Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/edbrowse-3.7.6/src/auth.c
Examining data/edbrowse-3.7.6/src/buffers.c
Examining data/edbrowse-3.7.6/src/cache.c
Examining data/edbrowse-3.7.6/src/cookies.c
Examining data/edbrowse-3.7.6/src/css.c
Examining data/edbrowse-3.7.6/src/dbapi.h
Examining data/edbrowse-3.7.6/src/dbinfx.ec
Examining data/edbrowse-3.7.6/src/dbodbc.c
Examining data/edbrowse-3.7.6/src/dbops.c
Examining data/edbrowse-3.7.6/src/dbstubs.c
Examining data/edbrowse-3.7.6/src/decorate.c
Examining data/edbrowse-3.7.6/src/ebjs.c
Examining data/edbrowse-3.7.6/src/ebprot.h
Examining data/edbrowse-3.7.6/src/fetchmail.c
Examining data/edbrowse-3.7.6/src/format.c
Examining data/edbrowse-3.7.6/src/html-tidy.c
Examining data/edbrowse-3.7.6/src/html.c
Examining data/edbrowse-3.7.6/src/http.c
Examining data/edbrowse-3.7.6/src/js_hello_duk.c
Examining data/edbrowse-3.7.6/src/jseng-duk.c
Examining data/edbrowse-3.7.6/src/messages.c
Examining data/edbrowse-3.7.6/src/messages.h
Examining data/edbrowse-3.7.6/src/plugin.c
Examining data/edbrowse-3.7.6/src/sendmail.c
Examining data/edbrowse-3.7.6/src/stringfile.c
Examining data/edbrowse-3.7.6/src/url.c
Examining data/edbrowse-3.7.6/src/main.c
Examining data/edbrowse-3.7.6/src/eb.h
Examining data/edbrowse-3.7.6/tools/mkproto.c
Examining data/edbrowse-3.7.6/win32/dirent.c
Examining data/edbrowse-3.7.6/win32/dirent.h
Examining data/edbrowse-3.7.6/win32/vsprtf.c
Examining data/edbrowse-3.7.6/win32/vsprtf.h
FINAL RESULTS:
data/edbrowse-3.7.6/src/main.c:521:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(ebTempDir, MODE_rwx);
data/edbrowse-3.7.6/src/main.c:534:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(ebUserDir, 0700);
data/edbrowse-3.7.6/src/stringfile.c:1169:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
l = readlink(path, newpath, sizeof(newpath));
data/edbrowse-3.7.6/src/auth.c:57:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(creds, found->user_password);
data/edbrowse-3.7.6/src/auth.c:84:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(creds, found->user_password);
data/edbrowse-3.7.6/src/buffers.c:495:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((newloc_r ?
data/edbrowse-3.7.6/src/buffers.c:505:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%sb %s\n",
data/edbrowse-3.7.6/src/buffers.c:545:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_rl + len, line);
data/edbrowse-3.7.6/src/buffers.c:690:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globalSubs.lhs, cw->lhs);
data/edbrowse-3.7.6/src/buffers.c:692:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(globalSubs.rhs, cw->rhs);
data/edbrowse-3.7.6/src/buffers.c:702:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nw->lhs, globalSubs.lhs);
data/edbrowse-3.7.6/src/buffers.c:704:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nw->rhs, globalSubs.rhs);
data/edbrowse-3.7.6/src/buffers.c:1229:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s", cw->baseDirName, f);
data/edbrowse-3.7.6/src/buffers.c:1389:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bin, "%s/%s", recycleBin, file);
data/edbrowse-3.7.6/src/buffers.c:1703:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)t, v);
data/edbrowse-3.7.6/src/buffers.c:1967:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (cf->mt && cf->mt->outtype && pluginsOn && !access(filename, 4)
data/edbrowse-3.7.6/src/buffers.c:2410:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q + len, suf);
data/edbrowse-3.7.6/src/buffers.c:2413:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(q, extra);
data/edbrowse-3.7.6/src/buffers.c:2421:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q + len, suf);
data/edbrowse-3.7.6/src/buffers.c:2475:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q + len, suf);
data/edbrowse-3.7.6/src/buffers.c:2478:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(q, extra);
data/edbrowse-3.7.6/src/buffers.c:2486:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q + len, suf);
data/edbrowse-3.7.6/src/buffers.c:2548:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, cf->fileName);
data/edbrowse-3.7.6/src/buffers.c:2576:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, (char *)p);
data/edbrowse-3.7.6/src/buffers.c:2705:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(re, cw->lhs);
data/edbrowse-3.7.6/src/buffers.c:2721:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(re, cw->rhs);
data/edbrowse-3.7.6/src/buffers.c:2879:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cw->lhs, re);
data/edbrowse-3.7.6/src/buffers.c:2882:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cw->rhs, re);
data/edbrowse-3.7.6/src/buffers.c:3576:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lhs, re);
data/edbrowse-3.7.6/src/buffers.c:3583:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rhs, re);
data/edbrowse-3.7.6/src/buffers.c:3743:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, t);
data/edbrowse-3.7.6/src/buffers.c:4057:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lsformat, lsmode);
data/edbrowse-3.7.6/src/buffers.c:4180:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(allocatedLine, "%c %s", cmd, cf->fileName);
data/edbrowse-3.7.6/src/buffers.c:4349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(allocatedLine, "%c `%s", cmd, t);
data/edbrowse-3.7.6/src/buffers.c:5184:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s'>\n",
data/edbrowse-3.7.6/src/buffers.c:6124:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newline, "/%s%c +/%c\\n%s%s",
data/edbrowse-3.7.6/src/buffers.c:6282:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(q, "to:%s\nSubject:%s\n%s", addr,
data/edbrowse-3.7.6/src/buffers.c:6301:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(w, "http://%s", line);
data/edbrowse-3.7.6/src/buffers.c:6533:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newline, cf->fileName);
data/edbrowse-3.7.6/src/cache.c:65:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheDir, "%s/cache", ebUserDir);
data/edbrowse-3.7.6/src/cache.c:79:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheDir, "%s/.ebcache", home);
data/edbrowse-3.7.6/src/cache.c:95:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheControl, "%s/control%02d", cacheDir, CACHECONTROLVERSION);
data/edbrowse-3.7.6/src/cache.c:103:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheLock, "%s/lock", cacheDir);
data/edbrowse-3.7.6/src/cache.c:307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheFile, "%s/%05d", cacheDir, e->filenumber);
data/edbrowse-3.7.6/src/cache.c:380:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheFile, "%s/%05d", cacheDir, e->filenumber);
data/edbrowse-3.7.6/src/cache.c:386:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(a, "`cfn~%s", cacheFile);
data/edbrowse-3.7.6/src/cache.c:475:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheFile, "%s/%05d", cacheDir, filenum);
data/edbrowse-3.7.6/src/cache.c:534:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cacheFile, "%s/%05d", cacheDir,
data/edbrowse-3.7.6/src/cookies.c:157:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cookLine, "%s\t%s\t%s\t%s\t%u\t%s\t%s\n",
data/edbrowse-3.7.6/src/css.c:499:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w, r);
data/edbrowse-3.7.6/src/css.c:821:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t,
data/edbrowse-3.7.6/src/css.c:1511:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(w, "%s%s]", propname, t + 1);
data/edbrowse-3.7.6/src/css.c:1863:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sibs[i].tag, u->info->name);
data/edbrowse-3.7.6/src/css.c:1950:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mytype, sibs[i].tag);
data/edbrowse-3.7.6/src/css.c:1980:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sibs[i].tag, u->info->name);
data/edbrowse-3.7.6/src/css.c:2901:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s{c:g}", selstring);
data/edbrowse-3.7.6/src/css.c:3180:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(a, "%s$$scy", r->atname);
data/edbrowse-3.7.6/src/css.c:3271:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "*{%s}", rulestring);
data/edbrowse-3.7.6/src/dbinfx.ec:773:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blobcmd, "update %s set %s = ? where rowid = %d",
data/edbrowse-3.7.6/src/dbinfx.ec:979:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, rv_data[i].ptr);
data/edbrowse-3.7.6/src/dbinfx.ec:994:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, dateString(l, DTDELIMIT));
data/edbrowse-3.7.6/src/dbinfx.ec:996:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, timeString(l, DTDELIMIT));
data/edbrowse-3.7.6/src/dbinfx.ec:1261:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, stmt);
data/edbrowse-3.7.6/src/dbodbc.c:420:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(constring, "DSN=%s", db);
data/edbrowse-3.7.6/src/dbodbc.c:423:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, ";UID=%s", login);
data/edbrowse-3.7.6/src/dbodbc.c:427:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, ";PWD=%s", pw);
data/edbrowse-3.7.6/src/dbodbc.c:714:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blobcmd, "update %s set %s = %s where rowid = %d",
data/edbrowse-3.7.6/src/dbodbc.c:1429:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, stmt);
data/edbrowse-3.7.6/src/dbodbc.c:1827:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tabline, "%s.%s|%s\n", tabowner, tabname, tabtype);
data/edbrowse-3.7.6/src/dbops.c:232:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, timeString(n, flags));
data/edbrowse-3.7.6/src/dbops.c:244:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, dateString(n, flags));
data/edbrowse-3.7.6/src/dbops.c:249:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, moneyString(n));
data/edbrowse-3.7.6/src/dbops.c:252:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(q, fmt, dn);
data/edbrowse-3.7.6/src/dbops.c:272:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(q, fmt, n);
data/edbrowse-3.7.6/src/dbops.c:516:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, swap);
data/edbrowse-3.7.6/src/dbops.c:519:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, swap + 3);
data/edbrowse-3.7.6/src/dbops.c:775:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(date2buf, s);
data/edbrowse-3.7.6/src/dbops.c:807:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wherecol, e);
data/edbrowse-3.7.6/src/dbops.c:846:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wherecol, w);
data/edbrowse-3.7.6/src/dbops.c:1555:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sortstring1, s);
data/edbrowse-3.7.6/src/dbops.c:1586:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sortstring2,
data/edbrowse-3.7.6/src/dbops.c:1719:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmt1, "select * from %s where %s order by %s", table1,
data/edbrowse-3.7.6/src/dbops.c:1721:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmt2, "select * from %s where %s order by %s", table2,
data/edbrowse-3.7.6/src/dbops.c:1724:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmt1, "select * from %s order by %s", table1, keycol);
data/edbrowse-3.7.6/src/dbops.c:1725:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmt2, "select * from %s order by %s", table2, keycol);
data/edbrowse-3.7.6/src/decorate.c:495:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(namebuf, "|%s|", t->name);
data/edbrowse-3.7.6/src/decorate.c:1108:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(upname, t->info->name);
data/edbrowse-3.7.6/src/ebjs.c:736:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("jslocal", 4) && h[0]) {
data/edbrowse-3.7.6/src/fetchmail.c:434:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cust_cmd, line);
data/edbrowse-3.7.6/src/fetchmail.c:1410:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(umf, "%s/", mailUnread);
data/edbrowse-3.7.6/src/fetchmail.c:1499:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(umf, "%s/", mailUnread);
data/edbrowse-3.7.6/src/fetchmail.c:1727:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rmf, "%s/%05d", mailStash, rn);
data/edbrowse-3.7.6/src/fetchmail.c:2114:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, tbuf);
data/edbrowse-3.7.6/src/fetchmail.c:2376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w->from, w->reply);
data/edbrowse-3.7.6/src/fetchmail.c:2378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w->reply, w->from);
data/edbrowse-3.7.6/src/fetchmail.c:2586:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->from);
data/edbrowse-3.7.6/src/fetchmail.c:2593:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->subject);
data/edbrowse-3.7.6/src/fetchmail.c:2612:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, mailIsHtml ? "\n<br>" : "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2615:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->date);
data/edbrowse-3.7.6/src/fetchmail.c:2622:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->reply);
data/edbrowse-3.7.6/src/fetchmail.c:2631:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Subject: %s\n", w->subject);
data/edbrowse-3.7.6/src/fetchmail.c:2643:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, atbuf);
data/edbrowse-3.7.6/src/fetchmail.c:2651:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, firstAttach);
data/edbrowse-3.7.6/src/fetchmail.c:2657:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, atbuf);
data/edbrowse-3.7.6/src/fetchmail.c:2667:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->to);
data/edbrowse-3.7.6/src/fetchmail.c:2677:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->from);
data/edbrowse-3.7.6/src/fetchmail.c:2685:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->date);
data/edbrowse-3.7.6/src/fetchmail.c:2693:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, w->reply);
data/edbrowse-3.7.6/src/fetchmail.c:2699:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, mailIsHtml ? "<P>\n" : "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2700:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastsubject, w->subject);
data/edbrowse-3.7.6/src/fetchmail.c:2833:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cw->mailInfo, "%s>%s>%s>%s>%s>", w->reply, w->tolist,
data/edbrowse-3.7.6/src/format.c:1262:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)outbuf + j, s);
data/edbrowse-3.7.6/src/html.c:1119:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new + (s - p), newtext);
data/edbrowse-3.7.6/src/html.c:1194:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (newtext[0] && access(newtext, 4)) {
data/edbrowse-3.7.6/src/html.c:1562:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nx, name);
data/edbrowse-3.7.6/src/html.c:1931:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(q, "subject:%s\n", subj);
data/edbrowse-3.7.6/src/html.c:1933:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(q, "subject:html form(%s)\n",
data/edbrowse-3.7.6/src/html.c:1935:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q + strlen(q), pfs + actlen);
