstestcommand[CMDLINE_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[10] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[128];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path [PATH_MAX] = "";
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cups_jobid [128];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cups_user [128];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cups_jobtitle [2048];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cups_copies [128];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cups_filename [256];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line [1024];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:149:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fh = fopen(configfile, "r")))
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configfile [1024];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp [1024];
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_default_path [PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filepath[PATH_MAX];
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cstr[3];
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:696:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ds->data[ds->len], src, srclen +1);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:1126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/cups-filters-1.28.5/filter/gstoraster.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/cups-filters-1.28.5/filter/gstoraster.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cups-filters-1.28.5/filter/gstoraster.c:107:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h->NumCopies = atoi(p+1);
data/cups-filters-1.28.5/filter/gstoraster.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[1024];
data/cups-filters-1.28.5/filter/gstoraster.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/gstoraster.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[1024];
data/cups-filters-1.28.5/filter/gstoraster.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qualifer_tmp[1024];
data/cups-filters-1.28.5/filter/gstoraster.c:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/gstoraster.c:595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[1024];
data/cups-filters-1.28.5/filter/gstoraster.c:693:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[6],"rb")) == 0) {
data/cups-filters-1.28.5/filter/gstoraster.c:703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/cups-filters-1.28.5/filter/gstoraster.c:732:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gscommand[65536];
data/cups-filters-1.28.5/filter/gstoraster.c:733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[31] = "";
data/cups-filters-1.28.5/filter/gstoraster.c:844:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(argv[4]) <= 1)
data/cups-filters-1.28.5/filter/gstoraster.c:919:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h.HWResolution[0] = atoi(p);
data/cups-filters-1.28.5/filter/gstoraster.c:921:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h.HWResolution[1] = atoi(p);
data/cups-filters-1.28.5/filter/imagetopdf.c:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char linebuf[LINEBUFSIZE];
data/cups-filters-1.28.5/filter/imagetopdf.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cups-filters-1.28.5/filter/imagetopdf.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[21];
data/cups-filters-1.28.5/filter/imagetopdf.c:309:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdate[255];
data/cups-filters-1.28.5/filter/imagetopdf.c:588:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row, row + out_length - out_offset, out_offset);
data/cups-filters-1.28.5/filter/imagetopdf.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Name of file to print */
data/cups-filters-1.28.5/filter/imagetopdf.c:725:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Buffer to read into */
data/cups-filters-1.28.5/filter/imagetopdf.c:761:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Copies = atoi(argv[4]);
data/cups-filters-1.28.5/filter/imagetopdf.c:791:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Copies = atoi(choice->choice);
data/cups-filters-1.28.5/filter/imagetopdf.c:874:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gammaval = atoi(val) * 0.001f;
data/cups-filters-1.28.5/filter/imagetopdf.c:877:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
brightness = atoi(val) * 0.01f;
data/cups-filters-1.28.5/filter/imagetopdf.c:936:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sat = atoi(val);
data/cups-filters-1.28.5/filter/imagetopdf.c:939:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hue = atoi(val);
data/cups-filters-1.28.5/filter/imagetopdf.c:986:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempOrientation = atoi(val);
data/cups-filters-1.28.5/filter/imagetopdf.c:1033:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zoom = atoi(val) * 0.01;
data/cups-filters-1.28.5/filter/imagetopdf.c:1070:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempOrientation = atoi(val);
data/cups-filters-1.28.5/filter/imagetopdf.c:1159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename2[1024];
data/cups-filters-1.28.5/filter/imagetopdf.c:1237:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xinches = xinches * atoi(val) / 100;
data/cups-filters-1.28.5/filter/imagetopdf.c:1238:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yinches = yinches * atoi(val) / 100;
data/cups-filters-1.28.5/filter/imagetopdf.c:1391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[255]; /* New custom page size... */
data/cups-filters-1.28.5/filter/imagetopdf.c:1433:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Custom.%.0fx%.0f", width, length);
data/cups-filters-1.28.5/filter/imagetopdf.c:1556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cups-filters-1.28.5/filter/imagetopdf.c:1596:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppdEmitJCL(ppd, stdout, atoi(argv[1]), argv[2], argv[3]);
data/cups-filters-1.28.5/filter/imagetopdf.c:1912:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[6]; /* ASCII85 encoded chars */
data/cups-filters-1.28.5/filter/imagetoraster.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Name of file to print */
data/cups-filters-1.28.5/filter/imagetoraster.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Buffer to read into */
data/cups-filters-1.28.5/filter/imagetoraster.c:265:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Copies = atoi(argv[4]);
data/cups-filters-1.28.5/filter/imagetoraster.c:293:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g = atoi(val) * 0.001f;
data/cups-filters-1.28.5/filter/imagetoraster.c:307:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b = atoi(val) * 0.01f;
data/cups-filters-1.28.5/filter/imagetoraster.c:372:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sat = atoi(val);
data/cups-filters-1.28.5/filter/imagetoraster.c:375:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hue = atoi(val);
data/cups-filters-1.28.5/filter/imagetoraster.c:646:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempOrientation = atoi(val);
data/cups-filters-1.28.5/filter/imagetoraster.c:703:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zoom = atoi(val) * 0.01;
data/cups-filters-1.28.5/filter/imagetoraster.c:744:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tempOrientation = atoi(val);
data/cups-filters-1.28.5/filter/imagetoraster.c:888:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xinches = xinches * atoi(val) / 100;
data/cups-filters-1.28.5/filter/imagetoraster.c:889:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yinches = yinches * atoi(val) / 100;
data/cups-filters-1.28.5/filter/imagetoraster.c:1075:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(header.cupsPageSizeName, "Custom");
data/cups-filters-1.28.5/filter/mupdftoraster.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/cups-filters-1.28.5/filter/mupdftoraster.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cups-filters-1.28.5/filter/mupdftoraster.c:105:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h->NumCopies = atoi(p+1);
data/cups-filters-1.28.5/filter/mupdftoraster.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[1024];
data/cups-filters-1.28.5/filter/mupdftoraster.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/mupdftoraster.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[1024];
data/cups-filters-1.28.5/filter/mupdftoraster.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infilename[1024];
data/cups-filters-1.28.5/filter/mupdftoraster.c:313:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[6],"rb")) == 0) {
data/cups-filters-1.28.5/filter/mupdftoraster.c:381:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h.HWResolution[0] = atoi(p);
data/cups-filters-1.28.5/filter/mupdftoraster.c:383:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h.HWResolution[1] = atoi(p);
data/cups-filters-1.28.5/filter/pcl-common.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char match[255], /* Match string */
data/cups-filters-1.28.5/filter/pdf.cxx:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_data->getBuffer(), buf, len);
data/cups-filters-1.28.5/filter/pdftopdf/nup.cc:38:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *order[4]={"lr","rl","bt","tb"};
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:71:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ret=atoi(choice->choice);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:83:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ret=atoi(val);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:309:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int copies = atoi(val);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:913:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1091:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param.jobId=atoi(argv[1]);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1094:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param.numCopies=atoi(argv[4]);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1095:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
param.copies_to_be_logged=atoi(argv[4]);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1156:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(argv[6], "rb")) == NULL) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1171:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile && is_empty(tmpfile)) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1171:31: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile && is_empty(tmpfile)) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1172:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1175:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
} else if ((!tmpfile)||
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1176:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(!proc->loadFile(tmpfile,WillStayAlive,qpdf_flatten))) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1197:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = fopen(argv[6], "r");
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1200:6: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile) rewind(tmpfile);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1200:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile) rewind(tmpfile);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1201:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
infile = tmpfile;
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1208:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "-sOutputFile=", 13);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1274:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (infile != tmpfile)
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1314:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile)
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:1315:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.cc:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.cc:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.cc:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_processor.cc:9:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *bstr[3]={"Off","On","Shuffle-Only"};
data/cups-filters-1.28.5/filter/pdftopdf/pptypes.cc:8:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pstr[3]={"Left/Bottom","Center","Right/Top"};
data/cups-filters-1.28.5/filter/pdftopdf/pptypes.cc:25:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pxstr[3]={"Left","Center","Right"};
data/cups-filters-1.28.5/filter/pdftopdf/pptypes.cc:28:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pystr[3]={"Bottom","Center","Top"};
data/cups-filters-1.28.5/filter/pdftopdf/pptypes.cc:36:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *rstr[4]={"0 deg","90 deg","180 deg","270 deg"}; // CCW
data/cups-filters-1.28.5/filter/pdftopdf/pptypes.cc:68:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *bstr[6]={"None",NULL,"one thin","one thick","two thin","two thick"};
data/cups-filters-1.28.5/filter/pdftopdf/qpdf_cm.cc:14:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(filename,"r");
data/cups-filters-1.28.5/filter/pdftops.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char deviceCopies[32] = "1";
data/cups-filters-1.28.5/filter/pdftops.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make_model[128] = "";
data/cups-filters-1.28.5/filter/pdftops.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cups-filters-1.28.5/filter/pdftops.c:124:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename,"rb")) == 0) {
data/cups-filters-1.28.5/filter/pdftops.c:237:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/cups-filters-1.28.5/filter/pdftops.c:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/cups-filters-1.28.5/filter/pdftops.c:305:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-filters-1.28.5/filter/pdftops.c:311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[128] = ""; /* Output resolution */
data/cups-filters-1.28.5/filter/pdftops.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pdf_argv[100], /* Arguments for pdftops/gs */
data/cups-filters-1.28.5/filter/pdftops.c:567:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pstops_end, " Collate");
data/cups-filters-1.28.5/filter/pdftops.c:1101:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)))
data/cups-filters-1.28.5/filter/pdftoraster.cxx:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pageSizeRequested[64];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char revTable[256] = {
data/cups-filters-1.28.5/filter/pdftoraster.cxx:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:492:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
deviceCopies = atoi(p+1);
data/cups-filters-1.28.5/filter/pdftoraster.cxx:843:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmyk[4];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:893:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmyk[4];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1148:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf1[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1149:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf2[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1165:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf1[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1166:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf2[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1182:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf1[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1183:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf2[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1198:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf1[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1199:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixelBuf2[MAX_BYTES_PER_PIXEL];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BUFSIZ];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1986:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/cups-filters-1.28.5/filter/pdftoraster.cxx:2011:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[6],"rb")) == 0) {
data/cups-filters-1.28.5/filter/pdfutils.c:93:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char curdate[250];
data/cups-filters-1.28.5/filter/rastertoescpx.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[PPD_MAX_NAME],
data/cups-filters-1.28.5/filter/rastertoescpx.c:229:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(header->MediaType, "Plain");
data/cups-filters-1.28.5/filter/rastertoescpx.c:380:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(attr->value);
data/cups-filters-1.28.5/filter/rastertoescpx.c:393:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spec, "%d", header->cupsMediaType);
data/cups-filters-1.28.5/filter/rastertoescpx.c:402:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:412:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:422:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:432:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:442:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:452:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:456:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spec, "%d", header->MediaPosition);
data/cups-filters-1.28.5/filter/rastertoescpx.c:467:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:493:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:504:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:609:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(spec, "%d", header->CutMedia);
data/cups-filters-1.28.5/filter/rastertoescpx.c:618:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:627:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:637:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:648:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putchar(atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:765:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("\033U%c", atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:774:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("\033(i\001%c%c", 0, atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:783:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("\033(e\002%c%c%c", 0, 0, atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertoescpx.c:1396:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_ptr, start, count);
data/cups-filters-1.28.5/filter/rastertoescpx.c:1811:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-filters-1.28.5/filter/rastertopclx.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[255]; /* Temporary value */
data/cups-filters-1.28.5/filter/rastertopclx.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[PPD_MAX_NAME],
data/cups-filters-1.28.5/filter/rastertopclx.c:243:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(header->MediaType, "PLAIN");
data/cups-filters-1.28.5/filter/rastertopclx.c:455:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (i = atoi(attr->value); i > 0; i --)
data/cups-filters-1.28.5/filter/rastertopclx.c:488:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", header->Duplex);
data/cups-filters-1.28.5/filter/rastertopclx.c:494:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", header->Tumble);
data/cups-filters-1.28.5/filter/rastertopclx.c:521:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", header->Jog);
data/cups-filters-1.28.5/filter/rastertopclx.c:673:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("QM%d", atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertopclx.c:675:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("\033*o%dM", atoi(attr->value));
data/cups-filters-1.28.5/filter/rastertopclx.c:698:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(attr->value);
data/cups-filters-1.28.5/filter/rastertopclx.c:773:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xorigin = atoi(attr->value);
data/cups-filters-1.28.5/filter/rastertopclx.c:778:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yorigin = atoi(attr->value);
data/cups-filters-1.28.5/filter/rastertopclx.c:1082:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_ptr, start, count);
data/cups-filters-1.28.5/filter/rastertopclx.c:1188:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_ptr, start, count);
data/cups-filters-1.28.5/filter/rastertopclx.c:1195:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SeedBuffer + plane * length, line, length);
data/cups-filters-1.28.5/filter/rastertopclx.c:1543:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SeedBuffer, line, length);
data/cups-filters-1.28.5/filter/rastertopclx.c:1859:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-filters-1.28.5/filter/rastertopclx.c:1893:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(argv[1]);
data/cups-filters-1.28.5/filter/rastertopclx.c:1914:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
StartPage(ppd, &header, atoi(argv[1]), argv[2], argv[3],
data/cups-filters-1.28.5/filter/rastertopdf.cpp:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamma_str[128];
data/cups-filters-1.28.5/filter/rastertopdf.cpp:537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bp_str[256];
data/cups-filters-1.28.5/filter/rastertopdf.cpp:538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wp_str[256];
data/cups-filters-1.28.5/filter/rastertopdf.cpp:539:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix_str[512];
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1182:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((info->page_data->getBuffer()+(line_n*info->line_bytes)), line, info->line_bytes);
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1188:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((info->pclm_strip_data[strip_num])->getBuffer() + (line_strip*info->line_bytes)),
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1389:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[6], "rb");
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1412:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf.pclm_strip_height_preferred = atoi(attr->value);
data/cups-filters-1.28.5/filter/rastertopdf.cpp:1425:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdf.pclm_strip_height_supported.push_back(atoi(vec[i].c_str()));
data/cups-filters-1.28.5/filter/rastertops.c:228:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[header.cupsBytesPerLine * 6], /* Input data buffer */
data/cups-filters-1.28.5/filter/rastertops.c:258:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(convertedpix, pixdata, header.cupsBytesPerLine);
data/cups-filters-1.28.5/filter/rastertops.c:267:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, convertedpix, alloc);
data/cups-filters-1.28.5/filter/rastertops.c:420:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[6], "rb");
data/cups-filters-1.28.5/filter/sys5ippprinter.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-filters-1.28.5/filter/sys5ippprinter.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv_nt[8]; /* NULL-terminated array of the command
data/cups-filters-1.28.5/filter/sys5ippprinter.c:492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_path[1024]; /* Path to filter executable */
data/cups-filters-1.28.5/filter/sys5ippprinter.c:544:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = open("/dev/null", O_RDONLY);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:556:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = open("/dev/null", O_WRONLY);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:568:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 2)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:578:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 3)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:587:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 4)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program[1024]; /* Program to run */
data/cups-filters-1.28.5/filter/sys5ippprinter.c:861:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, p1, p2 - p1);
data/cups-filters-1.28.5/filter/textcommon.c:494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[64], /* Keyword string */
data/cups-filters-1.28.5/filter/textcommon.c:533:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[6], "rb")) == NULL)
data/cups-filters-1.28.5/filter/textcommon.c:606:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PageColumns = atoi(val);
data/cups-filters-1.28.5/filter/textcommon.c:685:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Copies = atoi(argv[4]);
data/cups-filters-1.28.5/filter/texttopdf.c:132:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Codes[65536]; /* Unicode glyph mapping to font */
data/cups-filters-1.28.5/filter/texttopdf.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Glyph filenames */
data/cups-filters-1.28.5/filter/texttopdf.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-filters-1.28.5/filter/texttopdf.c:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdate[255]; /* Current date (text format) */
data/cups-filters-1.28.5/filter/texttopdf.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fontnames[1024]; /* Unique fonts */
data/cups-filters-1.28.5/filter/texttopdf.c:382:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/cups-filters-1.28.5/filter/texttopdf.c:1196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[20];
data/cups-filters-1.28.5/filter/texttotext.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-filters-1.28.5/filter/texttotext.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoding[64]; /* The printer'a encoding, to which
data/cups-filters-1.28.5/filter/texttotext.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[4096]; /* Output buffer for iconv */
data/cups-filters-1.28.5/filter/texttotext.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[2048]; /* Input buffer for iconv */
data/cups-filters-1.28.5/filter/texttotext.c:246:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_copies = atoi(argv[4]);
data/cups-filters-1.28.5/filter/texttotext.c:288:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_lines = atoi(val2);
data/cups-filters-1.28.5/filter/texttotext.c:297:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_columns = atoi(val2);