data/edbrowse-3.7.6/src/html.c:2028:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(i_getString(msg), p);
data/edbrowse-3.7.6/src/html.c:3068:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(rest, "%s %p,%s %p,%s ", p_name, &a_j, a_name, &b_j, b_name);
data/edbrowse-3.7.6/src/html.c:3680:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hnum, ti->name);
data/edbrowse-3.7.6/src/html.c:3898:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hnum, "\r%c%d*%s\r", InternalCodeChar, tagno,
data/edbrowse-3.7.6/src/http.c:1361:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(job->file, g.down_file);
data/edbrowse-3.7.6/src/jseng-duk.c:598:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(e, "l{c|%s,%s 0x0, 0x0, ", pointer2string(newobj), tag);
data/edbrowse-3.7.6/src/jseng-duk.c:1306:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nc + 2, newcook);
data/edbrowse-3.7.6/src/main.c:186:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
curl_lock_access access, void *userptr)
data/edbrowse-3.7.6/src/main.c:500:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(a, "%s/edbrowse", ebTempDir);
data/edbrowse-3.7.6/src/main.c:526:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ebUserDir, "%s/%d", ebTempDir, userid);
data/edbrowse-3.7.6/src/main.c:574:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ebdata, "%s\\edbrowse", home);
data/edbrowse-3.7.6/src/main.c:582:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cfgfil, "%s\\.ebrc", ebdata);
data/edbrowse-3.7.6/src/main.c:607:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(configFile, "%s/.ebrc", home);
data/edbrowse-3.7.6/src/main.c:620:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(recycleBin, "%s/.Trash", home);
data/edbrowse-3.7.6/src/main.c:632:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mailStash, "%s/rawmail", recycleBin);
data/edbrowse-3.7.6/src/main.c:642:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sigFile, "%s/.signature", home);
data/edbrowse-3.7.6/src/main.c:645:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(agent0, version);
data/edbrowse-3.7.6/src/main.c:827:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file2 + 2, "http://%s", file);
data/edbrowse-3.7.6/src/main.c:829:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2 + 2, file);
data/edbrowse-3.7.6/src/main.c:1106:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, args[j]);
data/edbrowse-3.7.6/src/main.c:1360:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v, last + 3);
data/edbrowse-3.7.6/src/main.c:1381:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v, last + 6);
data/edbrowse-3.7.6/src/main.c:1617:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mailUnread, "%s/unread", v);
data/edbrowse-3.7.6/src/main.c:1625:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mailReply, "%s/.reply", v);
data/edbrowse-3.7.6/src/messages.c:168:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(utfbuf, t);
data/edbrowse-3.7.6/src/messages.c:196:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(debugFile, realmsg, p);
data/edbrowse-3.7.6/src/messages.c:212:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(debugFile, realmsg, p);
data/edbrowse-3.7.6/src/messages.c:430:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/edbrowse-3.7.6/src/messages.c:446:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/edbrowse-3.7.6/src/plugin.c:416:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p = popen(cmd, "r");
data/edbrowse-3.7.6/src/plugin.c:431:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, outfile);
data/edbrowse-3.7.6/src/sendmail.c:228:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "=?ISO-8859-1?%c?%s?=", code, s);
data/edbrowse-3.7.6/src/sendmail.c:357:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subjectLine, subjiso);
data/edbrowse-3.7.6/src/sendmail.c:588:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s, %02d %s ",
data/edbrowse-3.7.6/src/sendmail.c:624:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(serverLine, eol);
data/edbrowse-3.7.6/src/sendmail.c:973:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "From: %s <%s>%s", fromiso, reply, eol);
data/edbrowse-3.7.6/src/sendmail.c:975:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "Reply-to: %s <%s>%s", fromiso, reply, eol);
data/edbrowse-3.7.6/src/sendmail.c:986:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "User-Agent: %s%s", currentAgent, eol);
data/edbrowse-3.7.6/src/sendmail.c:989:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "Subject: %s%s", subjectLine, eol);
data/edbrowse-3.7.6/src/sendmail.c:992:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine,
data/edbrowse-3.7.6/src/sendmail.c:999:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine,
data/edbrowse-3.7.6/src/sendmail.c:1004:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine,
data/edbrowse-3.7.6/src/sendmail.c:1013:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine,
data/edbrowse-3.7.6/src/sendmail.c:1028:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "%s--%s%sContent-Type: %s%s", eol,
data/edbrowse-3.7.6/src/sendmail.c:1035:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "; name=\"%s\"", s);
data/edbrowse-3.7.6/src/sendmail.c:1038:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine,
data/edbrowse-3.7.6/src/sendmail.c:1048:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(serverLine, "%s--%s--%s", eol, boundary, eol);
data/edbrowse-3.7.6/src/stringfile.c:108:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s + slen, p);
data/edbrowse-3.7.6/src/stringfile.c:117:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, p);
data/edbrowse-3.7.6/src/stringfile.c:118:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t + plen, s);
data/edbrowse-3.7.6/src/stringfile.c:211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p + oldlen, t);
data/edbrowse-3.7.6/src/stringfile.c:289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, s);
data/edbrowse-3.7.6/src/stringfile.c:600:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, p);
data/edbrowse-3.7.6/src/stringfile.c:615:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(msg, p);
data/edbrowse-3.7.6/src/stringfile.c:626:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(debugFile, msg, p);
data/edbrowse-3.7.6/src/stringfile.c:1033:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s %2d %d %02d:%02d",
data/edbrowse-3.7.6/src/stringfile.c:1098:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, conciseTime(this_stat.st_mtime));
data/edbrowse-3.7.6/src/stringfile.c:1105:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, p);
data/edbrowse-3.7.6/src/stringfile.c:1108:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, conciseSize(this_stat.st_size));
data/edbrowse-3.7.6/src/stringfile.c:1423:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)t->text, f);
data/edbrowse-3.7.6/src/stringfile.c:1506:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(varline, udir);
data/edbrowse-3.7.6/src/stringfile.c:1554:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, v);
data/edbrowse-3.7.6/src/stringfile.c:1630:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line2, s);
data/edbrowse-3.7.6/src/stringfile.c:1654:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line2, "%s/%s", downDir, line);
data/edbrowse-3.7.6/src/stringfile.c:1702:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, message, p);
data/edbrowse-3.7.6/src/stringfile.c:1719:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int system_ret = system(cmd);
data/edbrowse-3.7.6/src/url.c:837:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url, outPath);
data/edbrowse-3.7.6/src/url.c:838:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(url, rest);
data/edbrowse-3.7.6/src/url.c:866:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, rel);
data/edbrowse-3.7.6/src/url.c:875:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, base);
data/edbrowse-3.7.6/src/url.c:877:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q, rel);
data/edbrowse-3.7.6/src/url.c:887:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(n, rel);
data/edbrowse-3.7.6/src/url.c:900:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(n, rel);
data/edbrowse-3.7.6/src/url.c:908:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, rel);
data/edbrowse-3.7.6/src/url.c:922:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n + l, rel);
data/edbrowse-3.7.6/src/url.c:946:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n + l, rel);
data/edbrowse-3.7.6/win32/dirent.c:112:3: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy (nd->dd_name, szFullPath);
data/edbrowse-3.7.6/win32/dirent.c:119:7: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (nd->dd_name, SLASH);
data/edbrowse-3.7.6/win32/dirent.c:123:3: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (nd->dd_name, SUFFIX);
data/edbrowse-3.7.6/win32/dirent.c:214:7: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy (dirp->dd_dir.d_name, dirp->dd_dta.name);
data/edbrowse-3.7.6/win32/vsprtf.c:57:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size = vsnprintf(NULL, size, fmt, tmpa);
data/edbrowse-3.7.6/win32/vsprtf.c:75:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
size = vsprintf(*str, fmt, args);
data/edbrowse-3.7.6/src/buffers.c:2630:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sh = getenv("SHELL");
data/edbrowse-3.7.6/src/buffers.c:2912:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *s = getenv("PCREUTF8");
data/edbrowse-3.7.6/src/dbinfx.ec:581:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dblocal = getenv("DBNAME");
data/edbrowse-3.7.6/src/jseng-duk.c:2334:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gc = getenv("JSGC");
data/edbrowse-3.7.6/src/jseng-duk.c:2369:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gc = getenv("JSGC");
data/edbrowse-3.7.6/src/main.c:491:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ebTempDir = getenv("TEMP");
data/edbrowse-3.7.6/src/main.c:568:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/edbrowse-3.7.6/src/main.c:571:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("APPDATA");
data/edbrowse-3.7.6/src/main.c:738:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/edbrowse-3.7.6/src/messages.c:26:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *s = getenv("LANG"); // This is likely to fail in windows
data/edbrowse-3.7.6/src/stringfile.c:1546:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
v = getenv(var1);
data/edbrowse-3.7.6/src/auth.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTLEN];
data/edbrowse-3.7.6/src/auth.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTLEN];
data/edbrowse-3.7.6/src/auth.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAXHOSTLEN];
data/edbrowse-3.7.6/src/buffers.c:230:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char suffix[4];
data/edbrowse-3.7.6/src/buffers.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/edbrowse-3.7.6/src/buffers.c:281:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "~%02X", c), cnt += 3;
data/edbrowse-3.7.6/src/buffers.c:431:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[MAXTTYLINE];
data/edbrowse-3.7.6/src/buffers.c:607:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + j, t, l);
data/edbrowse-3.7.6/src/buffers.c:651:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(resfile, "w");
data/edbrowse-3.7.6/src/buffers.c:679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhs[MAXRE], rhs[MAXRE];
data/edbrowse-3.7.6/src/buffers.c:823:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmap2, cmap, (cw->dol + 2) * LMSIZE);
data/edbrowse-3.7.6/src/buffers.c:880:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uw->labels, cw->labels, MARKLETTERS * sizeof(int));
data/edbrowse-3.7.6/src/buffers.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uw->map, cw->map, (cw->dol + 2) * LMSIZE);
data/edbrowse-3.7.6/src/buffers.c:1098:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap, cw->map, (destl + 1) * LMSIZE);
data/edbrowse-3.7.6/src/buffers.c:1102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap + destl + 1, newpiece, nlines * LMSIZE);
data/edbrowse-3.7.6/src/buffers.c:1105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap + destl + nlines + 1, cw->map + destl + 1,
data/edbrowse-3.7.6/src/buffers.c:1161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->text, inbuf + j, i - j);
data/edbrowse-3.7.6/src/buffers.c:1224:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[ABSPATH + 200];
data/edbrowse-3.7.6/src/buffers.c:1245:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path, "..");
data/edbrowse-3.7.6/src/buffers.c:1388:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin[ABSPATH];
data/edbrowse-3.7.6/src/buffers.c:1469:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap, map, (cw->dol + 2) * LMSIZE);
data/edbrowse-3.7.6/src/buffers.c:1471:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap + dl, map + sr, i_er - i_sr);
data/edbrowse-3.7.6/src/buffers.c:1472:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap + dl + er - sr, map + dl, i_sr - i_dl);
data/edbrowse-3.7.6/src/buffers.c:1474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap + sr, map + er, i_dl - i_er);
data/edbrowse-3.7.6/src/buffers.c:1475:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap + sr + dl - er, map + sr, i_er - i_sr);
data/edbrowse-3.7.6/src/buffers.c:1527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, p, size);
data/edbrowse-3.7.6/src/buffers.c:1558:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lsformat[12]; /* size date etc on a directory listing */
data/edbrowse-3.7.6/src/buffers.c:2215:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(name, modeString);
data/edbrowse-3.7.6/src/buffers.c:2271:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp, p, len - 1);
data/edbrowse-3.7.6/src/buffers.c:2272:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp + len - 1, "\r\n", 3);
data/edbrowse-3.7.6/src/buffers.c:2408:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, len);
data/edbrowse-3.7.6/src/buffers.c:2418:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, len);
data/edbrowse-3.7.6/src/buffers.c:2473:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, len);
data/edbrowse-3.7.6/src/buffers.c:2483:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, len);
data/edbrowse-3.7.6/src/buffers.c:2677:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char re[MAXRE + 20];
data/edbrowse-3.7.6/src/buffers.c:3316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstring[12];
data/edbrowse-3.7.6/src/buffers.c:3317:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numstring, "%d", ln);
data/edbrowse-3.7.6/src/buffers.c:3548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhs[MAXRE], rhs[MAXRE];
data/edbrowse-3.7.6/src/buffers.c:3668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search[20];
data/edbrowse-3.7.6/src/buffers.c:3669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchend[4];
data/edbrowse-3.7.6/src/buffers.c:3678:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(search, "%c%d<", InternalCodeChar,
data/edbrowse-3.7.6/src/buffers.c:3680:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(searchend, "%c0>", InternalCodeChar);
data/edbrowse-3.7.6/src/buffers.c:3733:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[ABSPATH], *dest;
data/edbrowse-3.7.6/src/buffers.c:3783:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mptr->text, replaceString,
data/edbrowse-3.7.6/src/buffers.c:3912:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line2, p, plen);
data/edbrowse-3.7.6/src/buffers.c:3942:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char shortline[60];
data/edbrowse-3.7.6/src/buffers.c:3984:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rr_interval = atoi(line + 3);
data/edbrowse-3.7.6/src/buffers.c:3991:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(line + 2);
data/edbrowse-3.7.6/src/buffers.c:4024:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(shortline, "%c%ld", line[0], (long)(t - line));
data/edbrowse-3.7.6/src/buffers.c:4030:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lsmode[12];
data/edbrowse-3.7.6/src/buffers.c:4062:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lsmode, "st");
data/edbrowse-3.7.6/src/buffers.c:4107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwdbuf[ABSPATH];
data/edbrowse-3.7.6/src/buffers.c:4133:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
displayLength = atoi(line + 3);
data/edbrowse-3.7.6/src/buffers.c:4963:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
char *t, *open;
data/edbrowse-3.7.6/src/buffers.c:4975:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (*t == d && open) {
data/edbrowse-3.7.6/src/buffers.c:5100:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, line, l);
data/edbrowse-3.7.6/src/buffers.c:5183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/edbrowse-3.7.6/src/buffers.c:5289:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newline[MAXTTYLINE];
data/edbrowse-3.7.6/src/buffers.c:5413:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newline, "s/.*/%cc/", first);
data/edbrowse-3.7.6/src/buffers.c:5478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXUSERPASS];
data/edbrowse-3.7.6/src/buffers.c:6116:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newline, "//%");
data/edbrowse-3.7.6/src/buffers.c:6120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esc[2];
data/edbrowse-3.7.6/src/buffers.c:6771:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cw->r_labels, cw->labels, sizeof(cw->labels));
data/edbrowse-3.7.6/src/buffers.c:6782:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cf->fileName, ".browse");
data/edbrowse-3.7.6/src/buffers.c:6806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search[20];
data/edbrowse-3.7.6/src/buffers.c:6807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchend[4];
data/edbrowse-3.7.6/src/buffers.c:6809:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(search, "%c%d<", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/buffers.c:6810:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(searchend, "%c0>", InternalCodeChar);
data/edbrowse-3.7.6/src/cache.c:97:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = open(cacheControl, O_WRONLY | O_APPEND | O_CREAT, MODE_private);
data/edbrowse-3.7.6/src/cache.c:257:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(cacheLock, O_WRONLY | O_EXCL | O_CREAT, MODE_private);
data/edbrowse-3.7.6/src/cache.c:262:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(cacheControl, O_RDWR | O_BINARY, 0);
data/edbrowse-3.7.6/src/cookies.c:380:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(cookieFile, "w");
data/edbrowse-3.7.6/src/css.c:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20 + 1];
data/edbrowse-3.7.6/src/css.c:363:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("implocal", "w");
data/edbrowse-3.7.6/src/css.c:367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[20];
data/edbrowse-3.7.6/src/css.c:369:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "i%d.css", n);
data/edbrowse-3.7.6/src/css.c:384:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("implocal", "r");
data/edbrowse-3.7.6/src/css.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[400];
data/edbrowse-3.7.6/src/css.c:448:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, end, l);
data/edbrowse-3.7.6/src/css.c:464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexin[12];
data/edbrowse-3.7.6/src/css.c:1107:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, r1, t - r1);
data/edbrowse-3.7.6/src/css.c:1116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, t, r2 - t);
data/edbrowse-3.7.6/src/css.c:1256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, a1, a2 - a1);
data/edbrowse-3.7.6/src/css.c:1295:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, a1, a2 - a1);
data/edbrowse-3.7.6/src/css.c:1401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, m1, n);
data/edbrowse-3.7.6/src/css.c:1601:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(cssDebugFile, "a");
data/edbrowse-3.7.6/src/css.c:1737:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cssfile = fopen(cssDebugFile, "a");
data/edbrowse-3.7.6/src/css.c:1832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[MAXTAGNAME];
data/edbrowse-3.7.6/src/css.c:1898:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sibs[i].tag, "@x");
data/edbrowse-3.7.6/src/css.c:1939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mytype[MAXTAGNAME];
data/edbrowse-3.7.6/src/css.c:2013:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sibs[i].tag, "@x");
data/edbrowse-3.7.6/src/css.c:2691:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(cssDebugFile, "a");
data/edbrowse-3.7.6/src/css.c:3488:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(cssDebugFile, "a");
data/edbrowse-3.7.6/src/dbapi.h:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char rv_type[NUMRETS + 1]; /* datatypes of returned values */
data/edbrowse-3.7.6/src/dbapi.h:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char rv_name[NUMRETS + 1][COLNAMELEN]; /* column names */
data/edbrowse-3.7.6/src/dbinfx.ec:508:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[8]; /* statement name */
data/edbrowse-3.7.6/src/dbinfx.ec:509:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[8]; /* cursor name */
data/edbrowse-3.7.6/src/dbinfx.ec:511:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rv_type[NUMRETS];
data/edbrowse-3.7.6/src/dbinfx.ec:530:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(o->cname, "c%u", i);
data/edbrowse-3.7.6/src/dbinfx.ec:531:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(o->sname, "s%u", i);
data/edbrowse-3.7.6/src/dbinfx.ec:550:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rv_type, o->rv_type, NUMRETS);
data/edbrowse-3.7.6/src/dbinfx.ec:741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
$char blobcmd[100];
data/edbrowse-3.7.6/src/dbinfx.ec:804:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retstring[NUMRETS][STRINGLEN+4];
data/edbrowse-3.7.6/src/dbinfx.ec:985:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(isnotnullfloat(rv_data[i].f)) sprintf(q, "%lf", rv_data[i].f);
data/edbrowse-3.7.6/src/dbinfx.ec:998:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "%ld.%02d", l/100, l%100);
data/edbrowse-3.7.6/src/dbinfx.ec:999:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
} else sprintf(q, "%ld", l);
data/edbrowse-3.7.6/src/dbinfx.ec:1260:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "execute procedure ");
data/edbrowse-3.7.6/src/dbinfx.ec:1324:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o->rv_type, rv_type, NUMRETS);
data/edbrowse-3.7.6/src/dbinfx.ec:1357:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
$open :internal_cname;
data/edbrowse-3.7.6/src/dbodbc.c:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char odbc[6];
data/edbrowse-3.7.6/src/dbodbc.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errcodes[6];
data/edbrowse-3.7.6/src/dbodbc.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rv_type[NUMRETS];
data/edbrowse-3.7.6/src/dbodbc.c:329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rv_type, o->rv_type, NUMRETS);
data/edbrowse-3.7.6/src/dbodbc.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char constring[200];
data/edbrowse-3.7.6/src/dbodbc.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drivername[40];
data/edbrowse-3.7.6/src/dbodbc.c:396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verstring[6];
data/edbrowse-3.7.6/src/dbodbc.c:415:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
odbc_version = atoi(verstring);
data/edbrowse-3.7.6/src/dbodbc.c:673:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char blobbuf[100000];
data/edbrowse-3.7.6/src/dbodbc.c:679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blobcmd[100];
data/edbrowse-3.7.6/src/dbodbc.c:813:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char retstring[NUMRETS][STRINGLEN + 4];
data/edbrowse-3.7.6/src/dbodbc.c:826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[20]; /* temp buf, for dates and times */
data/edbrowse-3.7.6/src/dbodbc.c:1021:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rv_blobLoc, blobbuf, l);
data/edbrowse-3.7.6/src/dbodbc.c:1038:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)rv_blobLoc)[output_length] = 0;
data/edbrowse-3.7.6/src/dbodbc.c:1120:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(retstring[0]);
data/edbrowse-3.7.6/src/dbodbc.c:1428:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "execute procedure ");
data/edbrowse-3.7.6/src/dbodbc.c:1489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o->rv_type, rv_type, NUMRETS);
data/edbrowse-3.7.6/src/dbodbc.c:1728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[COLNAMELEN];
data/edbrowse-3.7.6/src/dbodbc.c:1795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabname[40];
data/edbrowse-3.7.6/src/dbodbc.c:1796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabtype[40];
data/edbrowse-3.7.6/src/dbodbc.c:1797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabowner[40];
data/edbrowse-3.7.6/src/dbodbc.c:1826:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabline[140];
data/edbrowse-3.7.6/src/dbodbc.c:1845:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char farschema[40], fartab[40];
data/edbrowse-3.7.6/src/dbodbc.c:1846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char farcol[40];
data/edbrowse-3.7.6/src/dbodbc.c:1847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nearcol[40];
data/edbrowse-3.7.6/src/dbops.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rv_type[NUMRETS + 1];
data/edbrowse-3.7.6/src/dbops.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rv_name[NUMRETS + 1][COLNAMELEN];
data/edbrowse-3.7.6/src/dbops.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lfbuf[LFBUFSIZE]; /* line formatting buffer */
data/edbrowse-3.7.6/src/dbops.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[12];
data/edbrowse-3.7.6/src/dbops.c:203:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(q1 - 1, "IS NOT ");
data/edbrowse-3.7.6/src/dbops.c:206:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(q1, "IS ");
data/edbrowse-3.7.6/src/dbops.c:210:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(q, "NULL");
data/edbrowse-3.7.6/src/dbops.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[NUMRETS * 4 + 1];
data/edbrowse-3.7.6/src/dbops.c:343:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt + 4 * i, "%%0%c%c", pftype, delim);
data/edbrowse-3.7.6/src/dbops.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[NUMRETS * 3 + 1];
data/edbrowse-3.7.6/src/dbops.c:369:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt + 3 * i, "%%%c,", pftype);
data/edbrowse-3.7.6/src/dbops.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/edbrowse-3.7.6/src/dbops.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swap[4];
data/edbrowse-3.7.6/src/dbops.c:492:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(buf + 4);
data/edbrowse-3.7.6/src/dbops.c:500:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[12];
data/edbrowse-3.7.6/src/dbops.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swap[8];
data/edbrowse-3.7.6/src/dbops.c:505:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " / / ");
data/edbrowse-3.7.6/src/dbops.c:507:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02d/%02d/%04d", month, day, year);
data/edbrowse-3.7.6/src/dbops.c:534:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[12];
data/edbrowse-3.7.6/src/dbops.c:536:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, " : : AM");
data/edbrowse-3.7.6/src/dbops.c:552:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02d:%02d:%02d %cM", h, m, s, c);
data/edbrowse-3.7.6/src/dbops.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/edbrowse-3.7.6/src/dbops.c:631:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20], *s = buf;
data/edbrowse-3.7.6/src/dbops.c:636:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "$%ld.%02d", m / 100, (int)(m % 100));
data/edbrowse-3.7.6/src/dbops.c:685:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char myTab[64];
data/edbrowse-3.7.6/src/dbops.c:691:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wherecol[COLNAMELEN + 2];
data/edbrowse-3.7.6/src/dbops.c:718:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *lineFields[MAXTCOLS];
data/edbrowse-3.7.6/src/dbops.c:767:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char date2buf[24];
data/edbrowse-3.7.6/src/dbops.c:913:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(td->nullable, rv_nullable, nc);
data/edbrowse-3.7.6/src/dbops.c:942:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(td->nullable, rv_nullable, nc);
data/edbrowse-3.7.6/src/dbops.c:1075:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(myTab, "<%d>", cx);
data/edbrowse-3.7.6/src/dbops.c:1081:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u, myTab, j);
data/edbrowse-3.7.6/src/dbops.c:1351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inp[256];
data/edbrowse-3.7.6/src/dbops.c:1444:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(inp, "%d", nextkey + 1);
data/edbrowse-3.7.6/src/dbops.c:1513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sortstring1[80], sortstring2[80];
data/edbrowse-3.7.6/src/dbops.c:1697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmt1[200], stmt2[200];
data/edbrowse-3.7.6/src/decorate.c:491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[200];
data/edbrowse-3.7.6/src/decorate.c:873:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fakePropLast[24];
data/edbrowse-3.7.6/src/decorate.c:879:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fakePropLast, "gc$%c%d", whichproc, idx);
data/edbrowse-3.7.6/src/decorate.c:947:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upname[MAXTAGNAME];
data/edbrowse-3.7.6/src/eb.h:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[CURL_ERROR_SIZE + 1];
data/edbrowse-3.7.6/src/eb.h:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content[60];