data/cups-filters-1.28.5/filter/texttotext.c:314:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:322:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:339:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page_left = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:352:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page_right = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:365:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page_top = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:378:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page_bottom = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:393:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(encoding, "ASCII//IGNORE");
data/cups-filters-1.28.5/filter/texttotext.c:433:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(val);
data/cups-filters-1.28.5/filter/texttotext.c:575:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/cups-filters-1.28.5/filter/urftopdf.cpp:255:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((info->page_data->getBuffer()+(line_n*info->line_bytes)), line, info->line_bytes);
data/cups-filters-1.28.5/filter/urftopdf.cpp:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unirast[8];
data/cups-filters-1.28.5/filter/urftopdf.cpp:430:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[6], "rb");
data/cups-filters-1.28.5/fontembed/embed.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cups-filters-1.28.5/fontembed/embed_pdf.c:47:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128*3];
data/cups-filters-1.28.5/fontembed/embed_pdf.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subtag[7];
data/cups-filters-1.28.5/fontembed/embed_pdf.h:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1]; // used for storing e.g. >fontname
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fontname[64];
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->panose,os2+30,12); // sFamilyClass + panose
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:347:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[256];
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:349:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret,(const char *)pos+1,len);
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:381:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[255];
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:433:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp+iA,"00>\n<");
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/cups-filters-1.28.5/fontembed/embed_sfnt.c:453:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
const int l=sprintf(tmp,"%d RD ",maxlen);
data/cups-filters-1.28.5/fontembed/main.c:91:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen(outfile,"w");
data/cups-filters-1.28.5/fontembed/sfnt.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/cups-filters-1.28.5/fontembed/sfnt.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/cups-filters-1.28.5/fontembed/sfnt.c:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/cups-filters-1.28.5/fontembed/sfnt.c:286:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f=fopen(file,"rb"))==NULL) {
data/cups-filters-1.28.5/fontembed/sfnt.c:299:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(end,"rb");
data/cups-filters-1.28.5/fontembed/sfnt.c:315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/cups-filters-1.28.5/fontembed/sfnt.c:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/cups-filters-1.28.5/fontembed/sfnt.c:688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[8];
data/cups-filters-1.28.5/fontembed/sfnt.c:841:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[4]={0,0,0,0};
data/cups-filters-1.28.5/fontembed/sfnt.c:847:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pad,data+ret-4,ret-length);
data/cups-filters-1.28.5/fontembed/sfnt_subset.c:182:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_glyf+offset,otf->gly,len);
data/cups-filters-1.28.5/fontembed/sfnt_subset.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/cups-filters-1.28.5/fontembed/test_pdf.c:92:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("test.pdf","w");
data/cups-filters-1.28.5/fontembed/test_ps.c:65:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f=fopen("test.ps","w");
data/cups-filters-1.28.5/scripting/php/phpcups.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255]; /* String value for numbers */
data/cups-filters-1.28.5/scripting/php/phpcups.c:101:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%ld", Z_LVAL_P(value));
data/cups-filters-1.28.5/scripting/php/phpcups.c:107:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%g", Z_DVAL_P(value));
data/cups-filters-1.28.5/scripting/php/phpcups.c:443:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *files[1000]; /* Files */
data/cups-filters-1.28.5/utils/cups-browsed.c:439:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char local_server_str[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:497:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cachedir[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:498:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logdir[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:499:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char local_default_printer_file[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:500:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char remote_default_printer_file[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:501:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char save_options_file[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:502:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char debug_log_file[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:503:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char debug_log_file_bckp[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:695:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lfp = fopen(debug_log_file, "a+");
data/cups-filters-1.28.5/utils/cups-browsed.c:715:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(debug_log_file, "r");
data/cups-filters-1.28.5/utils/cups-browsed.c:745:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cups-filters-1.28.5/utils/cups-browsed.c:767:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen(debug_log_file, "r");
data/cups-filters-1.28.5/utils/cups-browsed.c:768:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen(debug_log_file_bckp, "w");
data/cups-filters-1.28.5/utils/cups-browsed.c:772:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lfp = fopen(debug_log_file, "w");
data/cups-filters-1.28.5/utils/cups-browsed.c:781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/cups-filters-1.28.5/utils/cups-browsed.c:1166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newsize, size, sizeof(cups_size_t));
data/cups-filters-1.28.5/utils/cups-browsed.c:1414:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *values[num_value];
data/cups-filters-1.28.5/utils/cups-browsed.c:1486:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *values[num_value];
data/cups-filters-1.28.5/utils/cups-browsed.c:1557:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *values[num_value];
data/cups-filters-1.28.5/utils/cups-browsed.c:1615:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",value);
data/cups-filters-1.28.5/utils/cups-browsed.c:1628:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
values[i] = atoi(q);
data/cups-filters-1.28.5/utils/cups-browsed.c:1678:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",value);
data/cups-filters-1.28.5/utils/cups-browsed.c:1691:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
values[i] = atoi(q);
data/cups-filters-1.28.5/utils/cups-browsed.c:1877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_source[32], media_type[32];
data/cups-filters-1.28.5/utils/cups-browsed.c:2069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdname[41];
data/cups-filters-1.28.5/utils/cups-browsed.c:2100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdname[41];
data/cups-filters-1.28.5/utils/cups-browsed.c:2101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char requested_option[30];
data/cups-filters-1.28.5/utils/cups-browsed.c:2104:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "media-type-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2106:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "media-source-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "output-bin-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char requested_option[40];
data/cups-filters-1.28.5/utils/cups-browsed.c:2472:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "print-content-optimize-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2474:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "print-rendering-intent-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2476:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "print-scaling-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2478:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(requested_option, "job-sheets-supported");
data/cups-filters-1.28.5/utils/cups-browsed.c:2683:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdname[41], pagesize[128];
data/cups-filters-1.28.5/utils/cups-browsed.c:2749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *opt1, *opt2, constraint[100], *ppdsizename, *temp;
data/cups-filters-1.28.5/utils/cups-browsed.c:2869:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_make_and_model[256];
data/cups-filters-1.28.5/utils/cups-browsed.c:2872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuffer[65536];
data/cups-filters-1.28.5/utils/cups-browsed.c:2882:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(printer_make_and_model, "Cluster ");
data/cups-filters-1.28.5/utils/cups-browsed.c:2957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_source[32], media_type[32];
data/cups-filters-1.28.5/utils/cups-browsed.c:2966:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdname[41];
data/cups-filters-1.28.5/utils/cups-browsed.c:3233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:3646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhost[HTTP_MAX_URI], /* Local printer: Hostname */
data/cups-filters-1.28.5/utils/cups-browsed.c:3739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:3848:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:4383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldap_protocol[11], /* LDAP protocol */
data/cups-filters-1.28.5/utils/cups-browsed.c:4633:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* Printer URI */
data/cups-filters-1.28.5/utils/cups-browsed.c:5258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:5286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:5318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:5433:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w+");
data/cups-filters-1.28.5/utils/cups-browsed.c:5452:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:5455:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/cups-filters-1.28.5/utils/cups-browsed.c:5474:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:5490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:5493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024] = "";
data/cups-filters-1.28.5/utils/cups-browsed.c:5519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:5521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], *resource;
data/cups-filters-1.28.5/utils/cups-browsed.c:5525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536], *c;
data/cups-filters-1.28.5/utils/cups-browsed.c:5664:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w+");
data/cups-filters-1.28.5/utils/cups-browsed.c:5689:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:5705:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/cups-filters-1.28.5/utils/cups-browsed.c:6039:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, buf[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:6138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:6147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destination_uri[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:6151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:6159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[32];
data/cups-filters-1.28.5/utils/cups-browsed.c:6481:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "pdf");
data/cups-filters-1.28.5/utils/cups-browsed.c:6484:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "apple-raster");
data/cups-filters-1.28.5/utils/cups-browsed.c:6487:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "raster");
data/cups-filters-1.28.5/utils/cups-browsed.c:6490:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "pclm");
data/cups-filters-1.28.5/utils/cups-browsed.c:6493:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "pclxl");
data/cups-filters-1.28.5/utils/cups-browsed.c:6496:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "postscript");
data/cups-filters-1.28.5/utils/cups-browsed.c:6500:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(document_format, "pcl");
data/cups-filters-1.28.5/utils/cups-browsed.c:6688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_queue_uri[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:6824:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_queue_uri[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:7088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuebuffer[65536];
data/cups-filters-1.28.5/utils/cups-browsed.c:7611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], device_uri[HTTP_MAX_URI], buf[1024],
data/cups-filters-1.28.5/utils/cups-browsed.c:7624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary file */
data/cups-filters-1.28.5/utils/cups-browsed.c:7625:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Buffer for creating script */
data/cups-filters-1.28.5/utils/cups-browsed.c:7638:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[1024], *keyptr;
data/cups-filters-1.28.5/utils/cups-browsed.c:9006:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/cups-filters-1.28.5/utils/cups-browsed.c:9146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *host, buf[HTTP_MAX_HOST], *p, list[65536], *l;
data/cups-filters-1.28.5/utils/cups-browsed.c:9268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&iface->broadcast, ifa->ifa_broadaddr,
data/cups-filters-1.28.5/utils/cups-browsed.c:9295:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&iface->broadcast, ifa->ifa_broadaddr,
data/cups-filters-1.28.5/utils/cups-browsed.c:9405:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:9414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_host_name[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:9995:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IF_NAMESIZE];
data/cups-filters-1.28.5/utils/cups-browsed.c:10113:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, instance[64];
data/cups-filters-1.28.5/utils/cups-browsed.c:10261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IF_NAMESIZE];
data/cups-filters-1.28.5/utils/cups-browsed.c:10583:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32];
data/cups-filters-1.28.5/utils/cups-browsed.c:10584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[64];
data/cups-filters-1.28.5/utils/cups-browsed.c:10585:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HTTP_MAX_HOST];
data/cups-filters-1.28.5/utils/cups-browsed.c:10586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:10589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_resource[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:10590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_name[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:10677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:10683:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_host[256];
data/cups-filters-1.28.5/utils/cups-browsed.c:10684:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:10685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:10686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:10788:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[2048];
data/cups-filters-1.28.5/utils/cups-browsed.c:10789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:10790:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32];
data/cups-filters-1.28.5/utils/cups-browsed.c:10791:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[64];
data/cups-filters-1.28.5/utils/cups-browsed.c:10792:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HTTP_MAX_HOST];
data/cups-filters-1.28.5/utils/cups-browsed.c:10794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[HTTP_MAX_URI];
data/cups-filters-1.28.5/utils/cups-browsed.c:11436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[HTTP_MAX_BUFFER];
data/cups-filters-1.28.5/utils/cups-browsed.c:11445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/cups-filters-1.28.5/utils/cups-browsed.c:11698:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:11717:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:11730:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:11836:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:11980:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:12006:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:12018:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi(value);
data/cups-filters-1.28.5/utils/cups-browsed.c:12233:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi(val);
data/cups-filters-1.28.5/utils/driverless.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192], /* Copy buffer */
data/cups-filters-1.28.5/utils/driverless.c:272:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(make, model, (size_t)(ptr - model));
data/cups-filters-1.28.5/utils/driverless.c:399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ippfind_argv[100]; /* Arguments for ippfind */
data/cups-filters-1.28.5/utils/driverless.c:406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr,
data/cups-filters-1.28.5/utils/driverless.c:630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[65536], ppdname[1024];
data/cups-filters-1.28.5/utils/driverless.c:689:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ppdname, O_RDONLY);
data/cups-filters-1.28.5/backend/beh.c:181:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmpfilename) > 0)
data/cups-filters-1.28.5/backend/beh.c:225:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(scheme, uri, sizeof(scheme) - 1);
data/cups-filters-1.28.5/backend/beh.c:226:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(uri) > 1023)
data/cups-filters-1.28.5/backend/cups-brf.c:93:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0077);
data/cups-filters-1.28.5/backend/cups-brf.c:138:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sizein = read(STDIN_FILENO, buffer, sizeof(buffer));
data/cups-filters-1.28.5/backend/ieee1284.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri + strlen(uri) - 1);
data/cups-filters-1.28.5/backend/ieee1284.c:165:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((length = read(devparportfd, device_id,
data/cups-filters-1.28.5/backend/ieee1284.c:346:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, make_model, sizeof(temp) - 1);
data/cups-filters-1.28.5/backend/ieee1284.c:358:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!_cups_strncasecmp(mdl, mfg, strlen(mfg)))
data/cups-filters-1.28.5/backend/ieee1284.c:360:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdl += strlen(mfg);
data/cups-filters-1.28.5/backend/ieee1284.c:433:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!mfg || !_cups_strncasecmp(mdl, mfg, strlen(mfg)))
data/cups-filters-1.28.5/backend/ieee1284.c:466:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(des) >= 8)
data/cups-filters-1.28.5/backend/ieee1284.c:495:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(make_model, "Unknown", make_model_size - 1);
data/cups-filters-1.28.5/backend/ieee1284.c:625:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, make_and_model + 1, bufsize - 1);
data/cups-filters-1.28.5/backend/ieee1284.c:699:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, make_and_model, bufsize - 1);
data/cups-filters-1.28.5/backend/ieee1284.c:726:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buffer + 2, buffer + 18, strlen(buffer + 18) + 1);
data/cups-filters-1.28.5/backend/ieee1284.c:736:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buffer + 2, buffer + 15, strlen(buffer + 15) + 1);
data/cups-filters-1.28.5/backend/ieee1284.c:744:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buffer + 8, buffer + 21, strlen(buffer + 21) + 1);
data/cups-filters-1.28.5/backend/ieee1284.c:767:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buffer + 4, buffer + 8, strlen(buffer + 8) + 1);
data/cups-filters-1.28.5/backend/ieee1284.c:774:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (bufptr = buffer + strlen(buffer) - 1;
data/cups-filters-1.28.5/backend/implicitclass.c:204:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ptr1, job_id, strlen(job_id)) != 0)
data/cups-filters-1.28.5/backend/implicitclass.c:206:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr1 += strlen(job_id);
data/cups-filters-1.28.5/backend/implicitclass.c:218:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/cups-filters-1.28.5/backend/implicitclass.c:227:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest_host,ptr1,sizeof(dest_host) - 1);
data/cups-filters-1.28.5/backend/implicitclass.c:283:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(printer_uri, ptr1, sizeof(printer_uri) - 1);
data/cups-filters-1.28.5/backend/implicitclass.c:284:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(document_format, ptr3, sizeof(document_format) - 1);
data/cups-filters-1.28.5/backend/implicitclass.c:285:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(resolution, ptr4, sizeof(resolution) - 1);
data/cups-filters-1.28.5/backend/implicitclass.c:311:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv_nt[0] = calloc(strlen(printer_uri) + 8, sizeof(char));
data/cups-filters-1.28.5/backend/implicitclass.c:317:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuflen = strlen(argv[5]) + 256;
data/cups-filters-1.28.5/backend/parallel.c:320:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((print_bytes = read(print_fd, print_buffer,
data/cups-filters-1.28.5/backend/parallel.c:682:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bc_bytes = read(device_fd, bc_buffer, sizeof(bc_buffer))) > 0)
data/cups-filters-1.28.5/backend/parallel.c:703:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((print_bytes = read(print_fd, print_buffer,
data/cups-filters-1.28.5/backend/parallel.c:850:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = strlen(data);
data/cups-filters-1.28.5/backend/serial.c:560:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bc_bytes = read(device_fd, bc_buffer, sizeof(bc_buffer))) > 0)
data/cups-filters-1.28.5/backend/serial.c:574:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((print_bytes = read(print_fd, print_buffer, print_size)) < 0)
data/cups-filters-1.28.5/backend/serial.c:639:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/cups-filters-1.28.5/backend/serial.c:742:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((print_bytes = read(print_fd, print_buffer,
data/cups-filters-1.28.5/cupsfilters/colormanager.c:332:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(full_path, attr->value, sizeof(full_path) - 1);
data/cups-filters-1.28.5/cupsfilters/colormanager.c:333:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attr->value) > 1023)
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:88:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp); /* Skip "BM" sync chars */
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:89:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:157:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:215:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
byte = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:241:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:262:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:265:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((count = getc(fp)) == 0)
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:267:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((count = getc(fp)) == 0)
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:290:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp) * getc(fp) * img->xsize;
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:290:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp) * getc(fp) * img->xsize;
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:304:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
color = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:316:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:361:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:364:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((count = getc(fp)) == 0)
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:366:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((count = getc(fp)) == 0)
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:389:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp) * getc(fp) * img->xsize;
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:389:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp) * getc(fp) * img->xsize;
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:403:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
color = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:411:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:430:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ptr[2] = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:431:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ptr[1] = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:432:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ptr[0] = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:440:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:496:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:497:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:512:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:513:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:514:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b2 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:515:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b3 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:530:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:531:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:532:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b2 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-bmp.c:533:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b3 = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-gif.c:114:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (getc(fp))