data/edbrowse-3.7.6/src/eb.h:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_realm[60]; /* WWW-Authenticate realm header */
data/edbrowse-3.7.6/src/eb.h:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cols[MAXTCOLS];
data/edbrowse-3.7.6/src/eb.h:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhs[MAXRE], rhs[MAXRE]; /* remembered substitution strings */
data/edbrowse-3.7.6/src/eb.h:514:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[MAXTAGNAME];
data/edbrowse-3.7.6/src/ebjs.c:745:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysname[32];
data/edbrowse-3.7.6/src/ebjs.c:746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[32];
data/edbrowse-3.7.6/src/fetchmail.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject[MHLINE + 4];
data/edbrowse-3.7.6/src/fetchmail.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to[MHLINE];
data/edbrowse-3.7.6/src/fetchmail.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[MHLINE];
data/edbrowse-3.7.6/src/fetchmail.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply[MHLINE];
data/edbrowse-3.7.6/src/fetchmail.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[MHLINE];
data/edbrowse-3.7.6/src/fetchmail.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[MHLINE];
data/edbrowse-3.7.6/src/fetchmail.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mid[MHLINE]; /* message id */
data/edbrowse-3.7.6/src/fetchmail.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref[MHLINE]; /* references */
data/edbrowse-3.7.6/src/fetchmail.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfn[MHLINE]; /* content file name */
data/edbrowse-3.7.6/src/fetchmail.c:109:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(atname, O_WRONLY | O_BINARY | O_CREAT | O_TRUNC,
data/edbrowse-3.7.6/src/fetchmail.c:152:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imapfetch = atoi(t);
data/edbrowse-3.7.6/src/fetchmail.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cust_cmd[200];
data/edbrowse-3.7.6/src/fetchmail.c:424:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cust_cmd, "SEARCH ");
data/edbrowse-3.7.6/src/fetchmail.c:426:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cust_cmd, "CHARSET UTF-8 ");
data/edbrowse-3.7.6/src/fetchmail.c:428:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cust_cmd, "SUBJECT");
data/edbrowse-3.7.6/src/fetchmail.c:430:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cust_cmd, "FROM");
data/edbrowse-3.7.6/src/fetchmail.c:432:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cust_cmd, "BODY");
data/edbrowse-3.7.6/src/fetchmail.c:433:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cust_cmd, " \"");
data/edbrowse-3.7.6/src/fetchmail.c:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cust_cmd[80];
data/edbrowse-3.7.6/src/fetchmail.c:575:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cust_cmd, "STORE %d +Flags \\Deleted",
data/edbrowse-3.7.6/src/fetchmail.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cust_cmd[80];
data/edbrowse-3.7.6/src/fetchmail.c:603:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputline[80];
data/edbrowse-3.7.6/src/fetchmail.c:668:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cust_cmd, "FETCH %d BODY[]", mif->seqno);
data/edbrowse-3.7.6/src/fetchmail.c:819:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cust_cmd, "STORE %d +Flags \\Deleted", mif->seqno);
data/edbrowse-3.7.6/src/fetchmail.c:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cust_cmd[80];
data/edbrowse-3.7.6/src/fetchmail.c:876:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cust_cmd, "FETCH %d UID", mif->seqno);
data/edbrowse-3.7.6/src/fetchmail.c:887:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mif->uid = atoi(t);
data/edbrowse-3.7.6/src/fetchmail.c:892:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cust_cmd, "FETCH %d ALL", mif->seqno);
data/edbrowse-3.7.6/src/fetchmail.c:1031:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mif->size = atoi(t);
data/edbrowse-3.7.6/src/fetchmail.c:1063:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->nmsgs = atoi(t);
data/edbrowse-3.7.6/src/fetchmail.c:1079:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f->uidnext = atoi(t);
data/edbrowse-3.7.6/src/fetchmail.c:1129:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(f);
data/edbrowse-3.7.6/src/fetchmail.c:1216:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(umf_end, "%d", unreadMax + message_number);
data/edbrowse-3.7.6/src/fetchmail.c:1217:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
umfd = open(umf, O_WRONLY | O_TEXT | O_CREAT, MODE_rw);
data/edbrowse-3.7.6/src/fetchmail.c:1254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputline[80];
data/edbrowse-3.7.6/src/fetchmail.c:1520:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(umf_end, "%d", unreadMin);
data/edbrowse-3.7.6/src/fetchmail.c:1689:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = open(atname, O_WRONLY | O_TEXT | O_CREAT | O_APPEND, MODE_rw);
data/edbrowse-3.7.6/src/fetchmail.c:1732:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(rmf,
data/edbrowse-3.7.6/src/fetchmail.c:1763:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addstash[60];
data/edbrowse-3.7.6/src/fetchmail.c:1765:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addstash, "\nUnformatted %05d.%05d\n",
data/edbrowse-3.7.6/src/fetchmail.c:2228:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(w->subject, "...");
data/edbrowse-3.7.6/src/fetchmail.c:2572:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[(MHLINE + 30) * 4];
data/edbrowse-3.7.6/src/fetchmail.c:2573:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastsubject[MHLINE];
data/edbrowse-3.7.6/src/fetchmail.c:2582:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Message");
data/edbrowse-3.7.6/src/fetchmail.c:2585:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " from ");
data/edbrowse-3.7.6/src/fetchmail.c:2590:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " with the same subject");
data/edbrowse-3.7.6/src/fetchmail.c:2592:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " with subject: ");
data/edbrowse-3.7.6/src/fetchmail.c:2596:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " with no subject");
data/edbrowse-3.7.6/src/fetchmail.c:2614:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Sent ");
data/edbrowse-3.7.6/src/fetchmail.c:2619:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "From ");
data/edbrowse-3.7.6/src/fetchmail.c:2621:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " from ");
data/edbrowse-3.7.6/src/fetchmail.c:2635:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[20];
data/edbrowse-3.7.6/src/fetchmail.c:2637:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "<br>");
data/edbrowse-3.7.6/src/fetchmail.c:2640:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(atbuf, "%d images\n", nimages);
data/edbrowse-3.7.6/src/fetchmail.c:2642:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(atbuf, "1 image");
data/edbrowse-3.7.6/src/fetchmail.c:2645:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " + ");
data/edbrowse-3.7.6/src/fetchmail.c:2648:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "1 attachment");
data/edbrowse-3.7.6/src/fetchmail.c:2655:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(atbuf, "%d attachments\n",
data/edbrowse-3.7.6/src/fetchmail.c:2664:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "<br>");
data/edbrowse-3.7.6/src/fetchmail.c:2666:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "To ");
data/edbrowse-3.7.6/src/fetchmail.c:2669:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " and others");
data/edbrowse-3.7.6/src/fetchmail.c:2674:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "<br>");
data/edbrowse-3.7.6/src/fetchmail.c:2676:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "From ");
data/edbrowse-3.7.6/src/fetchmail.c:2682:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "<br>");
data/edbrowse-3.7.6/src/fetchmail.c:2684:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Mail sent ");
data/edbrowse-3.7.6/src/fetchmail.c:2690:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "<br>");
data/edbrowse-3.7.6/src/fetchmail.c:2692:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Reply to ");
data/edbrowse-3.7.6/src/fetchmail.c:2865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linetype[8];
data/edbrowse-3.7.6/src/fetchmail.c:2892:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linetype, " xxxxxx");
data/edbrowse-3.7.6/src/fetchmail.c:3051:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfh = open(mailReply, O_WRONLY | O_APPEND | O_CREAT, MODE_private);
data/edbrowse-3.7.6/src/fetchmail.c:3065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prestring[20];
data/edbrowse-3.7.6/src/fetchmail.c:3090:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prestring, "%05d.%05d:", major, minor);
data/edbrowse-3.7.6/src/fetchmail.c:3091:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rfh = open(mailReply, O_RDONLY);
data/edbrowse-3.7.6/src/format.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[20];
data/edbrowse-3.7.6/src/format.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, s, n);
data/edbrowse-3.7.6/src/format.c:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w, tag, n);
data/edbrowse-3.7.6/src/format.c:282:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
char open, close, linkchar;
data/edbrowse-3.7.6/src/format.c:544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trailing[12];
data/edbrowse-3.7.6/src/format.c:888:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new + l, "\n???");
data/edbrowse-3.7.6/src/html.c:946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char look[12];
data/edbrowse-3.7.6/src/html.c:1118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, p, s - p);
data/edbrowse-3.7.6/src/html.c:1120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new + strlen(new), t, plen - (t - p));
data/edbrowse-3.7.6/src/html.c:1563:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nx + namelen, ".x");
data/edbrowse-3.7.6/src/html.c:1602:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cxstring[12];
data/edbrowse-3.7.6/src/html.c:1604:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cxstring, "%d", cx);
data/edbrowse-3.7.6/src/html.c:1915:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *tolist[2], *atlist[2];
data/edbrowse-3.7.6/src/html.c:2420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[120];
data/edbrowse-3.7.6/src/html.c:2423:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d nodes under hover", hovcount);
data/edbrowse-3.7.6/src/html.c:2426:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ", ");
data/edbrowse-3.7.6/src/html.c:2427:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + strlen(buf),
data/edbrowse-3.7.6/src/html.c:2432:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ", ");
data/edbrowse-3.7.6/src/html.c:2433:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + strlen(buf), "%d nodes injected by css",
data/edbrowse-3.7.6/src/html.c:2641:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formfunction[48];
data/edbrowse-3.7.6/src/html.c:2642:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(formfunction, "document.forms[%d].onunload",
data/edbrowse-3.7.6/src/html.c:3059:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_name[MAXTAGNAME], a_name[MAXTAGNAME], b_name[MAXTAGNAME];
data/edbrowse-3.7.6/src/html.c:3279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/edbrowse-3.7.6/src/html.c:3280:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c%d*", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olbuf[32];
data/edbrowse-3.7.6/src/html.c:3294:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(olbuf, "%d. ", j);
data/edbrowse-3.7.6/src/html.c:3296:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(olbuf, "* ");
data/edbrowse-3.7.6/src/html.c:3309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hnum[40]; /* hidden number */
data/edbrowse-3.7.6/src/html.c:3570:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d{", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3582:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c0}", InternalCodeChar);
data/edbrowse-3.7.6/src/html.c:3585:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d*", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3621:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d{", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3628:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c0}", InternalCodeChar);
data/edbrowse-3.7.6/src/html.c:3700:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d*", InternalCodeChar, j);
data/edbrowse-3.7.6/src/html.c:3741:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d<buffer %d%c0>",
data/edbrowse-3.7.6/src/html.c:3745:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d<buffer text%c0>",
data/edbrowse-3.7.6/src/html.c:3749:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d<buffer ?%c0>",
data/edbrowse-3.7.6/src/html.c:3755:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d<", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3922:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c%d{", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3942:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "\r%c%d{", InternalCodeChar, tagno);
data/edbrowse-3.7.6/src/html.c:3947:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hnum, "%c0}\r", InternalCodeChar);
data/edbrowse-3.7.6/src/html.c:4021:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newtext[20];
data/edbrowse-3.7.6/src/html.c:4039:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newtext, "buffer %d", t->lic);
data/edbrowse-3.7.6/src/http.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[4];
data/edbrowse-3.7.6/src/http.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->auth_realm, realm, sz);
data/edbrowse-3.7.6/src/http.c:398:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b1, "8bit\r\n\r\n");
data/edbrowse-3.7.6/src/http.c:423:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const months[12] = {
data/edbrowse-3.7.6/src/http.c:450:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mday = atoi(date);
data/edbrowse-3.7.6/src/http.c:461:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_year = atoi(date + 1) - 1900;
data/edbrowse-3.7.6/src/http.c:471:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_year = atoi(date + 0) - 1900;
data/edbrowse-3.7.6/src/http.c:472:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mon = atoi(date + 5) - 1;
data/edbrowse-3.7.6/src/http.c:473:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mday = atoi(date + 8);
data/edbrowse-3.7.6/src/http.c:524:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_year = atoi(date) - 1900;
data/edbrowse-3.7.6/src/http.c:629:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay = atoi(u);
data/edbrowse-3.7.6/src/http.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creds_buf[MAXUSERPASS * 2 + 2]; /* creds abr. for credentials */
data/edbrowse-3.7.6/src/http.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot[MAXPROTLEN], host[MAXHOSTLEN];