data/cups-filters-1.28.5/cupsfilters/image-gif.c:121:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[0] = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-gif.c:273:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((count = getc(fp)) == EOF)
data/cups-filters-1.28.5/cupsfilters/image-gif.c:466:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
code_size = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-photocd.c:67:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rotation = (getc(fp) & 63) != 8;
data/cups-filters-1.28.5/cupsfilters/image-pix.c:127:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:128:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:167:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:168:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:169:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:170:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:228:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-pix.c:229:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ((ch << 8) | getc(fp));
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:139:20: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*row = getc(sgip->file);
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:231:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sgip->comp = getc(sgip->file);
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:232:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sgip->bpp = getc(sgip->file);
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:629:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc(fp)) == EOF)
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:641:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*row = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sgilib.c:645:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:208:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
run_value = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:212:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
run_count = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:216:32: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
run_value = *p = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:398:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:399:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = (v << 8) | getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:400:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = (v << 8) | getc(fp);
data/cups-filters-1.28.5/cupsfilters/image-sun.c:401:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = (v << 8) | getc(fp);
data/cups-filters-1.28.5/cupsfilters/image.c:577:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
switch (sscanf(cache_env, "%d%254s", &max_size, cache_units))
data/cups-filters-1.28.5/cupsfilters/image.c:768:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(img->cachefile, ic->pixels,
data/cups-filters-1.28.5/cupsfilters/ipp.c:51:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i<strlen(a); i++)
data/cups-filters-1.28.5/cupsfilters/ipp.c:63:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsnprintf(log + strlen(log),
data/cups-filters-1.28.5/cupsfilters/ipp.c:64:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LOGSIZE - strlen(log) - 1,
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:99:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = p2 + strlen(option);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:112:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p2, p1, strlen(buf) - (p1 - buf) + 1);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:118:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = buf + strlen(buf);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:253:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optbuflen = strlen(argv[5]) + 256;
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:727:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(program, filter, sizeof(program) - 1);
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:728:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filter) > 1023)
data/cups-filters-1.28.5/cupsfilters/pdftoippprinter.c:895:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = p1 + strlen(option);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:189:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:229:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tempptr = temp + strlen(temp) - 1;
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:239:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
declen = (int)strlen(dec);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:271:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buf + strlen(buf);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:484:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lang, c1, i);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:494:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c2) < 10 || strncmp(c2, "cups_", 5) != 0 ||
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:496:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(c2 + strlen(c2) - 3, ".po"))
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:878:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(start) > 0) /* Option name found */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:884:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sep && strlen(sep) > 0) /* Choice name found */
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:929:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(start) == 0) continue;
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:934:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(human_readable) +
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:935:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(start) + 2));
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:936:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = human_readable + strlen(human_readable);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:938:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlcpy(ptr + 1, start, strlen(start) + 1);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:941:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(start) + 1));
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:942:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlcpy(human_readable, start, strlen(start) + 1);
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1459:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(temp2->media + strlen(temp2->media),
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1460:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(temp2->media) - strlen(temp2->media),
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1466:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(temp2->media + strlen(temp2->media),
data/cups-filters-1.28.5/cupsfilters/ppdgenerator.c:1467:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(temp2->media) - strlen(temp2->media),
data/cups-filters-1.28.5/cupsfilters/raster.c:50:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/cups-filters-1.28.5/cupsfilters/raster.c:172:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(h->MediaClass, "");
data/cups-filters-1.28.5/filter/banner.c:118:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = malloc(strlen(BANNERTOPDF_DATADIR) + strlen(name) + 2);
data/cups-filters-1.28.5/filter/banner.c:118:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = malloc(strlen(BANNERTOPDF_DATADIR) + strlen(name) + 2);
data/cups-filters-1.28.5/filter/banner.c:121:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = malloc(strlen(datadir) + strlen(name) + 7);
data/cups-filters-1.28.5/filter/banner.c:121:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = malloc(strlen(datadir) + strlen(name) + 7);
data/cups-filters-1.28.5/filter/bannertopdf.c:237:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strlen(key) || !strlen(val) ) {
data/cups-filters-1.28.5/filter/bannertopdf.c:237:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strlen(key) || !strlen(val) ) {
data/cups-filters-1.28.5/filter/bannertopdf.c:486:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/cups-filters-1.28.5/filter/commandtoescpx.c:117:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineptr = line + strlen(line) - 1;
data/cups-filters-1.28.5/filter/commandtopclx.c:104:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineptr = line + strlen(line) - 1;
data/cups-filters-1.28.5/filter/common.c:585:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 5 + strlen(name);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:762:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(job->copies, "1");
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:870:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(job->ppdfile, getenv("PPD"), sizeof(job->ppdfile) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:871:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(getenv("PPD")) > 2047)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:875:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cupsfilterpath, getenv("CUPS_SERVERBIN"),
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:877:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(getenv("CUPS_SERVERBIN")) > PATH_MAX-1)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:898:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(job->ppdfile, str, sizeof(job->ppdfile) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:899:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 2047)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:904:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(job->ppdfile, str, sizeof(job->ppdfile) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:905:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 2047)
data/cups-filters-1.28.5/filter/foomatic-rip/foomaticrip.c:999:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (spooler == SPOOLER_CUPS && job->printer && strlen(job->printer) > 0) {
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:565:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:624:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
n = sscanf(str, "%fx%f%2s", &width, &height, unit);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1113:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
matches = sscanf(str, "%31s %31s %c %lf", type, style, &opt->spot, &order);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1257:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l == 0) || (l > strlen(repl)))
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1258:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(repl);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1260:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pdest, repl, s);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1363:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cmd) + 50;
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1380:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
n = sscanf(str, "%d%15s%19s%19s",
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1586:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, "*%127s%*[ \t]%63[^ \t/=)]%*1[/=]%63[^\n]", key, name, text);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1591:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value->len = strlen(value->data);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1714:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(value->data, "%19s %19s", param->min, param->max);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1720:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(value->data, "%19s", param->max);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1737:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(value->data, "%lf %63s *%63s", &order, text, name);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1914:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cmd_pdf, cmd, 4096);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:1915:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) > 4095)
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:2027:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc(strlen(opt->name) + strlen(userval) + 20);
data/cups-filters-1.28.5/filter/foomatic-rip/options.c:2027:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc(strlen(opt->name) + strlen(userval) + 20);
data/cups-filters-1.28.5/filter/foomatic-rip/postscript.c:162:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(s->file)) != EOF) {
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:148:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(stream)) != EOF) {
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:215:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = j1 + strlen(j1);
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:223:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = j2 + strlen(j2);
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:305:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header, original_opts[0], p - original_opts[0]);
data/cups-filters-1.28.5/filter/foomatic-rip/renderer.c:371:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(jclstr, jclprepend[0], pos);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:54:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, getenv("CUPS_FONTPATH"), PATH_MAX - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:56:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, getenv("CUPS_DATADIR"), PATH_MAX - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:57:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(path, "/fonts", PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:57:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, "/fonts", PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:60:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(path, ":", PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:60:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, ":", PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:61:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path, getenv("GS_LIB"), PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:61:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, getenv("GS_LIB"), PATH_MAX - strlen(path) - 1);
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:72:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cups_options_len = strlen(arglist_get(arglist, 4));
data/cups-filters-1.28.5/filter/foomatic-rip/spooler.c:100:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(job->printer, pname, 256);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:67:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(str, prefix, strlen(prefix));
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:72:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncasecmp(str, prefix, strlen(prefix));
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:77:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str ? (strncmp(str, prefix, strlen(prefix)) == 0) : 0;
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:82:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(str);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:83:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(postfix);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:202:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(src) + len;
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:447:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, string, len);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:546:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*end = tok + strlen(tok) - copy;
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:608:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:630:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ds->data, src, n);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:646:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&ds->data[ds->len], src, n);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:686:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srclen = strlen(src);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:736:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(stream)) != EOF) {
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:767:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstrcatf(ds, "%s", p + strlen(find));
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:786:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:801:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ds->data, copy, idx);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:862:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/cups-filters-1.28.5/filter/foomatic-rip/util.c:1078:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = &((char*)i->data)[strlen(name)];
data/cups-filters-1.28.5/filter/getline.c:69:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
register int c = getc (stream);
data/cups-filters-1.28.5/filter/gstoraster.c:557:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(full_path, attr->value, sizeof(full_path));
data/cups-filters-1.28.5/filter/gstoraster.c:672:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(0,buf,BUFSIZ)) > 0) {
data/cups-filters-1.28.5/filter/imagetopdf.c:31:52: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Installed libs and specified source Version mismatch \
data/cups-filters-1.28.5/filter/imagetopdf.c:37:52: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Installed libs and specified source Version mismatch \
data/cups-filters-1.28.5/filter/imagetopdf.c:157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(attr->value);
data/cups-filters-1.28.5/filter/imagetopdf.c:268:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned long len = strlen(str);
data/cups-filters-1.28.5/filter/imagetopdf.c:748:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, argv[6], sizeof(filename) - 1);
data/cups-filters-1.28.5/filter/imagetopdf.c:1573:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t size = strlen(attr->value) + 1 + 30;
data/cups-filters-1.28.5/filter/imagetoraster.c:249:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, argv[6], sizeof(filename) - 1);
data/cups-filters-1.28.5/filter/mupdftoraster.c:292:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(0,buf,BUFSIZ)) > 0) {
data/cups-filters-1.28.5/filter/mupdftoraster.c:317:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(infilename, argv[6], sizeof(infilename) - 1);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:709:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(final_content_type))) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:721:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(final_content_type))) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:732:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *q = p + strlen(p) - 1;
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:756:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strcasecmp(lastfilter + strlen(lastfilter) - 8,
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf.cc:887:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n=read(0,buf,BUFSIZ)) > 0) {
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.cc:23:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int n=strlen(attr->value);
data/cups-filters-1.28.5/filter/pdftopdf/pdftopdf_jcl.cc:149:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t size=strlen(attr->value)+1+30;
data/cups-filters-1.28.5/filter/pdftops.c:143:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(deviceCopies, p, sizeof(deviceCopies));
data/cups-filters-1.28.5/filter/pdftops.c:145:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = deviceCopies + strlen(deviceCopies) - 1;
data/cups-filters-1.28.5/filter/pdftops.c:186:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!option_start[strlen(*option)] ||
data/cups-filters-1.28.5/filter/pdftops.c:187:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
isspace(option_start[strlen(*option)] & 255) ||
data/cups-filters-1.28.5/filter/pdftops.c:188:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
option_start[strlen(*option)] == '=')
data/cups-filters-1.28.5/filter/pdftops.c:194:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
option_end = option_start + strlen(*option);
data/cups-filters-1.28.5/filter/pdftops.c:220:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(option_start, option_end, strlen(option_end) + 1);
data/cups-filters-1.28.5/filter/pdftops.c:451:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(make_model, val, sizeof(make_model) - 1);
data/cups-filters-1.28.5/filter/pdftops.c:452:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > 127)
data/cups-filters-1.28.5/filter/pdftops.c:461:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
make_model[strlen(make_model) - 1] = '\0';
data/cups-filters-1.28.5/filter/pdftops.c:561:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstops_options = realloc(pstops_options, strlen(pstops_options) + 9);
data/cups-filters-1.28.5/filter/pdftops.c:566:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstops_end = pstops_options + strlen(pstops_options);
data/cups-filters-1.28.5/filter/pdftops.c:817:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(resolution, choice->choice, sizeof(resolution));
data/cups-filters-1.28.5/filter/pdftops.c:819:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(resolution, attr->value, sizeof(resolution));
data/cups-filters-1.28.5/filter/pdftoraster.cxx:470:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pageSizeRequested, header.cupsPageSizeName, 64);
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1737:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header.cupsPageSizeName, size->name, 64);
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1784:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header.cupsPageSizeName, size->name, 64);
data/cups-filters-1.28.5/filter/pdftoraster.cxx:1996:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(0,buf,BUFSIZ)) > 0) {
data/cups-filters-1.28.5/filter/pdfutils.c:37:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(str);
data/cups-filters-1.28.5/filter/pdfutils.c:68:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(str);
data/cups-filters-1.28.5/filter/strcasestr.c:52:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:212:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optbuflen = strlen(argv[5]) + 256;
data/cups-filters-1.28.5/filter/sys5ippprinter.c:664:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(program, filter, sizeof(program) - 1);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:665:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filter) > 1023)
data/cups-filters-1.28.5/filter/sys5ippprinter.c:849:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = p1 + strlen(option);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:891:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = p2 + strlen(option);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:896:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p2, p1, strlen(buf) - (buf - p1) + 1);
data/cups-filters-1.28.5/filter/sys5ippprinter.c:902:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = buf + strlen(buf);
data/cups-filters-1.28.5/filter/test_pdf1.c:34:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
,cobj,strlen(buf),buf);
data/cups-filters-1.28.5/filter/textcommon.c:801:27: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nextch = getc(fp)) != 0x0a)
data/cups-filters-1.28.5/filter/textcommon.c:1246:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc(fp)) == EOF)
data/cups-filters-1.28.5/filter/textcommon.c:1257:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((next = getc(fp)) == EOF)
data/cups-filters-1.28.5/filter/textcommon.c:1268:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((next = getc(fp)) == EOF)
data/cups-filters-1.28.5/filter/textcommon.c:1273:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((next = getc(fp)) == EOF)
data/cups-filters-1.28.5/filter/texttopdf.c:423:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0'; /* Drop \n */
data/cups-filters-1.28.5/filter/texttopdf.c:970:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out=ret=malloc((strlen(buf)+1)*sizeof(lchar_t));
data/cups-filters-1.28.5/filter/texttotext.c:607:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read (fd, inbuf + insize, sizeof (inbuf) - insize);
data/cups-filters-1.28.5/filter/urftopdf.cpp:303:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &line_repeat_byte, 1) < 1)
data/cups-filters-1.28.5/filter/urftopdf.cpp:318:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &packbit_code, 1) < 1)
data/cups-filters-1.28.5/filter/urftopdf.cpp:338:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &pixel_container[0], pixel_size) < pixel_size)
data/cups-filters-1.28.5/filter/urftopdf.cpp:375:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &pixel_container[0], pixel_size) < pixel_size)
data/cups-filters-1.28.5/filter/urftopdf.cpp:439:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &head_orig, sizeof(head)) == -1) die("Unable to read file header");
data/cups-filters-1.28.5/filter/urftopdf.cpp:456:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(fd, &page_header_orig, sizeof(page_header_orig)) == -1) die("Unable to read page header");
data/cups-filters-1.28.5/fontembed/dynstring.c:66:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int need,len=strlen(fmt)+100;
data/cups-filters-1.28.5/fontembed/embed.c:186:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*output)(fontname,strlen(fontname),context);
data/cups-filters-1.28.5/fontembed/embed_pdf.c:43:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(name);
data/cups-filters-1.28.5/fontembed/embed_pdf.c:102:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(subset_tag)==6);
data/cups-filters-1.28.5/fontembed/embed_pdf.c:105:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(fontname)+1;