data/edbrowse-3.7.6/src/http.c:841:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thisbound[24];
data/edbrowse-3.7.6/src/http.c:856:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(thisbound, post, s - post);
data/edbrowse-3.7.6/src/http.c:926:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w, u, d);
data/edbrowse-3.7.6/src/http.c:1494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[42], group[42];
data/edbrowse-3.7.6/src/http.c:1495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[8];
data/edbrowse-3.7.6/src/http.c:1617:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(s);
data/edbrowse-3.7.6/src/http.c:1726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot[MAXPROTLEN], host[MAXHOSTLEN];
data/edbrowse-3.7.6/src/http.c:1845:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(creds_buf, "anonymous:ftp@example.com");
data/edbrowse-3.7.6/src/http.c:2881:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cf->fileName, ".browse");
data/edbrowse-3.7.6/src/http.c:2935:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opentag = atoi(s + 1);
data/edbrowse-3.7.6/src/http.c:2944:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(s + 1);
data/edbrowse-3.7.6/src/http.c:3057:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cf->fileName, ".browse");
data/edbrowse-3.7.6/src/jseng-duk.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/edbrowse-3.7.6/src/jseng-duk.c:253:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = open(filename, O_CREAT | O_TRUNC | O_WRONLY | O_TEXT, MODE_rw);
data/edbrowse-3.7.6/src/jseng-duk.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[80];
data/edbrowse-3.7.6/src/jseng-duk.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[80];
data/edbrowse-3.7.6/src/jseng-duk.c:364:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbuf[32];
data/edbrowse-3.7.6/src/jseng-duk.c:365:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pbuf, "%p", obj);
data/edbrowse-3.7.6/src/jseng-duk.c:592:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char e[60];
data/edbrowse-3.7.6/src/jseng-duk.c:619:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fakebuf[24];
data/edbrowse-3.7.6/src/jseng-duk.c:622:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fakebuf, "cg$$%d", idx);
data/edbrowse-3.7.6/src/jseng-duk.c:632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[48]; /* function name */
data/edbrowse-3.7.6/src/jseng-duk.c:651:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "javascript()");
data/edbrowse-3.7.6/src/jseng-duk.c:669:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(j, "()");
data/edbrowse-3.7.6/src/jseng-duk.c:830:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf1[MAXTAGNAME], buf2[MAXTAGNAME], buf3[MAXTAGNAME];
data/edbrowse-3.7.6/src/jseng-duk.c:1305:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nc, "; ");
data/edbrowse-3.7.6/src/jseng-duk.c:2047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nnbuf[20];
data/edbrowse-3.7.6/src/main.c:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *userAgents[MAXAGENT + 1];
data/edbrowse-3.7.6/src/main.c:107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cw->r_labels, cw->labels, sizeof(cw->labels));
data/edbrowse-3.7.6/src/main.c:117:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cf->fileName, ".browse");
data/edbrowse-3.7.6/src/main.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot[MAXPROTLEN], host[MAXHOSTLEN];
data/edbrowse-3.7.6/src/main.c:556:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char agent0[64] = "edbrowse/";
data/edbrowse-3.7.6/src/main.c:583:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cfgfil, "w");
data/edbrowse-3.7.6/src/main.c:951:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *args[10];
data/edbrowse-3.7.6/src/main.c:960:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[MAXNEST];
data/edbrowse-3.7.6/src/main.c:1068:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loopcnt[nest] = j = atoi(ip + 2);
data/edbrowse-3.7.6/src/main.c:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[MAXNEST];
data/edbrowse-3.7.6/src/main.c:1239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last[24];
data/edbrowse-3.7.6/src/main.c:1527:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
act->inport = atoi(v);
data/edbrowse-3.7.6/src/main.c:1537:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
act->outport = atoi(v);
data/edbrowse-3.7.6/src/main.c:1642:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
j = open(v, O_WRONLY | O_APPEND | O_CREAT,
data/edbrowse-3.7.6/src/main.c:1664:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
webTimeout = atoi(v);
data/edbrowse-3.7.6/src/main.c:1668:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mailTimeout = atoi(v);
data/edbrowse-3.7.6/src/main.c:1676:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
j = open(v, O_RDONLY);
data/edbrowse-3.7.6/src/main.c:1721:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cacheSize = atoi(v);
data/edbrowse-3.7.6/src/main.c:1972:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("jslocal", "r");
data/edbrowse-3.7.6/src/main.c:1976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[400];
data/edbrowse-3.7.6/src/messages.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eb_language[8];
data/edbrowse-3.7.6/src/messages.c:30:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(eb_language, "en");
data/edbrowse-3.7.6/src/messages.c:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char utfbuf[1000];
data/edbrowse-3.7.6/src/messages.c:232:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMsg[1024];
data/edbrowse-3.7.6/src/messages.c:399:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
needed = MultiByteToWideChar(CP_UTF8, 0, s, -1, NULL, 0);
data/edbrowse-3.7.6/src/messages.c:405:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, s, -1, chars, needed);
data/edbrowse-3.7.6/src/messages.c:435:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
needed = MultiByteToWideChar(CP_UTF8, 0, a, -1, NULL, 0);
data/edbrowse-3.7.6/src/messages.c:441:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, a, -1, chars, needed);
data/edbrowse-3.7.6/src/plugin.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char suffix[12];
data/edbrowse-3.7.6/src/plugin.c:95:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char suffix[12];
data/edbrowse-3.7.6/src/plugin.c:430:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, " > ");
data/edbrowse-3.7.6/src/sendmail.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char serverLine[MAXMSLINE];
data/edbrowse-3.7.6/src/sendmail.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char subjectLine[400];
data/edbrowse-3.7.6/src/sendmail.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/edbrowse-3.7.6/src/sendmail.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email[64];
data/edbrowse-3.7.6/src/sendmail.c:143:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addressList[j].name, s, t - s);
data/edbrowse-3.7.6/src/sendmail.c:147:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addressList[j].email, s, t - s);
data/edbrowse-3.7.6/src/sendmail.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expand[4];
data/edbrowse-3.7.6/src/sendmail.c:181:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expand, "=%02X", (uchar) c);
data/edbrowse-3.7.6/src/sendmail.c:242:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[24];
data/edbrowse-3.7.6/src/sendmail.c:247:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "; charset=utf-8");
data/edbrowse-3.7.6/src/sendmail.c:249:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "; charset=iso-8859-%d", type8859);
data/edbrowse-3.7.6/src/sendmail.c:281:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newfilename[16];
data/edbrowse-3.7.6/src/sendmail.c:295:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newfilename, "<buffer %d>", cx);
data/edbrowse-3.7.6/src/sendmail.c:344:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subjectLine, t, s - t);
data/edbrowse-3.7.6/src/sendmail.c:373:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sigFileEnd, "%d", mailAccount);
data/edbrowse-3.7.6/src/sendmail.c:388:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(sigFile, O_RDONLY);
data/edbrowse-3.7.6/src/sendmail.c:507:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expand[4];
data/edbrowse-3.7.6/src/sendmail.c:508:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expand, "=%02X", (uchar) c);
data/edbrowse-3.7.6/src/sendmail.c:569:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[48];
data/edbrowse-3.7.6/src/sendmail.c:599:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[48];
data/edbrowse-3.7.6/src/sendmail.c:604:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%04d%02d%02d%02d%02d%02d",
data/edbrowse-3.7.6/src/sendmail.c:622:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(serverLine, s, n);
data/edbrowse-3.7.6/src/sendmail.c:636:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char boundary[24];
data/edbrowse-3.7.6/src/sendmail.c:637:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(boundary, "nextpart-eb-%06d", rand() % 1000000);
data/edbrowse-3.7.6/src/sendmail.c:664:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_for_curl, upload->data + upload->pos, to_send);
data/edbrowse-3.7.6/src/sendmail.c:820:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reccc[MAXRECAT];
data/edbrowse-3.7.6/src/sendmail.c:1074:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *reclist[MAXRECAT + 1];
data/edbrowse-3.7.6/src/sendmail.c:1076:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *atlist[MAXRECAT + 1];
data/edbrowse-3.7.6/src/sendmail.c:1079:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cxbuf[4];
data/edbrowse-3.7.6/src/sendmail.c:1232:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cxbuf, "%d", context);
data/edbrowse-3.7.6/src/stringfile.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + oldlen, t, cnt);
data/edbrowse-3.7.6/src/stringfile.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[16];
data/edbrowse-3.7.6/src/stringfile.c:261:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(a, "%d", n);
data/edbrowse-3.7.6/src/stringfile.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[16];
data/edbrowse-3.7.6/src/stringfile.c:270:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(a, "%dM", n / (1024 * 1024));
data/edbrowse-3.7.6/src/stringfile.c:272:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(a, "%dK", n / 1024);
data/edbrowse-3.7.6/src/stringfile.c:274:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(a, "%d", n);
data/edbrowse-3.7.6/src/stringfile.c:297:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, n);
data/edbrowse-3.7.6/src/stringfile.c:327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, n);
data/edbrowse-3.7.6/src/stringfile.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, l);
data/edbrowse-3.7.6/src/stringfile.c:644:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debugFile = fopen(name, (whichproc == 'e' ? "w" : "a"));
data/edbrowse-3.7.6/src/stringfile.c:693:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, len);
data/edbrowse-3.7.6/src/stringfile.c:701:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, t, len);
data/edbrowse-3.7.6/src/stringfile.c:752:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = open(filename, O_RDONLY | O_BINARY);
data/edbrowse-3.7.6/src/stringfile.c:772:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename, O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, MODE_rw);
data/edbrowse-3.7.6/src/stringfile.c:799:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh2 = open(filename, O_WRONLY | O_TRUNC);
data/edbrowse-3.7.6/src/stringfile.c:986:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/edbrowse-3.7.6/src/stringfile.c:988:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%luG", (unsigned long)n >> 30);
data/edbrowse-3.7.6/src/stringfile.c:990:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%luM", (unsigned long)n >> 20);
data/edbrowse-3.7.6/src/stringfile.c:992:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%luK", (unsigned long)n >> 10);
data/edbrowse-3.7.6/src/stringfile.c:994:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", (unsigned long)n);
data/edbrowse-3.7.6/src/stringfile.c:1000:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[20];
data/edbrowse-3.7.6/src/stringfile.c:1050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char used[26];
data/edbrowse-3.7.6/src/stringfile.c:1074:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[200 + ABSPATH];
data/edbrowse-3.7.6/src/stringfile.c:1075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[40];
data/edbrowse-3.7.6/src/stringfile.c:1080:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpath[ABSPATH];
data/edbrowse-3.7.6/src/stringfile.c:1101:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%lld", (long long)this_stat.st_size);
data/edbrowse-3.7.6/src/stringfile.c:1114:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%lu", (unsigned long)this_stat.st_ino);
data/edbrowse-3.7.6/src/stringfile.c:1117:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%lu", (unsigned long)this_stat.st_nlink);
data/edbrowse-3.7.6/src/stringfile.c:1122:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%d/%d",
data/edbrowse-3.7.6/src/stringfile.c:1136:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", this_stat.st_uid);
data/edbrowse-3.7.6/src/stringfile.c:1147:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", this_stat.st_gid);
data/edbrowse-3.7.6/src/stringfile.c:1294:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ABSPATH];
data/edbrowse-3.7.6/src/stringfile.c:1459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char varline[ABSPATH];
data/edbrowse-3.7.6/src/stringfile.c:1460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var1[40];
data/edbrowse-3.7.6/src/stringfile.c:1565:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line2[ABSPATH];
data/edbrowse-3.7.6/src/stringfile.c:1643:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line2[MAXTTYLINE];
data/edbrowse-3.7.6/src/stringfile.c:1670:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(name, mode);
data/edbrowse-3.7.6/src/stringfile.c:1686:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(name, mode, perms);
data/edbrowse-3.7.6/src/url.c:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char prot[MAXPROTLEN];
data/edbrowse-3.7.6/src/url.c:517:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPROTLEN];
data/edbrowse-3.7.6/src/url.c:524:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s, l);
data/edbrowse-3.7.6/src/url.c:540:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostbuf[MAXHOSTLEN];
data/edbrowse-3.7.6/src/url.c:557:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hostbuf, s, l);
data/edbrowse-3.7.6/src/url.c:587:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp, s1, l1);
data/edbrowse-3.7.6/src/url.c:596:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hp, s2, l2);
data/edbrowse-3.7.6/src/url.c:886:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(n, "http:");
data/edbrowse-3.7.6/src/url.c:898:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(n + l, "://");
data/edbrowse-3.7.6/src/url.c:999:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1000];
data/edbrowse-3.7.6/src/url.c:1061:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/edbrowse-3.7.6/src/url.c:1075:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%%%02X", (uchar) c);
data/edbrowse-3.7.6/src/url.c:1204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot[MAXPROTLEN], host[MAXHOSTLEN];
data/edbrowse-3.7.6/tools/mkproto.c:67:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname, "r");
data/edbrowse-3.7.6/tools/mkproto.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fword[10];
data/edbrowse-3.7.6/win32/dirent.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[FILENAME_MAX]; /* File name. */
data/edbrowse-3.7.6/win32/dirent.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dd_name[1];
data/edbrowse-3.7.6/win32/dirent.h:79:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t d_name[FILENAME_MAX]; /* File name. */
data/edbrowse-3.7.6/win32/dirent.h:108:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dd_name[1];
data/edbrowse-3.7.6/src/auth.c:45:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d1len = strlen(a->directory);
data/edbrowse-3.7.6/src/auth.c:121:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(proxy || (dl == strlen(a->directory)
data/edbrowse-3.7.6/src/buffers.c:504:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = allocMem(strlen(newlocation) + 8);
data/edbrowse-3.7.6/src/buffers.c:541:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(last_rl);
data/edbrowse-3.7.6/src/buffers.c:543:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(line);
data/edbrowse-3.7.6/src/buffers.c:572:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/edbrowse-3.7.6/src/buffers.c:606:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(t);
data/edbrowse-3.7.6/src/buffers.c:655:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%zu bytes\n", strlen(result));
data/edbrowse-3.7.6/src/buffers.c:1225:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cw->baseDirName) + strlen(f) > ABSPATH - 2) {
data/edbrowse-3.7.6/src/buffers.c:1225:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cw->baseDirName) + strlen(f) > ABSPATH - 2) {
data/edbrowse-3.7.6/src/buffers.c:1236:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(path);
data/edbrowse-3.7.6/src/buffers.c:1266:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(path, ".");
data/edbrowse-3.7.6/src/buffers.c:1595:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cw->baseDirName);
data/edbrowse-3.7.6/src/buffers.c:1693:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(v);
data/edbrowse-3.7.6/src/buffers.c:1937:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileSize = strlen(rbuf);
data/edbrowse-3.7.6/src/buffers.c:2339:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(suf);
data/edbrowse-3.7.6/src/buffers.c:2344:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(extra);
data/edbrowse-3.7.6/src/buffers.c:2358:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(suf, "\n");
data/edbrowse-3.7.6/src/buffers.c:2359:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(suf);
data/edbrowse-3.7.6/src/buffers.c:2406:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int elen = strlen(extra);
data/edbrowse-3.7.6/src/buffers.c:2412:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(q, " ");
data/edbrowse-3.7.6/src/buffers.c:2415:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(q, "\n");
data/edbrowse-3.7.6/src/buffers.c:2420:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(suf, "\n");
data/edbrowse-3.7.6/src/buffers.c:2423:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(q);
data/edbrowse-3.7.6/src/buffers.c:2471:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int elen = strlen(extra);
data/edbrowse-3.7.6/src/buffers.c:2477:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(q, " ");
data/edbrowse-3.7.6/src/buffers.c:2480:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(q, "\n");
data/edbrowse-3.7.6/src/buffers.c:2485:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(suf, "\n");
data/edbrowse-3.7.6/src/buffers.c:2488:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(q);
data/edbrowse-3.7.6/src/buffers.c:2546:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linesize += strlen(cf->fileName);
data/edbrowse-3.7.6/src/buffers.c:2549:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/edbrowse-3.7.6/src/buffers.c:2577:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/edbrowse-3.7.6/src/buffers.c:2847:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(e, line, mod);
data/edbrowse-3.7.6/src/buffers.c:4179:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocatedLine = allocMem(strlen(cf->fileName) + 3);
data/edbrowse-3.7.6/src/buffers.c:4347:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocatedLine = allocMem(strlen(t) + 8);
data/edbrowse-3.7.6/src/buffers.c:4360:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(allocatedLine);
data/edbrowse-3.7.6/src/buffers.c:5906:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = addTextToBuffer((pst) a, strlen(a), 0, false);
data/edbrowse-3.7.6/src/buffers.c:5973:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(line);
data/edbrowse-3.7.6/src/buffers.c:5989:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rbuf), cw->dot,
data/edbrowse-3.7.6/src/buffers.c:6275:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ql = strlen(addr);
data/edbrowse-3.7.6/src/buffers.c:6277:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ql += subj ? strlen(subj) : 5;
data/edbrowse-3.7.6/src/buffers.c:6280:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ql += strlen(body);
data/edbrowse-3.7.6/src/buffers.c:6300:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *w = allocMem(strlen(line) + 8);
data/edbrowse-3.7.6/src/buffers.c:6607:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen = strlen(text);
data/edbrowse-3.7.6/src/buffers.c:6732:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(newbuf);
data/edbrowse-3.7.6/src/buffers.c:6773:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(newbuf);
data/edbrowse-3.7.6/src/buffers.c:6780:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(cf->fileName);
data/edbrowse-3.7.6/src/buffers.c:6811:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(search);
data/edbrowse-3.7.6/src/cache.c:29:19: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define USLEEP(a) usleep(a) // sleep microsecs
data/edbrowse-3.7.6/src/cache.c:64:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cacheDir = allocMem(strlen(ebUserDir) + 7);
data/edbrowse-3.7.6/src/cache.c:78:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cacheDir = allocMem(strlen(home) + 10);
data/edbrowse-3.7.6/src/cache.c:94:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cacheControl = allocMem(strlen(cacheDir) + 11);
data/edbrowse-3.7.6/src/cache.c:102:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cacheLock = allocMem(strlen(cacheDir) + 6);
data/edbrowse-3.7.6/src/cache.c:106:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cacheFile = allocMem(strlen(cacheDir) + 7);
data/edbrowse-3.7.6/src/cache.c:204:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->textlength = strlen(newrec);
data/edbrowse-3.7.6/src/cache.c:385:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *a = allocMem(strlen(cacheFile) + 5 + 1);
data/edbrowse-3.7.6/src/cache.c:394:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen(newrec);
data/edbrowse-3.7.6/src/cache.c:495:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen(newrec);
data/edbrowse-3.7.6/src/cache.c:555:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->textlength = strlen(newrec);
data/edbrowse-3.7.6/src/cookies.c:47:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int le = strlen(item), lp;
data/edbrowse-3.7.6/src/cookies.c:151:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocMem(strlen(c->path) + strlen(c->domain) + strlen(c->name) +
data/edbrowse-3.7.6/src/cookies.c:151:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocMem(strlen(c->path) + strlen(c->domain) + strlen(c->name) +
data/edbrowse-3.7.6/src/cookies.c:151:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocMem(strlen(c->path) + strlen(c->domain) + strlen(c->name) +
data/edbrowse-3.7.6/src/cookies.c:152:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(c->value) + 128);
data/edbrowse-3.7.6/src/cookies.c:185:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dl = strlen(domain);
data/edbrowse-3.7.6/src/cookies.c:189:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dl > strlen(server))
data/edbrowse-3.7.6/src/cookies.c:191:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(server) - dl;
data/edbrowse-3.7.6/src/cookies.c:265:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!c->path[0] || c->path[strlen(c->path) - 1] != '/')
data/edbrowse-3.7.6/src/cookies.c:400:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dl = strlen(d);
data/edbrowse-3.7.6/src/cookies.c:401:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(s);
data/edbrowse-3.7.6/src/cookies.c:414:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dl = strlen(d);
data/edbrowse-3.7.6/src/cookies.c:415:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(s);
data/edbrowse-3.7.6/src/css.c:132:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s, 20);
data/edbrowse-3.7.6/src/css.c:206:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/edbrowse-3.7.6/src/css.c:370:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!memoryOutToFile(filename, c->data, strlen(c->data),
data/edbrowse-3.7.6/src/css.c:500:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w += strlen(r);
data/edbrowse-3.7.6/src/css.c:819:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = allocMem(strlen(s) + strlen(a) +
data/edbrowse-3.7.6/src/css.c:819:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = allocMem(strlen(s) + strlen(a) +
data/edbrowse-3.7.6/src/css.c:820:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(newurl) + strlen(iu3) + 27);
data/edbrowse-3.7.6/src/css.c:820:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(newurl) + strlen(iu3) + 27);
data/edbrowse-3.7.6/src/css.c:1510:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = allocMem(n + strlen(propname) + 1);
data/edbrowse-3.7.6/src/css.c:1514:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(t);
data/edbrowse-3.7.6/src/css.c:1791:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rc, l = strlen(lang);
data/edbrowse-3.7.6/src/css.c:1900:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(v);
data/edbrowse-3.7.6/src/css.c:1903:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sibs[i].tag, v, l);
data/edbrowse-3.7.6/src/css.c:2015:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(v);
data/edbrowse-3.7.6/src/css.c:2018:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sibs[i].tag, v, l);
data/edbrowse-3.7.6/src/css.c:2144:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(u);
data/edbrowse-3.7.6/src/css.c:2184:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(value);
data/edbrowse-3.7.6/src/css.c:2244:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l1 = strlen(v);
data/edbrowse-3.7.6/src/css.c:2245:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l2 = strlen(value);
data/edbrowse-3.7.6/src/css.c:2900:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = allocMem(strlen(selstring) + 20);
data/edbrowse-3.7.6/src/css.c:3142:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(r->atval) && !stringEqual(r->atval, "none"))
data/edbrowse-3.7.6/src/css.c:3145:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(r->atval)
data/edbrowse-3.7.6/src/css.c:3150:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stringEqual(r->atname, "color") && strlen(r->atval)
data/edbrowse-3.7.6/src/css.c:3179:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = allocMem(strlen(r->atname) + 6);
data/edbrowse-3.7.6/src/css.c:3270:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = allocMem(strlen(rulestring) + 20);
data/edbrowse-3.7.6/src/dbinfx.ec:609:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
$ set isolation to committed read;
data/edbrowse-3.7.6/src/dbinfx.ec:750:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tabname) + strlen(colname) + 42 >= sizeof(blobcmd))
data/edbrowse-3.7.6/src/dbinfx.ec:750:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tabname) + strlen(colname) + 42 >= sizeof(blobcmd))
data/edbrowse-3.7.6/src/dbinfx.ec:821:1: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rv_name[i], v->sqlname, COLNAMELEN);
data/edbrowse-3.7.6/src/dbinfx.ec:924:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(retstring[i]);
data/edbrowse-3.7.6/src/dbinfx.ec:1259:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = allocMem(20+strlen(stmt));
data/edbrowse-3.7.6/src/dbodbc.c:422:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = constring + strlen(constring);
data/edbrowse-3.7.6/src/dbodbc.c:426:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = constring + strlen(constring);
data/edbrowse-3.7.6/src/dbodbc.c:694:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tabname) + strlen(colname) + 42 >= sizeof(blobcmd))
data/edbrowse-3.7.6/src/dbodbc.c:694:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tabname) + strlen(colname) + 42 >= sizeof(blobcmd))
data/edbrowse-3.7.6/src/dbodbc.c:766:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, blobbuf, n) != n) {
data/edbrowse-3.7.6/src/dbodbc.c:1427:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = allocMem(20 + strlen(stmt));
data/edbrowse-3.7.6/src/dbops.c:153:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fmt, perc, t - perc);
data/edbrowse-3.7.6/src/dbops.c:175:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen((char *)n);
data/edbrowse-3.7.6/src/dbops.c:274:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(q);
data/edbrowse-3.7.6/src/dbops.c:460:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/edbrowse-3.7.6/src/dbops.c:467:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s, l);
data/edbrowse-3.7.6/src/dbops.c:476:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/edbrowse-3.7.6/src/dbops.c:483:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(swap, buf, 4);
data/edbrowse-3.7.6/src/dbops.c:484:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, buf + 4, 4);
data/edbrowse-3.7.6/src/dbops.c:485:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 4, swap, 4);
data/edbrowse-3.7.6/src/dbops.c:511:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(swap, buf, 6);
data/edbrowse-3.7.6/src/dbops.c:515:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "-");
data/edbrowse-3.7.6/src/dbops.c:518:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "-");
data/edbrowse-3.7.6/src/dbops.c:577:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(t);
data/edbrowse-3.7.6/src/dbops.c:584:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, t, l);