data/cups-filters-1.28.5/fontembed/embed_pdf.c:110:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(cid_registry)+1;
data/cups-filters-1.28.5/fontembed/embed_pdf.c:111:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(cid_ordering)+1;
data/cups-filters-1.28.5/fontembed/embed_pdf.c:126:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(fontname)+1;
data/cups-filters-1.28.5/fontembed/embed_pdf.c:139:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(cid_registry)+1;
data/cups-filters-1.28.5/fontembed/embed_pdf.c:143:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(cid_registry)+1;
data/cups-filters-1.28.5/fontembed/sfnt.c:297:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(end,file,tmp-file);
data/cups-filters-1.28.5/utils/cups-browsed.c:747:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(isspace(buf[strlen(buf)-1])) buf[strlen(buf)-1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:747:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(isspace(buf[strlen(buf)-1])) buf[strlen(buf)-1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:784:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(isspace(buf[strlen(buf)-1])) buf[strlen(buf)-1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:784:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(isspace(buf[strlen(buf)-1])) buf[strlen(buf)-1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:1090:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/cups-filters-1.28.5/utils/cups-browsed.c:1418:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values[i]=malloc(sizeof(char)*strlen(q)+1);
data/cups-filters-1.28.5/utils/cups-browsed.c:1419:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(values[i], q, sizeof(values[i]) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:1490:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values[i] = malloc(sizeof(char) * strlen(q) + 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:1491:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(values[i], q, sizeof(values[i]) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:1561:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values[i] = malloc(sizeof(char) * strlen(q) + 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:1562:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(values[i], q, sizeof(values[i]) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:1936:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(media_type) > 1) {
data/cups-filters-1.28.5/utils/cups-browsed.c:1945:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(media_source) > 1) {
data/cups-filters-1.28.5/utils/cups-browsed.c:2606:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_len = strlen(t);
data/cups-filters-1.28.5/utils/cups-browsed.c:2608:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
option1_len = strlen(option1);
data/cups-filters-1.28.5/utils/cups-browsed.c:2610:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
option2_len = strlen(option2);
data/cups-filters-1.28.5/utils/cups-browsed.c:3047:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(media_type) > 1) {
data/cups-filters-1.28.5/utils/cups-browsed.c:3068:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(media_source) > 1) {
data/cups-filters-1.28.5/utils/cups-browsed.c:3259:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resource = uri + (strlen(uri) - strlen(printer) - 10);
data/cups-filters-1.28.5/utils/cups-browsed.c:3259:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resource = uri + (strlen(uri) - strlen(printer) - 10);
data/cups-filters-1.28.5/utils/cups-browsed.c:3568:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < 1)
data/cups-filters-1.28.5/utils/cups-browsed.c:3577:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, j = 0; i < strlen(str); i++, j++) {
data/cups-filters-1.28.5/utils/cups-browsed.c:3604:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(str) > 0 && str[strlen(str)-1] == sep)
data/cups-filters-1.28.5/utils/cups-browsed.c:3604:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(str) > 0 && str[strlen(str)-1] == sep)
data/cups-filters-1.28.5/utils/cups-browsed.c:3605:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str)-1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:3613:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return memmove(str, str + i, strlen(str) - i + 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:4266:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bval.bv_len = (BrowseLDAPPassword == NULL) ? 0 : strlen(BrowseLDAPPassword);
data/cups-filters-1.28.5/utils/cups-browsed.c:4535:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bval.bv_len = (BrowseLDAPPassword == NULL) ? 0 : strlen(BrowseLDAPPassword);
data/cups-filters-1.28.5/utils/cups-browsed.c:4761:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (local_resource, resource + 1, sizeof (local_resource) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:4770:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(info) > 0 ? info : strchr(local_resource, '/') + 1), host);
data/cups-filters-1.28.5/utils/cups-browsed.c:4772:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hl = strlen(service_name);
data/cups-filters-1.28.5/utils/cups-browsed.c:4910:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(retval, bval[0]->bv_val, size);
data/cups-filters-1.28.5/utils/cups-browsed.c:4929:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(retval, *value, maxsize);
data/cups-filters-1.28.5/utils/cups-browsed.c:5430:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (printer == NULL || strlen(printer) == 0)
data/cups-filters-1.28.5/utils/cups-browsed.c:5464:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 0)
data/cups-filters-1.28.5/utils/cups-browsed.c:5560:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (printer == NULL || strlen(printer) == 0)
data/cups-filters-1.28.5/utils/cups-browsed.c:5605:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ppd_opt->keyword, sizeof(buf));
data/cups-filters-1.28.5/utils/cups-browsed.c:5616:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resource = uri + (strlen(uri) - strlen(printer) - 10);
data/cups-filters-1.28.5/utils/cups-browsed.c:5616:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resource = uri + (strlen(uri) - strlen(printer) - 10);
data/cups-filters-1.28.5/utils/cups-browsed.c:5632:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcasecmp(key + strlen(key) - strlen(*ptr) + 1, *ptr + 1) == 0))
data/cups-filters-1.28.5/utils/cups-browsed.c:5632:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcasecmp(key + strlen(key) - strlen(*ptr) + 1, *ptr + 1) == 0))
data/cups-filters-1.28.5/utils/cups-browsed.c:5637:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(key + strlen(key) - 8, "-default", 8))) {
data/cups-filters-1.28.5/utils/cups-browsed.c:5643:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(c, c + 1, strlen(c));
data/cups-filters-1.28.5/utils/cups-browsed.c:5694:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (printer == NULL || strlen(printer) == 0 || options == NULL)
data/cups-filters-1.28.5/utils/cups-browsed.c:5715:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(opt) > 1 && (val = strchr(opt, '=')) != NULL) {
data/cups-filters-1.28.5/utils/cups-browsed.c:5718:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val[strlen(val)-1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:5888:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((backup_queue_name = malloc((strlen(queue_name) +
data/cups-filters-1.28.5/utils/cups-browsed.c:5889:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(remote_host) + 2) *
data/cups-filters-1.28.5/utils/cups-browsed.c:5937:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((str = strrchr(resource, '/')) != NULL && strlen(str) > 1) {
data/cups-filters-1.28.5/utils/cups-browsed.c:6079:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, ptr - text);
data/cups-filters-1.28.5/utils/cups-browsed.c:6116:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, ptr - text);
data/cups-filters-1.28.5/utils/cups-browsed.c:6368:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(destination_uri, p->uri, sizeof(destination_uri) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:6390:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(destination_uri, p->uri,
data/cups-filters-1.28.5/utils/cups-browsed.c:6772:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(device) < 16 ||
data/cups-filters-1.28.5/utils/cups-browsed.c:7320:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(valuebuffer, ippGetString(attr, i, NULL),
data/cups-filters-1.28.5/utils/cups-browsed.c:7322:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ippGetString(attr, i, NULL)) > 65535)
data/cups-filters-1.28.5/utils/cups-browsed.c:7354:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(valuebuffer, ippGetString(attr, i, NULL),
data/cups-filters-1.28.5/utils/cups-browsed.c:7356:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ippGetString(attr, i, NULL)) > 65535)
data/cups-filters-1.28.5/utils/cups-browsed.c:7387:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(valuebuffer, ippGetString(attr, i, NULL),
data/cups-filters-1.28.5/utils/cups-browsed.c:7389:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ippGetString(attr, i, NULL)) > 65535)
data/cups-filters-1.28.5/utils/cups-browsed.c:7423:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(valuebuffer, ippGetString(attr, i, NULL),
data/cups-filters-1.28.5/utils/cups-browsed.c:7425:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ippGetString(attr, i, NULL)) > 65535)
data/cups-filters-1.28.5/utils/cups-browsed.c:8162:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(make_model, ippGetString(attr, 0, NULL),
data/cups-filters-1.28.5/utils/cups-browsed.c:8404:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = write(fd, buffer, strlen(buffer));
data/cups-filters-1.28.5/utils/cups-browsed.c:8405:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes != strlen(buffer)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:8504:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(make_model, ippGetString(attr, 0, NULL),
data/cups-filters-1.28.5/utils/cups-browsed.c:8584:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(device_uri) > HTTP_MAX_URI-1)
data/cups-filters-1.28.5/utils/cups-browsed.c:8638:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyword, line + 8, sizeof(keyword) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:8639:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(line) + 8) > 1023)
data/cups-filters-1.28.5/utils/cups-browsed.c:9169:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9198:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + strlen(ifa->ifa_name) + 1 <=
data/cups-filters-1.28.5/utils/cups-browsed.c:9198:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + strlen(ifa->ifa_name) + 1 <=
data/cups-filters-1.28.5/utils/cups-browsed.c:9200:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9202:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9225:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (addr_found == 1 && strlen(list) + 3 <=
data/cups-filters-1.28.5/utils/cups-browsed.c:9227:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9229:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9231:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (addr_found == 0 && strlen(list) + 3 <=
data/cups-filters-1.28.5/utils/cups-browsed.c:9233:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9235:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9238:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + strlen(buf) + 1 <=
data/cups-filters-1.28.5/utils/cups-browsed.c:9238:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + strlen(buf) + 1 <=
data/cups-filters-1.28.5/utils/cups-browsed.c:9240:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9242:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9318:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (addr_found == 1 && strlen(list) + 3 <= sizeof(list)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9319:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9321:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9323:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (addr_found == 0 && strlen(list) + 3 <= sizeof(list)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9324:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9326:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9329:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + strlen(iface->address) + 2 <= sizeof(list)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9329:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + strlen(iface->address) + 2 <= sizeof(list)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9330:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9332:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9342:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (addr_found == 1 && strlen(list) + 2 <= sizeof(list)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9343:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9345:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9347:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + 3 <= sizeof(list)) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9348:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(l, sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9350:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = list + strlen(list);