data/edbrowse-3.7.6/src/dbops.c:600:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/edbrowse-3.7.6/src/dbops.c:772:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= 24)
data/edbrowse-3.7.6/src/dbops.c:802:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(e);
data/edbrowse-3.7.6/src/dbops.c:823:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wherecol, w, e - w);
data/edbrowse-3.7.6/src/dbops.c:841:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(w);
data/edbrowse-3.7.6/src/dbops.c:866:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringAndString(&wcl, &wcllen, date2buf + strlen(date2buf) + 1);
data/edbrowse-3.7.6/src/dbops.c:868:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (w[strlen(w) - 1] == '*') {
data/edbrowse-3.7.6/src/dbops.c:887:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(myTab, s, t - s);
data/edbrowse-3.7.6/src/dbops.c:1072:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = v + strlen(v);
data/edbrowse-3.7.6/src/dbops.c:1078:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(myTab);
data/edbrowse-3.7.6/src/dbops.c:1299:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(lineFields[j]);
data/edbrowse-3.7.6/src/dbops.c:1372:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(inp);
data/edbrowse-3.7.6/src/dbops.c:1413:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inp) > 1) {
data/edbrowse-3.7.6/src/dbops.c:1477:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(unld);
data/edbrowse-3.7.6/src/dbops.c:1481:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(unld);
data/edbrowse-3.7.6/src/dbops.c:1552:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= sizeof(sortstring1))
data/edbrowse-3.7.6/src/dbops.c:1583:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= sizeof(sortstring2))
data/edbrowse-3.7.6/src/dbops.c:1703:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(table1);
data/edbrowse-3.7.6/src/dbops.c:1704:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(table2) > len)
data/edbrowse-3.7.6/src/dbops.c:1705:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(table2);
data/edbrowse-3.7.6/src/dbops.c:1707:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(otherclause);
data/edbrowse-3.7.6/src/dbops.c:1708:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(keycol);
data/edbrowse-3.7.6/src/dbops.c:1779:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(actionWords[i]);
data/edbrowse-3.7.6/src/decorate.c:492:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(myname) < sizeof(namebuf) - 3) {
data/edbrowse-3.7.6/src/decorate.c:591:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(currentTA->value);
data/edbrowse-3.7.6/src/decorate.c:2253:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = s + strlen(s);
data/edbrowse-3.7.6/src/ebjs.c:109:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 100)
data/edbrowse-3.7.6/src/fetchmail.c:435:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cust_cmd, "\"");
data/edbrowse-3.7.6/src/fetchmail.c:613:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_printfExit(MSG_MemAllocError, strlen(f->path) + 12);
data/edbrowse-3.7.6/src/fetchmail.c:1047:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_printfExit(MSG_MemAllocError, strlen(f->path) + 12);
data/edbrowse-3.7.6/src/fetchmail.c:1190:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(scheme) + strlen(account->inurl) + 8);
data/edbrowse-3.7.6/src/fetchmail.c:1190:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(scheme) + strlen(account->inurl) + 8);
data/edbrowse-3.7.6/src/fetchmail.c:1409:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
umf = allocMem(strlen(mailUnread) + 12);
data/edbrowse-3.7.6/src/fetchmail.c:1411:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
umf_end = umf + strlen(umf);
data/edbrowse-3.7.6/src/fetchmail.c:1427:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mailbox_url) + 11);
data/edbrowse-3.7.6/src/fetchmail.c:1498:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
umf = allocMem(strlen(mailUnread) + 12);
data/edbrowse-3.7.6/src/fetchmail.c:1500:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
umf_end = umf + strlen(umf);
data/edbrowse-3.7.6/src/fetchmail.c:1722:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(mailStash);
data/edbrowse-3.7.6/src/fetchmail.c:1767:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(addstash);
data/edbrowse-3.7.6/src/fetchmail.c:1973:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->cfn, al, ar - al);
data/edbrowse-3.7.6/src/fetchmail.c:2000:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->boundary, al, ar - al);
data/edbrowse-3.7.6/src/fetchmail.c:2108:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen = strlen(line);
data/edbrowse-3.7.6/src/fetchmail.c:2209:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(q, prefix[j], strlen(prefix[j])))
data/edbrowse-3.7.6/src/fetchmail.c:2213:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(prefix[j]);
data/edbrowse-3.7.6/src/fetchmail.c:2224:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->subject, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2236:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->reply, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2243:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->mid, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2250:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->ref, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2259:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->from, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2275:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->date, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2289:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w->to, vl, vr - vl);
data/edbrowse-3.7.6/src/fetchmail.c:2609:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/edbrowse-3.7.6/src/fetchmail.c:2625:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2650:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/edbrowse-3.7.6/src/fetchmail.c:2659:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2670:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2678:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2686:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2694:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/edbrowse-3.7.6/src/fetchmail.c:2821:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = headerGlean(buf, buf + strlen(buf));
data/edbrowse-3.7.6/src/fetchmail.c:2830:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocMem(strlen(w->ref) + strlen(w->mid) +
data/edbrowse-3.7.6/src/fetchmail.c:2830:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocMem(strlen(w->ref) + strlen(w->mid) +
data/edbrowse-3.7.6/src/fetchmail.c:2831:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(w->tolist) + strlen(w->cclist) +
data/edbrowse-3.7.6/src/fetchmail.c:2831:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(w->tolist) + strlen(w->cclist) +
data/edbrowse-3.7.6/src/fetchmail.c:2832:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(w->reply) + 6);
data/edbrowse-3.7.6/src/fetchmail.c:2980:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(linetype) - 1;
data/edbrowse-3.7.6/src/fetchmail.c:3055:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(rfh, cw->mailInfo, strlen(cw->mailInfo));
data/edbrowse-3.7.6/src/format.c:381:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/edbrowse-3.7.6/src/format.c:808:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/edbrowse-3.7.6/src/format.c:964:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, ",");
data/edbrowse-3.7.6/src/format.c:988:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(reply);
data/edbrowse-3.7.6/src/format.c:1026:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(r);
data/edbrowse-3.7.6/src/format.c:1248:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nacount += strlen(s) - 1;
data/edbrowse-3.7.6/src/format.c:1263:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(s);
data/edbrowse-3.7.6/src/format.c:1820:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded_len = strlen(data_sep + 1);
data/edbrowse-3.7.6/src/format.c:1825:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_l = strlen(*data);
data/edbrowse-3.7.6/src/format.c:1827:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *data_end = *data + strlen(*data);
data/edbrowse-3.7.6/src/html-tidy.c:247:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = line + strlen(line);
data/edbrowse-3.7.6/src/html.c:139:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(input);
data/edbrowse-3.7.6/src/html.c:168:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
data/edbrowse-3.7.6/src/html.c:170:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iopt, s, len);
data/edbrowse-3.7.6/src/html.c:1116:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (plen = pstLength((pst) p)) + strlen(newtext) - (t - s);
data/edbrowse-3.7.6/src/html.c:1120:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(new + strlen(new), t, plen - (t - p));
data/edbrowse-3.7.6/src/html.c:1140:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(newtext);
data/edbrowse-3.7.6/src/html.c:1415:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char c = pfs[strlen(pfs) - 1];
data/edbrowse-3.7.6/src/html.c:1560:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/edbrowse-3.7.6/src/html.c:1664:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
data/edbrowse-3.7.6/src/html.c:1903:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actlen = strlen(pfs);
data/edbrowse-3.7.6/src/html.c:1917:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(pfs) - actlen; /* the new string could be longer than post */
data/edbrowse-3.7.6/src/html.c:1924:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen += strlen(subj);
data/edbrowse-3.7.6/src/html.c:1926:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen += 11 + (name ? strlen(name) : 1);
data/edbrowse-3.7.6/src/html.c:1935:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(q + strlen(q), pfs + actlen);
data/edbrowse-3.7.6/src/html.c:2126:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 = b1 + strlen(b1);
data/edbrowse-3.7.6/src/html.c:2127:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2 = b2 + strlen(b2);
data/edbrowse-3.7.6/src/html.c:2427:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf),
data/edbrowse-3.7.6/src/html.c:2433:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "%d nodes injected by css",
data/edbrowse-3.7.6/src/html.c:3273:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s + 3, "≫");
data/edbrowse-3.7.6/src/html.c:3501:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u1 - u0 != strlen(recolor) || memcmp(u0, recolor, u1 - u0))
data/edbrowse-3.7.6/src/html.c:3674:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int j = strlen(u0);
data/edbrowse-3.7.6/src/html.c:3681:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(hnum, " ");
data/edbrowse-3.7.6/src/http.c:50:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(name);
data/edbrowse-3.7.6/src/http.c:96:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(g->content, v, sizeof(g->content) - 1);
data/edbrowse-3.7.6/src/http.c:185:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(g->auth_realm, realm,
data/edbrowse-3.7.6/src/http.c:375:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int boundlen = strlen(boundary);
data/edbrowse-3.7.6/src/http.c:376:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int m64len = strlen(message64);
data/edbrowse-3.7.6/src/http.c:412:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b1 += strlen(b1);
data/edbrowse-3.7.6/src/http.c:647:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = ref + strlen(ref);
data/edbrowse-3.7.6/src/http.c:688:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->urlcopy_l = strlen(g->urlcopy);
data/edbrowse-3.7.6/src/http.c:694:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->urlcopy_l = strlen(url);
data/edbrowse-3.7.6/src/http.c:696:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(g->urlcopy, url, g->urlcopy_l);
data/edbrowse-3.7.6/src/http.c:709:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->urlcopy_l = strlen(g->urlcopy);
data/edbrowse-3.7.6/src/http.c:867:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
postb_l ? postb_l : strlen(post));
data/edbrowse-3.7.6/src/http.c:886:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = referrer + strlen(referrer);
data/edbrowse-3.7.6/src/http.c:903:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(prot) == 4 && p - referrer == 5) {
data/edbrowse-3.7.6/src/http.c:1179:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(creds_buf, ":"); /* Flush stale data. */
data/edbrowse-3.7.6/src/http.c:1182:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->urlcopy_l = strlen(g->urlcopy);
data/edbrowse-3.7.6/src/http.c:1359:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
job = allocMem(sizeof(struct BG_JOB) + strlen(g.down_file));
data/edbrowse-3.7.6/src/http.c:1476:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(line);
data/edbrowse-3.7.6/src/http.c:1498:3: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line + j, " %d %40s %40s %d %3s %d",
data/edbrowse-3.7.6/src/http.c:1585:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(line);
data/edbrowse-3.7.6/src/http.c:1859:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(g->urlcopy + g->urlcopy_l++, "/");
data/edbrowse-3.7.6/src/http.c:1932:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(g->urlcopy + g->urlcopy_l++, "/");
data/edbrowse-3.7.6/src/http.c:1995:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(g->urlcopy + g->urlcopy_l, "/");
data/edbrowse-3.7.6/src/http.c:2000:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_slash = g->urlcopy[strlen(g->urlcopy) - 1] == '/';
data/edbrowse-3.7.6/src/http.c:2357:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buffer);
data/edbrowse-3.7.6/src/http.c:2558:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(downDir);
data/edbrowse-3.7.6/src/http.c:2799:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serverDataLen = strlen(serverData);
data/edbrowse-3.7.6/src/http.c:2879:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int j = strlen(cf->fileName);
data/edbrowse-3.7.6/src/http.c:2957:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(t);
data/edbrowse-3.7.6/src/http.c:3055:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(cf->fileName);
data/edbrowse-3.7.6/src/jseng-duk.c:167:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = base64Encode(s, strlen(s), false);
data/edbrowse-3.7.6/src/jseng-duk.c:183:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t2 = t1 + strlen(t1);
data/edbrowse-3.7.6/src/jseng-duk.c:238:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/edbrowse-3.7.6/src/jseng-duk.c:306:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = msg[strlen(msg) - 1];
data/edbrowse-3.7.6/src/jseng-duk.c:317:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = inbuf + strlen(inbuf);
data/edbrowse-3.7.6/src/jseng-duk.c:337:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = msg[strlen(msg) - 1];
data/edbrowse-3.7.6/src/jseng-duk.c:431:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*h && h[strlen(h) - 1] != '\n')
data/edbrowse-3.7.6/src/jseng-duk.c:657:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(fname, "?");
data/edbrowse-3.7.6/src/jseng-duk.c:672:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(fname, "?");
data/edbrowse-3.7.6/src/jseng-duk.c:850:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(nodeName);
data/edbrowse-3.7.6/src/jseng-duk.c:853:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b, nodeName, length);
data/edbrowse-3.7.6/src/jseng-duk.c:1303:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(newcook);
data/edbrowse-3.7.6/src/jseng-duk.c:1335:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loc2 = loc + strlen(loc);
data/edbrowse-3.7.6/src/jseng-duk.c:1943:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/edbrowse-3.7.6/src/jseng-duk.c:1984:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strstr(errorMessage, "callstack") && strlen(callstack)) {
data/edbrowse-3.7.6/src/jseng-duk.c:2052:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nnbuf, nn, 20);
data/edbrowse-3.7.6/src/jseng-duk.c:2055:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nnbuf, "?");
data/edbrowse-3.7.6/src/main.c:109:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(newbuf);
data/edbrowse-3.7.6/src/main.c:115:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(cf->fileName);
data/edbrowse-3.7.6/src/main.c:425:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rlen = strlen(reply);
data/edbrowse-3.7.6/src/main.c:426:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(subj);
data/edbrowse-3.7.6/src/main.c:427:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen = strlen(to);
data/edbrowse-3.7.6/src/main.c:437:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mlen = strlen(m);
data/edbrowse-3.7.6/src/main.c:498:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(ebTempDir);
data/edbrowse-3.7.6/src/main.c:525:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ebUserDir = allocMem(strlen(ebTempDir) + 20);
data/edbrowse-3.7.6/src/main.c:586:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ebrc_string), fp);
data/edbrowse-3.7.6/src/main.c:606:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
configFile = allocMem(strlen(home) + 7);
data/edbrowse-3.7.6/src/main.c:612:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fh, ebrc_string, strlen(ebrc_string));
data/edbrowse-3.7.6/src/main.c:619:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recycleBin = allocMem(strlen(home) + 8);
data/edbrowse-3.7.6/src/main.c:631:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mailStash = allocMem(strlen(recycleBin) + 12);
data/edbrowse-3.7.6/src/main.c:641:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sigFile = allocMem(strlen(home) + 20);
data/edbrowse-3.7.6/src/main.c:643:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sigFileEnd = sigFile + strlen(sigFile);
data/edbrowse-3.7.6/src/main.c:824:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file2 = allocMem(strlen(file) + 10);
data/edbrowse-3.7.6/src/main.c:999:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argl[0] = strlen(allargs);
data/edbrowse-3.7.6/src/main.c:1016:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argl[j] = strlen(s);
data/edbrowse-3.7.6/src/main.c:1361:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = v + strlen(v);
data/edbrowse-3.7.6/src/main.c:1382:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = v + strlen(v);
data/edbrowse-3.7.6/src/main.c:1616:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mailUnread = allocMem(strlen(v) + 20);
data/edbrowse-3.7.6/src/main.c:1624:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mailReply = allocMem(strlen(v) + 20);
data/edbrowse-3.7.6/src/main.c:1961:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (s ? s - u : strlen(u));
data/edbrowse-3.7.6/src/messages.c:73:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(eb_language, s, 7);
data/edbrowse-3.7.6/src/messages.c:167:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf2iso((uchar *) s, strlen(s), (uchar **) & t, &t_len);
data/edbrowse-3.7.6/src/messages.c:255:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errorMsg, a, l);
data/edbrowse-3.7.6/src/plugin.c:33:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i_printfExit(MSG_MemAllocError, strlen(ebUserDir) + 24);
data/edbrowse-3.7.6/src/plugin.c:52:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(suffix);
data/edbrowse-3.7.6/src/plugin.c:65:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/edbrowse-3.7.6/src/plugin.c:81:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
post = filename + strlen(filename);
data/edbrowse-3.7.6/src/plugin.c:88:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(suffix, s, post - s);
data/edbrowse-3.7.6/src/plugin.c:130:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(suffix, s, post - s);
data/edbrowse-3.7.6/src/plugin.c:138:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(prot);
data/edbrowse-3.7.6/src/plugin.c:147:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/edbrowse-3.7.6/src/plugin.c:182:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_length = strlen(url);
data/edbrowse-3.7.6/src/plugin.c:191:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/edbrowse-3.7.6/src/plugin.c:229:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(content);
data/edbrowse-3.7.6/src/plugin.c:239:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/edbrowse-3.7.6/src/sendmail.c:226:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/edbrowse-3.7.6/src/sendmail.c:275:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buf);
data/edbrowse-3.7.6/src/sendmail.c:349:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(subjectLine));
data/edbrowse-3.7.6/src/sendmail.c:351:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(subjiso) >= sizeof(subjectLine)) {
data/edbrowse-3.7.6/src/sendmail.c:393:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf + buflen, n);
data/edbrowse-3.7.6/src/sendmail.c:556:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
debugPrint(6, "encoded %s %s length %d", ct, ce, strlen(buf));
data/edbrowse-3.7.6/src/sendmail.c:617:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/edbrowse-3.7.6/src/sendmail.c:786:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upload.length = strlen(message);
data/edbrowse-3.7.6/src/sendmail.c:970:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fromiso = isoEncode(from, from + strlen(from));
data/edbrowse-3.7.6/src/sendmail.c:982:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = refline + strlen(refline);
data/edbrowse-3.7.6/src/stringfile.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(s);
data/edbrowse-3.7.6/src/stringfile.c:106:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(p);
data/edbrowse-3.7.6/src/stringfile.c:114:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(s);
data/edbrowse-3.7.6/src/stringfile.c:115:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(p);
data/edbrowse-3.7.6/src/stringfile.c:136:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/edbrowse-3.7.6/src/stringfile.c:177:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (char *)memmove(dest, src, strlen(src) + 1);
data/edbrowse-3.7.6/src/stringfile.c:198:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = oldlen + strlen(t);
data/edbrowse-3.7.6/src/stringfile.c:287:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/edbrowse-3.7.6/src/stringfile.c:316:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(s);
data/edbrowse-3.7.6/src/stringfile.c:426:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(search);
data/edbrowse-3.7.6/src/stringfile.c:722:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, chunk, blocksize);
data/edbrowse-3.7.6/src/stringfile.c:1089:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/edbrowse-3.7.6/src/stringfile.c:1091:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "?");
data/edbrowse-3.7.6/src/stringfile.c:1120:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p, "-");
data/edbrowse-3.7.6/src/stringfile.c:1127:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/edbrowse-3.7.6/src/stringfile.c:1130:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(pwbuf->pw_name);
data/edbrowse-3.7.6/src/stringfile.c:1133:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, pwbuf->pw_name, l);
data/edbrowse-3.7.6/src/stringfile.c:1137:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/edbrowse-3.7.6/src/stringfile.c:1141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(grpbuf->gr_name);
data/edbrowse-3.7.6/src/stringfile.c:1144:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, grpbuf->gr_name, l);
data/edbrowse-3.7.6/src/stringfile.c:1148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/edbrowse-3.7.6/src/stringfile.c:1165:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "-");
data/edbrowse-3.7.6/src/stringfile.c:1171:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "?");
data/edbrowse-3.7.6/src/stringfile.c:1173:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = buf + strlen(buf);
data/edbrowse-3.7.6/src/stringfile.c:1174:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, newpath, l);
data/edbrowse-3.7.6/src/stringfile.c:1258:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(0, &c, 1);
data/edbrowse-3.7.6/src/stringfile.c:1268:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(0, &c, 1);
data/edbrowse-3.7.6/src/stringfile.c:1311:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/edbrowse-3.7.6/src/stringfile.c:1321:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(defname);
data/edbrowse-3.7.6/src/stringfile.c:1324:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, defname, l);
data/edbrowse-3.7.6/src/stringfile.c:1422:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->text = (pst) allocMem(strlen(f) + 3);
data/edbrowse-3.7.6/src/stringfile.c:1485:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(var1, line + 1, l);
data/edbrowse-3.7.6/src/stringfile.c:1503:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(udir);
data/edbrowse-3.7.6/src/stringfile.c:1551:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(v);
data/edbrowse-3.7.6/src/stringfile.c:1624:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= sizeof(line2)) {
data/edbrowse-3.7.6/src/stringfile.c:1649:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(downDir) + strlen(line) >= sizeof(line2) - 1) {
data/edbrowse-3.7.6/src/stringfile.c:1649:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(downDir) + strlen(line) >= sizeof(line2) - 1) {
data/edbrowse-3.7.6/src/url.c:52:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(protocols[i].prot) == l &&
data/edbrowse-3.7.6/src/url.c:141:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/edbrowse-3.7.6/src/url.c:178:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/edbrowse-3.7.6/src/url.c:376:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*dalen = strlen(p);
data/edbrowse-3.7.6/src/url.c:501:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (url[strlen(url) - 1] == '/');
data/edbrowse-3.7.6/src/url.c:611:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, ":");
data/edbrowse-3.7.6/src/url.c:619:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s1, l1);
data/edbrowse-3.7.6/src/url.c:624:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + l1, s2, l2);
data/edbrowse-3.7.6/src/url.c:667:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = dir + strlen(dir);
data/edbrowse-3.7.6/src/url.c:706:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
data/edbrowse-3.7.6/src/url.c:727:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hostbuf, "/");
data/edbrowse-3.7.6/src/url.c:729:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostbuf, s, e - s);
data/edbrowse-3.7.6/src/url.c:860:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = allocString(strlen(base) + strlen(rel) + 12);
data/edbrowse-3.7.6/src/url.c:860:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = allocString(strlen(base) + strlen(rel) + 12);
data/edbrowse-3.7.6/src/url.c:883:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n, base, s - base);
data/edbrowse-3.7.6/src/url.c:897:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n, s, l);
data/edbrowse-3.7.6/src/url.c:921:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n, base, l);
data/edbrowse-3.7.6/src/url.c:943:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(n, base, l);
data/edbrowse-3.7.6/src/url.c:965:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/edbrowse-3.7.6/src/url.c:968:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = t + strlen(t);
data/edbrowse-3.7.6/src/url.c:1009:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, base, sizeof(buf) - 1);
data/edbrowse-3.7.6/src/url.c:1011:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/edbrowse-3.7.6/src/url.c:1117:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/edbrowse-3.7.6/src/url.c:1215:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hl = strlen(host);
data/edbrowse-3.7.6/src/url.c:1219:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = pattern + strlen(pattern);
data/edbrowse-3.7.6/src/url.c:1229:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ql = strlen(q);
data/edbrowse-3.7.6/tools/mkproto.c:81:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = getc(f)) != EOF) {
data/edbrowse-3.7.6/tools/mkproto.c:157:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/edbrowse-3.7.6/tools/mkproto.c:185:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(f);
data/edbrowse-3.7.6/win32/dirent.c:101:44: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd = (_TDIR *) malloc (sizeof (_TDIR) + (_tcslen(szFullPath) + _tcslen (SLASH) +
data/edbrowse-3.7.6/win32/dirent.c:101:66: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd = (_TDIR *) malloc (sizeof (_TDIR) + (_tcslen(szFullPath) + _tcslen (SLASH) +
data/edbrowse-3.7.6/win32/dirent.c:102:5: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_tcslen(SUFFIX) + 1) * sizeof(_TCHAR));
data/edbrowse-3.7.6/win32/dirent.c:116:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd->dd_name[_tcslen (nd->dd_name) - 1] != _T('/') &&
data/edbrowse-3.7.6/win32/dirent.c:117:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd->dd_name[_tcslen (nd->dd_name) - 1] != _T('\\'))
data/edbrowse-3.7.6/win32/dirent.c:213:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirp->dd_dir.d_namlen = _tcslen (dirp->dd_dta.name);
ANALYSIS SUMMARY:
Hits = 1058
Lines analyzed = 45908 in approximately 1.21 seconds (37970 lines/second)
Physical Source Lines of Code (SLOC) = 37353
Hits@level = [0] 162 [1] 390 [2] 457 [3] 11 [4] 197 [5] 3
Hits@level+ = [0+] 1220 [1+] 1058 [2+] 668 [3+] 211 [4+] 200 [5+] 3
Hits/KSLOC@level+ = [0+] 32.6614 [1+] 28.3244 [2+] 17.8834 [3+] 5.64881 [4+] 5.35432 [5+] 0.0803148
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.