data/cups-filters-1.28.5/utils/cups-browsed.c:9356:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + 2 <= sizeof(list))
data/cups-filters-1.28.5/utils/cups-browsed.c:9359:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(list) + 5 <= sizeof(list))
data/cups-filters-1.28.5/utils/cups-browsed.c:9360:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(list + strlen(list), sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9360:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(list + strlen(list), sizeof(list) - strlen(list) - 1,
data/cups-filters-1.28.5/utils/cups-browsed.c:9381:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(host_name, host, strlen(host)) == 0 &&
data/cups-filters-1.28.5/utils/cups-browsed.c:9382:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(host_name) == strlen(host) ||
data/cups-filters-1.28.5/utils/cups-browsed.c:9382:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(host_name) == strlen(host) ||
data/cups-filters-1.28.5/utils/cups-browsed.c:9383:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(host_name) > strlen(host) &&
data/cups-filters-1.28.5/utils/cups-browsed.c:9383:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(host_name) > strlen(host) &&
data/cups-filters-1.28.5/utils/cups-browsed.c:9384:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strcasecmp(host_name + strlen(host), ".local") == 0 ||
data/cups-filters-1.28.5/utils/cups-browsed.c:9385:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcasecmp(host_name + strlen(host), ".local.") == 0))))
data/cups-filters-1.28.5/utils/cups-browsed.c:9458:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key && value && !strcasecmp(key, *f) && strlen(value) >= 3) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9461:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
make_model[strlen(make_model) - 1] = '\0';
data/cups-filters-1.28.5/utils/cups-browsed.c:9477:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key && value && strlen(value) > 1 &&
data/cups-filters-1.28.5/utils/cups-browsed.c:9512:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen(value) - 1] != ')') {
data/cups-filters-1.28.5/utils/cups-browsed.c:9535:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key && value && !strcasecmp(key, "pdl") && strlen(value) >= 3) {
data/cups-filters-1.28.5/utils/cups-browsed.c:9640:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(p->uri) - strlen(resource) > 0 &&
data/cups-filters-1.28.5/utils/cups-browsed.c:9640:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(p->uri) - strlen(resource) > 0 &&
data/cups-filters-1.28.5/utils/cups-browsed.c:9641:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strcasecmp(p->uri + strlen(p->uri) - strlen(resource),
data/cups-filters-1.28.5/utils/cups-browsed.c:9641:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strcasecmp(p->uri + strlen(p->uri) - strlen(resource),
data/cups-filters-1.28.5/utils/cups-browsed.c:10008:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ifname, "Unknown", sizeof(ifname) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:10093:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host_name && (adminurl_value = malloc(strlen(host_name) + 8)) != NULL)
data/cups-filters-1.28.5/utils/cups-browsed.c:10121:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(instance, name, sizeof(instance) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:10153:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(addrstr, "[v1.", sizeof(addrstr) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:10155:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrlen = strlen(addrstr + 4);
data/cups-filters-1.28.5/utils/cups-browsed.c:10292:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ifname, "Unknown", sizeof(ifname) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:10327:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ifname, "Unknown", sizeof(ifname) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:10626:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (local_resource, resource + 1, sizeof (local_resource) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:10637:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hl = strlen(service_name);
data/cups-filters-1.28.5/utils/cups-browsed.c:10719:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf (packet, "%x%x%1023s", &type, &state, uri) < 3) {
data/cups-filters-1.28.5/utils/cups-browsed.c:10838:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (packet), 0,
data/cups-filters-1.28.5/utils/cups-browsed.c:11273:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filterLen = strlen(LDAP_BROWSE_FILTER);
data/cups-filters-1.28.5/utils/cups-browsed.c:11466:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, value, sizeof(line) - 1) &&
data/cups-filters-1.28.5/utils/cups-browsed.c:11467:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(value) > HTTP_MAX_BUFFER-1) ?
data/cups-filters-1.28.5/utils/cups-browsed.c:11504:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cachedir, value, sizeof(cachedir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:11507:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logdir, value, sizeof(logdir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:11887:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(start) <= 0)
data/cups-filters-1.28.5/utils/cups-browsed.c:11924:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(start) > 0)
data/cups-filters-1.28.5/utils/cups-browsed.c:11958:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DefaultOptions == NULL && strlen(value) > 0)
data/cups-filters-1.28.5/utils/cups-browsed.c:12186:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) == 0) {
data/cups-filters-1.28.5/utils/cups-browsed.c:12205:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) == 0) {
data/cups-filters-1.28.5/utils/cups-browsed.c:12318:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cachedir, DEFAULT_CACHEDIR, sizeof(cachedir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12320:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logdir, DEFAULT_LOGDIR, sizeof(logdir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12321:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(local_default_printer_file, cachedir,
data/cups-filters-1.28.5/utils/cups-browsed.c:12323:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(local_default_printer_file + strlen(cachedir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12323:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(local_default_printer_file + strlen(cachedir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12325:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(local_default_printer_file) - strlen(cachedir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12326:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remote_default_printer_file, cachedir,
data/cups-filters-1.28.5/utils/cups-browsed.c:12328:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remote_default_printer_file + strlen(cachedir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12328:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(remote_default_printer_file + strlen(cachedir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12330:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(remote_default_printer_file) - strlen(cachedir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12331:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(save_options_file, cachedir,
data/cups-filters-1.28.5/utils/cups-browsed.c:12333:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(save_options_file + strlen(cachedir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12333:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(save_options_file + strlen(cachedir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12335:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(save_options_file) - strlen(cachedir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12336:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(debug_log_file, logdir,
data/cups-filters-1.28.5/utils/cups-browsed.c:12338:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(debug_log_file + strlen(logdir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12338:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(debug_log_file + strlen(logdir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12340:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(debug_log_file) - strlen(logdir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12342:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(debug_log_file_bckp, logdir,
data/cups-filters-1.28.5/utils/cups-browsed.c:12344:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(debug_log_file_bckp + strlen(logdir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12344:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(debug_log_file_bckp + strlen(logdir),
data/cups-filters-1.28.5/utils/cups-browsed.c:12346:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(debug_log_file_bckp) - strlen(logdir) - 1);
data/cups-filters-1.28.5/utils/cups-browsed.c:12371:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(local_server_str, getenv("CUPS_SERVER"),
data/cups-filters-1.28.5/utils/cups-browsed.c:12387:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(local_server_str, DomainSocket,
data/cups-filters-1.28.5/utils/driverless.c:57:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( int i = 0; i<strlen(a); i++)
data/cups-filters-1.28.5/utils/driverless.c:219:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(model, "Unknown", sizeof(model) - 1);
data/cups-filters-1.28.5/utils/driverless.c:222:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(make, txt_usb_mfg, sizeof(make) - 1);
data/cups-filters-1.28.5/utils/driverless.c:223:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt_usb_mfg) > 511)
data/cups-filters-1.28.5/utils/driverless.c:225:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = device_id + strlen(device_id);
data/cups-filters-1.28.5/utils/driverless.c:230:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, txt_usb_mdl, sizeof(model) - 1);
data/cups-filters-1.28.5/utils/driverless.c:231:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt_usb_mdl) > 255)
data/cups-filters-1.28.5/utils/driverless.c:233:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = device_id + strlen(device_id);
data/cups-filters-1.28.5/utils/driverless.c:239:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = txt_product + strlen(txt_product) - 1) > txt_product &&
data/cups-filters-1.28.5/utils/driverless.c:242:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, txt_product + 1, sizeof(model) - 1);
data/cups-filters-1.28.5/utils/driverless.c:243:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(txt_product) + 1) > 255)
data/cups-filters-1.28.5/utils/driverless.c:246:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, txt_product, sizeof(model) - 1);
data/cups-filters-1.28.5/utils/driverless.c:248:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(model, txt_ty, sizeof(model) - 1);
data/cups-filters-1.28.5/utils/driverless.c:249:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt_ty) > 255)
data/cups-filters-1.28.5/utils/driverless.c:255:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pdl, txt_pdl, sizeof(pdl) - 1);
data/cups-filters-1.28.5/utils/driverless.c:256:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt_pdl) > 255)
data/cups-filters-1.28.5/utils/driverless.c:302:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *valptr = value + strlen(value);
data/cups-filters-1.28.5/utils/driverless.c:314:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = device_id + strlen(device_id);
data/cups-filters-1.28.5/utils/driverless.c:320:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncasecmp(model, make, strlen(make)) ||
data/cups-filters-1.28.5/utils/driverless.c:321:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!isspace(model[strlen(make)])))
data/cups-filters-1.28.5/utils/driverless.c:325:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(make_and_model, model, sizeof(make_and_model) - 1);
data/cups-filters-1.28.5/utils/driverless.c:672:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ppdgenerator_msg) > 0)
data/cups-filters-1.28.5/utils/driverless.c:690:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-filters-1.28.5/utils/driverless.c:781:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) == 0) {
ANALYSIS SUMMARY:
Hits = 1486
Lines analyzed = 84129 in approximately 2.36 seconds (35666 lines/second)
Physical Source Lines of Code (SLOC) = 61178
Hits@level = [0] 1562 [1] 465 [2] 777 [3] 92 [4] 146 [5] 6
Hits@level+ = [0+] 3048 [1+] 1486 [2+] 1021 [3+] 244 [4+] 152 [5+] 6
Hits/KSLOC@level+ = [0+] 49.8218 [1+] 24.2898 [2+] 16.689 [3+] 3.98836 [4+] 2.48455 [5+] 0.0980745
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.